Class: UsersController

Inherits:
ApplicationController show all
Defined in:
frontend/app/controllers/users_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#archivesspace, can_access?, permission_mappings, set_access_control

Instance Method Details

#activateObject 



203
204
205
206
207
208
209
210
 
# File 'frontend/app/controllers/users_controller.rb', line 203

def activate
  if JSONModel::HTTP::get_json("/users/#{params[:id]}/activate")
    flash[:success] = t("user._frontend.messages.activated")
  else
    flash[:error] = t("user._frontend.messages.error_activate")
  end
  redirect_to :action => :index
end

#completeObject 



53
54
55
56
57
58
59
60
61
62
63
 
# File 'frontend/app/controllers/users_controller.rb', line 53

def complete
  query = params[:query].strip
  if !query.empty?
    begin
      return render :json => JSONModel::HTTP::get_json("/users/complete", :query => params[:query])
    rescue
    end
  end

  render :json => []
end

#createObject 



165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
 
# File 'frontend/app/controllers/users_controller.rb', line 165

def create
  handle_crud(:instance => :user,
              :params_check => ->(obj, params) {
                ['password', 'confirm_password'].each do |field|
                  if params['user'][field].blank?
                    obj.add_error(field, "Can't be empty")
                  end
                end
                if params['user']['password'] != params['user']['confirm_password']
                  obj.add_error('confirm_password', "entered value didn't match password")
                end
                s = params['user']['username'].downcase.strip
                if s.blank?
                  obj.add_error('username', "Can't be empty")
                elsif s !~ /\A[a-zA-Z0-9\-_. @]+\z/ || s =~ /  +/
                  obj.add_error('username', 'invalid characters')
                end
              },
              :on_invalid => ->() {
                flash[:error] = t("user._frontend.messages.error_create")
                render :action => "new"
              },
              :on_valid => ->(id) {
                if session[:user]
                  flash[:success] = "#{t("user._frontend.messages.created")}: #{params['user']['username']}"
                  redirect_to :controller => :users, :action => :index
                else
                  backend_session = User.(params['user']['username'],
                                             params['user']['password'])

                  User.establish_session(self, backend_session, params['user']['username'])

                  redirect_to :controller => :welcome, :action => :index

                end
              })
end

#current_recordObject 



35
36
37
 
# File 'frontend/app/controllers/users_controller.rb', line 35

def current_record
  @user
end

#deactivateObject 



212
213
214
215
216
217
218
219
 
# File 'frontend/app/controllers/users_controller.rb', line 212

def deactivate
  if JSONModel::HTTP::get_json("/users/#{params[:id]}/deactivate")
    flash[:success] = t("user._frontend.messages.deactivated")
  else
    flash[:error] = t("user._frontend.messages.error_deactivate")
  end
  redirect_to :action => :index
end

#deleteObject 



95
96
97
98
99
100
101
 
# File 'frontend/app/controllers/users_controller.rb', line 95

def delete
  user = JSONModel(:user).find(params[:id])
  user.delete

  flash[:success] = t("user._frontend.messages.deleted")
  redirect_to(:controller => :users, :action => :index, :deleted_uri => user.uri)
end

#editObject 



65
66
67
68
69
70
71
72
73
74
 
# File 'frontend/app/controllers/users_controller.rb', line 65

def edit
  @user = JSONModel(:user).find(params[:id])

  if @user.is_system_user and not user_is_global_admin?
    flash[:error] = t("user._frontend.messages.access_denied")
    redirect_to(:controller => :users, :action => :index) and return
  end

  render action: "edit"
end

#edit_groupsObject 



83
84
85
86
87
88
89
90
91
92
93
 
# File 'frontend/app/controllers/users_controller.rb', line 83

def edit_groups
  @user = JSONModel(:user).from_hash(JSONModel::HTTP::get_json("/repositories/#{session[:repo_id]}/users/#{params[:id]}"))

  if @user.is_system_user or @user.is_admin
    flash[:error] = t("user._frontend.messages.group_not_required")
    redirect_to(:controller => :users, :action => :index) and return
  end

  @groups = JSONModel(:group).all
  render action: "edit_groups"
end

#edit_selfObject 



76
77
78
79
80
81
 
# File 'frontend/app/controllers/users_controller.rb', line 76

def edit_self
  @user = JSONModel(:user).find('current-user')
  @self_edit = true

  render action: "edit_self"
end

#indexObject 



15
16
17
18
19
20
21
22
 
# File 'frontend/app/controllers/users_controller.rb', line 15

def index
  @search_data = JSONModel(:user).all(
    page: selected_page,
    page_size: 50,
    sort_field: params.fetch(:sort, :username),
    sort_direction: params.fetch(:direction, :asc)
  )
end

#manage_accessObject 



24
25
26
27
28
29
30
31
32
33
 
# File 'frontend/app/controllers/users_controller.rb', line 24

def manage_access
  @search_data = JSONModel(:user).all(
    page: selected_page,
    page_size: 50,
    sort_field: params.fetch(:sort, :username),
    sort_direction: params.fetch(:direction, :asc)
  )
  @manage_access = true
  render :action => "index"
end

#newObject 



44
45
46
47
48
49
50
51
 
# File 'frontend/app/controllers/users_controller.rb', line 44

def new
  if AppConfig[:allow_user_registration] or (session['user'] and user_can? 'manage_users')
    @user = JSONModel(:user).new._always_valid!
    render action: "new"
  else
    redirect_to(:controller => :welcome, :action => :index)
  end
end

#password_formObject 



221
 
# File 'frontend/app/controllers/users_controller.rb', line 221

def password_form; end

#recover_passwordObject 



223
224
225
226
227
228
229
230
231
232
233
234
235
236
 
# File 'frontend/app/controllers/users_controller.rb', line 223

def recover_password
  if !AppConfig[:allow_password_reset]
    flash[:error] = I18n.t("user._frontend.messages.password_reset_not_allowed", email: params.fetch(:email))
  else
    result = User.recover_password(params.fetch(:email, nil))
    if result[:status] == :success || result[:status] == :not_found
      flash[:success] = I18n.t("user._frontend.messages.password_reset_email_sent", email: params.fetch(:email))
    else
      flash[:error] = result[:error]
    end
  end

  redirect_to action: :password_form
end

#showObject 



39
40
41
42
 
# File 'frontend/app/controllers/users_controller.rb', line 39

def show
  @user = JSONModel(:user).find(params[:id])
  render action: "show"
end

#updateObject 



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'frontend/app/controllers/users_controller.rb', line 103

def update
  handle_crud(:instance => :user,
              :obj => JSONModel(:user).find(params[:id]),
              :params_check => ->(obj, params) {
                if params['user']['password'] || params['user']['confirm_password']
                  if params['user']['password'] != params['user']['confirm_password']
                    obj.add_error('confirm_password', "entered value didn't match password")
                  end
                end
              },
              :on_invalid => ->() {
                flash[:error] = t("user._frontend.messages.error_update")
                render :action => "edit"
              },
              :on_valid => ->(id) {
                flash[:success] = t("user._frontend.messages.updated")
                redirect_to :action => :index
              })
end

#update_groupsObject 



143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
 
# File 'frontend/app/controllers/users_controller.rb', line 143

def update_groups
  groups = Array(params[:groups])

  uri = "/users/#{params[:id]}/groups"
  response = JSONModel::HTTP.post_form(URI(uri),
                                       'groups[]' => groups,
                                       :remove_groups => groups.empty?,
                                       :repo_id => session[:repo_id]
                                       )

  if response.code === '200'
    flash[:success] = t("user._frontend.messages.updated")
    redirect_to :action => :manage_access
  else
    flash[:error] = t("user._frontend.messages.error_update")
    @groups = JSONModel(:group).all if user_can?('manage_repository')

    render :action => :edit_groups
  end
end

#update_passwordObject 



238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
 
# File 'frontend/app/controllers/users_controller.rb', line 238

def update_password
  user_id = JSONModel(:user).id_for(session["user_uri"])
  unless params[:password] == params[:confirm_password]
    flash[:error] = I18n.t('login.password_mismatch_error')
    return redirect_to action: :password_form
  end

  # it just seems wrong to allow single character or three letter word
  # passwords. It is still allowed; but if you forget your single
  # character or three letter word password your punishment is this requirement.
  # A future refactor could make these thresholds settable in AppConfig...
  score = Zxcvbn.test(params[:password])
  if score.entropy < 12 || score.crack_time < 2
    flash[:error] = I18n.t('login.password_too_simple')
    return redirect_to action: :password_form
  end

  response = JSONModel::HTTP.post_form("/users/#{user_id}/password", {
                                         password: params[:password]
                                       })
  if response.code == "200"
    reset_session
    flash[:success] = I18n.t('login.password_update_success')
    return redirect_to controller: :welcome, action: :index, login: true
  else
    flash[:error] = I18n.t('login.password_update_error')
    return redirect_to action: :password_form, login: true
  end
end

#update_selfObject 



123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'frontend/app/controllers/users_controller.rb', line 123

def update_self
  handle_crud(:instance => :user,
              :obj => obj = JSONModel(:user).find('current-user'),
              :params_check => ->(obj, params) {
                if params['user']['password'] || params['user']['confirm_password']
                  if params['user']['password'] != params['user']['confirm_password']
                    obj.add_error('confirm_password', "entered value didn't match password")
                  end
                end
              },
              :on_invalid => ->() {
                flash[:error] = t("user._frontend.messages.error_update")
                render :action => "edit_self"
              },
              :on_valid => ->(id) {
                flash[:success] = t("user._frontend.messages.updated")
                redirect_to :action => "edit_self"
              })
end