Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 108
- Log:
Substantial changes and additions to Hub. Now in a state where
it will integrate with other applications to an acceptable level.
Requires HubSsoLib gem 0.0.4 or later - see Changeset #107.
- Author:
- adh
- Date:
- Mon Oct 23 18:16:22 +0100 2006
- Size:
- 12621 Bytes
1 | class AccountController < ApplicationController |
2 | |
3 | layout 'default.rhtml' |
4 | |
5 | # Action permissions for this class as a class variable, exposed |
6 | # to the public through a class method. |
7 | |
8 | @@hubssolib_permissions = HubSsoLib::Permissions.new({ |
9 | :change_password => [ :admin, :webmaster, :privileged, :normal ], |
10 | :change_details => [ :admin, :webmaster, :privileged, :normal ], |
11 | :delete => [ :admin, :webmaster, :privileged, :normal ], |
12 | :delete_confirm => [ :admin, :webmaster, :privileged, :normal ], |
13 | :list => [ :admin, :webmaster, :privileged ], |
14 | :show => [ :admin, :webmaster ], |
15 | :edit_roles => [ :admin ], |
16 | :destroy => [ :admin ] |
17 | }) |
18 | |
19 | def AccountController.hubssolib_permissions |
20 | @@hubssolib_permissions |
21 | end |
22 | |
23 | # Set up the notification mailer. |
24 | observer :user_observer |
25 | |
26 | # HTTPS enforcement |
27 | before_filter :hubssolib_ensure_https |
28 | |
29 | # The "proper" login method |
30 | # |
31 | def login |
32 | @title = 'Log in' |
33 | return unless request.post? |
34 | |
35 | @email = params[:email] |
36 | self.hubssolib_current_user = from_real_user(User.authenticate(@email, params[:password])) |
37 | |
38 | if (self.hubssolib_current_user and self.hubssolib_current_user != :false) |
39 | hubssolib_set_last_used(Time.now.utc) |
40 | |
41 | privileges = self.hubssolib_current_user.roles.to_authenticated_roles.to_human_s.downcase |
42 | hubssolib_set_flash(:notice, "Logged in successfully. Welcome, #{self.hubssolib_current_user.real_name}. You have #{privileges} privileges.") |
43 | hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) |
44 | else |
45 | flash[:alert] = 'Incorrect e-mail address or password.' |
46 | end |
47 | end |
48 | |
49 | # Log out the user and redirect to the Tasks controller. |
50 | # |
51 | def logout |
52 | @title = 'Log out' |
53 | hubssolib_log_out() |
54 | flash[:attention] = 'You are now logged out.' |
55 | redirect_to :controller => 'tasks', :action => nil |
56 | end |
57 | |
58 | def signup |
59 | @title = 'Sign up' |
60 | return unless request.post? |
61 | |
62 | # Bulk assignment from the params hash is safe because the User object |
63 | # contains nothing that won't be overwritten anyway or isn't already |
64 | # protected by attr_accessible in the User model. |
65 | |
66 | @user = User.new(params[:user]) |
67 | |
68 | # Are there any users yet? If not, grant this user admin permissions. |
69 | # Administrators are for just this application; whether or not admin |
70 | # privileges affect other applications depends on the level of external |
71 | # SSO integration. |
72 | |
73 | users = User.find_all |
74 | |
75 | if (users.empty? or users.nil?) |
76 | @user.roles = HubSsoLib::Roles.new(true).to_s |
77 | @user.save! |
78 | @user.activate |
79 | self.hubssolib_current_user = from_real_user(@user) |
80 | |
81 | flash[:notice] = 'Thanks for signing up. You are now the system administrator ' << |
82 | 'and your account has been automatically activated.' |
83 | else |
84 | |
85 | @user.roles = HubSsoLib::Roles.new(false).to_s |
86 | @user.save! |
87 | |
88 | flash[:notice] = 'Thanks for signing up. Your site account must be activated ' << |
89 | 'before you can use it - please check your e-mail account ' << |
90 | 'for a message which tells you what you should do next.' |
91 | end |
92 | |
93 | redirect_to :controller => 'tasks', :action => nil |
94 | |
95 | rescue ActiveRecord::RecordInvalid |
96 | render :action => 'signup' |
97 | end |
98 | |
99 | def activate |
100 | activation_code = params[:activation_code] || params[:id] |
101 | |
102 | unless activation_code.nil? |
103 | @user = User.find_by_activation_code(activation_code) |
104 | |
105 | if @user and @user.activate |
106 | self.hubssolib_current_user = from_real_user(@user) |
107 | |
108 | hubssolib_set_flash(:notice, 'Your RISC OS Open web site account is now active.') |
109 | hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) |
110 | else |
111 | flash[:alert] = 'Unable to activate your RISC OS Open web site account. ' << |
112 | 'Is the activation code correct, or has it already been used? ' << |
113 | 'If in doubt please try to sign up again. Contact ROOL if you ' << |
114 | 'keep having trouble.' |
115 | |
116 | redirect_to :controller => 'account', :action => 'signup' |
117 | end |
118 | else |
119 | redirect_to :controller => 'account', :action => 'signup' |
120 | end |
121 | end |
122 | |
123 | def change_password |
124 | @title = 'Change password' |
125 | return unless request.post? |
126 | |
127 | user = to_real_user(self.hubssolib_current_user) |
128 | |
129 | if User.authenticate(user.email, params[:old_password]) |
130 | if (params[:password] == params[:password_confirmation]) |
131 | user.password_confirmation = params[:password_confirmation] |
132 | user.password = params[:password] |
133 | save_password_and_set_flash(user) |
134 | self.hubssolib_current_user = from_real_user(user) |
135 | |
136 | redirect_to :controller => 'tasks', :action => nil |
137 | else |
138 | set_password_mismatch_flash |
139 | @old_password = params[:old_password] |
140 | end |
141 | else |
142 | flash[:alert] = 'Incorrect current password.' |
143 | end |
144 | end |
145 | |
146 | def change_details |
147 | @title = 'Update account details' |
148 | @user = to_real_user(self.hubssolib_current_user) |
149 | @real_name = @user ? @user.real_name || '' : '' |
150 | |
151 | return unless request.post? |
152 | |
153 | if (params[:real_name]) |
154 | @user.real_name = @real_name = params[:real_name] |
155 | @user.save! |
156 | self.hubssolib_current_user = from_real_user(@user) |
157 | |
158 | flash[:notice] = 'Account details updated successfully.' |
159 | redirect_to :controller => 'tasks', :action => nil |
160 | end |
161 | end |
162 | |
163 | def forgot_password |
164 | @title = 'Forgotten password' |
165 | return unless request.post? |
166 | |
167 | if @user = User.find_by_email(params[:email]) |
168 | @user.forgot_password |
169 | @user.save! |
170 | self.hubssolib_current_user = from_real_user(@user) |
171 | |
172 | flash[:notice] = 'An e-mail message which tells you how to reset your ' << |
173 | 'account password has been set to your e-mail address.' |
174 | |
175 | redirect_to :controller => 'tasks', :action => nil |
176 | else |
177 | flash[:alert] = 'No account was found for the given e-mail address.' |
178 | end |
179 | end |
180 | |
181 | def reset_password |
182 | @title = 'Reset password' |
183 | |
184 | if params[:id].nil? |
185 | hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) |
186 | return |
187 | end |
188 | |
189 | @user = User.find_by_password_reset_code(params[:id]) |
190 | |
191 | if (@user.nil?) |
192 | hubssolib_set_flash(:alert, 'Invalid reset code. Did your e-mail client break up the reset ' << |
193 | 'link so it spanned more than one line? If so, please try again, ' << |
194 | 'copying all of the link in the message however many lines it spans.') |
195 | |
196 | hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) |
197 | return |
198 | end |
199 | |
200 | t = Time.now.utc |
201 | if (t >= (@user.password_reset_code_expires_at || t)) # Allows for 'nil' in expiry field |
202 | flash[:alert] = 'The reset code has expired. Please try your reset request again.' |
203 | redirect_to :controller => 'account', :action => 'forgot_password' |
204 | return |
205 | end |
206 | |
207 | unless params[:password] |
208 | flash[:alert] = 'Reset your password using the form below.' |
209 | return |
210 | end |
211 | |
212 | if (params[:password] == params[:password_confirmation]) |
213 | @user.password_confirmation = params[:password_confirmation] |
214 | @user.password = params[:password] |
215 | @user.reset_password |
216 | save_password_and_set_flash(@user) |
217 | self.hubssolib_current_user = from_real_user(@user) |
218 | redirect_to :controller => 'tasks', :action => nil |
219 | return |
220 | else |
221 | set_password_mismatch_flash |
222 | return |
223 | end |
224 | end |
225 | |
226 | def delete |
227 | flash[:alert] = 'Are you sure?' |
228 | title = 'Delete account: Are you sure?' |
229 | end |
230 | |
231 | def delete_confirm |
232 | me = to_real_user(self.hubssolib_current_user) |
233 | hubssolib_log_out() |
234 | me.destroy |
235 | |
236 | flash.clear |
237 | flash[:attention] = 'Your account has been deleted.' |
238 | redirect_to :controller => 'tasks', :action => nil |
239 | end |
240 | |
241 | def list |
242 | @title = 'List of user accounts' |
243 | @users = User.find_all |
244 | end |
245 | |
246 | def show |
247 | @title = 'User account details' |
248 | @user = User.find(params[:id]) |
249 | end |
250 | |
251 | def edit_roles |
252 | @title = 'Edit account roles' |
253 | |
254 | # We must have a valid ID |
255 | |
256 | unless (request.post?) and (params[:id]) and (@user = User.find(params[:id])) |
257 | redirect_to :controller => tasks, :action => nil |
258 | return |
259 | end |
260 | |
261 | # If 'commit' is present, the form was submitted with details rather than |
262 | # visited from a list or account details view. |
263 | |
264 | return unless (params[:commit]) |
265 | |
266 | # Validate the result |
267 | |
268 | roles = (params[:user] ? params[:user][:roles] : '').to_authenticated_roles |
269 | |
270 | unless (roles.validate) |
271 | flash[:alert] = 'Invalid roles chosen. Ensure at least one item in the list is selected.' |
272 | else |
273 | @user.roles = roles.to_s |
274 | @user.save! |
275 | |
276 | # Did I update my own roles? |
277 | |
278 | if (self.hubssolib_current_user.id == @user.id) |
279 | self.hubssolib_current_user = from_real_user(@user) |
280 | end |
281 | |
282 | flash[:notice] = 'Account roles updated successfully.' |
283 | redirect_to :action => 'show', :id => @user.id |
284 | end |
285 | end |
286 | |
287 | def destroy |
288 | user = User.find(params[:id]) |
289 | |
290 | if (user.id == self.hubssolib_current_user.id) |
291 | flash[:alert] = 'Please use the normal control panel to delete your own account.' |
292 | elsif (user.roles.to_authenticated_roles.include?(:admin)) |
293 | flash[:alert] = 'You cannot destroy an administrator account from here! ' << |
294 | 'You can only do that at the control panel when ' << |
295 | 'logged into the account, or at the database level.' |
296 | else |
297 | user.destroy |
298 | flash[:alert] = 'The account has been deleted.' |
299 | end |
300 | |
301 | redirect_to :action => 'list' |
302 | end |
303 | |
304 | protected |
305 | |
306 | # Pass a HubSsoLib::User object. Returns an equivalent User Model object. |
307 | # |
308 | def to_real_user(user) |
309 | return nil if user.nil? |
310 | raise 'Incorrect argument class' unless user.class == HubSsoLib::User |
311 | |
312 | real_user = User.find(user.id) |
313 | raise 'No equivalent real user' unless real_user |
314 | |
315 | real_user.salt = user.salt |
316 | real_user.roles = user.roles |
317 | real_user.activated_at = user.activated_at |
318 | real_user.real_name = user.real_name |
319 | real_user.crypted_password = user.crypted_password |
320 | real_user.remember_token_expires_at = user.remember_token_expires_at |
321 | real_user.activation_code = user.activation_code |
322 | real_user.member_id = user.member_id |
323 | real_user.password_reset_code = user.password_reset_code |
324 | real_user.remember_token = user.remember_token |
325 | real_user.email = user.email |
326 | real_user.password_reset_code_expires_at = user.password_reset_code_expires_at |
327 | |
328 | return real_user |
329 | end |
330 | |
331 | # Pass a User Model object. Returns an equivalent HubSsoLib::User object. |
332 | # |
333 | def from_real_user(real_user) |
334 | return nil if real_user.nil? |
335 | raise 'Incorrect argument class' unless real_user.class == User |
336 | |
337 | user = HubSsoLib::User.new |
338 | |
339 | user.salt = real_user.salt |
340 | user.roles = real_user.roles |
341 | user.updated_at = real_user.updated_at |
342 | user.activated_at = real_user.activated_at |
343 | user.real_name = real_user.real_name |
344 | user.crypted_password = real_user.crypted_password |
345 | user.remember_token_expires_at = real_user.remember_token_expires_at |
346 | user.activation_code = real_user.activation_code |
347 | user.member_id = real_user.member_id |
348 | user.id = real_user.id |
349 | user.password_reset_code = real_user.password_reset_code |
350 | user.remember_token = real_user.remember_token |
351 | user.email = real_user.email |
352 | user.created_at = real_user.created_at |
353 | user.password_reset_code_expires_at = real_user.password_reset_code_expires_at |
354 | |
355 | return user |
356 | end |
357 | |
358 | def save_password_and_set_flash(user) |
359 | user.save ? |
360 | flash[:notice] = 'Your password has been changed.' : |
361 | flash[:alert] = 'Sorry, your password could not be changed.' |
362 | end |
363 | |
364 | def set_password_mismatch_flash |
365 | flash[:alert] = 'The new password differed from the password confirmation you entered.' |
366 | end |
367 | end |