Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 120
- Log:
Hub integration. RForum Users are lazy-created when Hub users, logged in,
visit RForum for the first time. RForum navigation links to log in and
out or change settings all point at Hub. Webmaster and adminstrator roles
in Hub map to administrator permissions in RForum; in addition to the
RForum permission management system, though, added Hub permissions hashes
to various controllers to include Hub authorisation too. Two layers can't
hurt and it means sensible return-to'd redirections to Hub for some
action types.Corrected grammar on deletion confirmation messages and tidied up a few
templates here and there, too.
- Author:
- adh
- Date:
- Sat Oct 28 23:53:03 +0100 2006
- Size:
- 5256 Bytes
1 | class UserController < ApplicationController |
2 | |
3 | # Use HubSsoLib for permissions management, as a layer on top of |
4 | # the provision within RForum. The ":nobody" entries are a bit of |
5 | # a hack - any unrecognised role would do, since it means that |
6 | # nobody will ever have that role; thus, no permission. |
7 | |
8 | @@hubssolib_permissions = HubSsoLib::Permissions.new({ |
9 | :show => [ :admin, :webmaster, :privileged, :normal ], |
10 | :list => [ :admin, :webmaster ], |
11 | :login => [ :nobody ], |
12 | :register => [ :nobody ], |
13 | :register_complete => [ :nobody ] |
14 | }) |
15 | |
16 | def UserController.hubssolib_permissions |
17 | @@hubssolib_permissions |
18 | end |
19 | |
20 | def login |
21 | @title = l(:login_title) |
22 | |
23 | if @params['submit'] |
24 | user = User.find_by_login(@params['name'], @params['password']) |
25 | if user |
26 | # login successful |
27 | @user = user |
28 | flash[:attention] = "You are now logged in to the forum." |
29 | return_to_last_remembered |
30 | else |
31 | # login failed |
32 | @error = l(:login_failed) |
33 | end |
34 | end |
35 | |
36 | if @params['i_forgot_my_password'] |
37 | user = User.find_by_name(@params['name']) |
38 | if user |
39 | key = user.generate_security_token |
40 | reset_url = url_for({:controller=>'user', :action=>'edit'}) + "?user_id=#{user.id}&key=#{key}" |
41 | Mailer.deliver_reset_password(user, reset_url) |
42 | |
43 | flash[:attention] = "An e-mail message explaining how to change your password has been sent." |
44 | redirect_to :controller => 'forum', :action => 'list' |
45 | else |
46 | @error = l(:no_user_with_this_name) |
47 | end |
48 | end |
49 | end |
50 | |
51 | def logout |
52 | @user = Guest.new |
53 | flash[:attention] = "You are now logged out of the forum." |
54 | redirect_to :controller => 'forum', :action => 'list' |
55 | end |
56 | |
57 | def edit |
58 | @title = l(:user_settings_title) |
59 | |
60 | if @params['form'] |
61 | # some form was submitted (there are several in the user/edit view) |
62 | # need to update user details |
63 | user_id = @params['new_user'].delete('id').to_i |
64 | raise RForum::SecurityError unless @user.can_change_user_settings?(user_id) |
65 | begin |
66 | case @params['form'] |
67 | when 'edit_user' |
68 | changeable_fields = ['firstname', 'surname'] |
69 | user_params = @params['new_user'].delete_if {|k,v| not changeable_fields.include?(k) } |
70 | User.update(user_id, user_params) |
71 | redirect_to :action => 'edit' |
72 | when 'change_password' |
73 | change_password(user_id, @params['new_user']) |
74 | return_to_last_remembered |
75 | else |
76 | raise ArgumentError.new("Unknown form #{@params['form']}") |
77 | end |
78 | rescue RForum::ValidationError => e |
79 | render_edit_form(e.entity) |
80 | end |
81 | else |
82 | # no form submitted yet; show user details |
83 | render_edit_form(@user) |
84 | end |
85 | end |
86 | |
87 | def register |
88 | @title = l(:register_title) |
89 | |
90 | if @params['new_user'].nil? |
91 | # Show form with a new user object |
92 | @new_user = User.new |
93 | else |
94 | begin |
95 | @new_user = User.create(@params['new_user']) |
96 | password = @new_user.tell_and_forget_unencrypted_password |
97 | |
98 | Mailer.deliver_registration_mail(@new_user, password, |
99 | url_for({ :controller => 'user', :action => 'login' })) |
100 | |
101 | @title = l(:registration_complete_title) |
102 | render_action 'registration_complete' |
103 | rescue RForum::ValidationError => e |
104 | @new_user = e.entity |
105 | # and go back to the form |
106 | end |
107 | end |
108 | end |
109 | |
110 | def show |
111 | @title = 'User information' |
112 | begin |
113 | @selected_user = User.find(@params['id']) |
114 | rescue |
115 | @selected_user = Guest.new('Unknown user', '') |
116 | end |
117 | |
118 | if @params['send_message'] and !@user.guest? |
119 | @text = @params['text'].strip |
120 | if @text.empty? |
121 | @error_message = l(:user_message_empty) |
122 | else |
123 | Mailer.deliver_user_message(@user, @selected_user, @text) |
124 | @message_sent = true |
125 | @text = nil |
126 | end |
127 | end |
128 | end |
129 | |
130 | def list |
131 | @title = l(:user_list_title) |
132 | |
133 | @users = User.find_all |
134 | end |
135 | |
136 | protected |
137 | |
138 | def render_edit_form(user) |
139 | raise RForum::SecurityError.new if user.guest? |
140 | @new_user = user |
141 | # actual password values should always be hidden, even on re-render with errors, |
142 | # because we don't want to pass password values in plain HTML. |
143 | # If user makes a mistake the first time, s/he will have to retype all passwords again. |
144 | @new_user.reset_password_fields |
145 | render_action 'register' |
146 | end |
147 | |
148 | def change_password(user_id, attributes) |
149 | # make sure that user exists |
150 | user = User.find(user_id) |
151 | |
152 | # copy the password field values from attributes |
153 | user.new_password = attributes['new_password'].to_s |
154 | user.retyped_password = attributes['retyped_password'].to_s |
155 | |
156 | if user.new_password != user.retyped_password |
157 | user.errors.add('retyped_password', l(:retyped_password_mismatch)) |
158 | end |
159 | |
160 | if user.new_password.length < 6 |
161 | user.errors.add('new_password', l(:password_too_short)) |
162 | end |
163 | raise RForum::ValidationError.new(user) unless user.errors.empty? |
164 | |
165 | user.encrypt_password(user.new_password) |
166 | user.save |
167 | end |
168 | |
169 | end |