From 56c60ebbfce6611fb3719dc5eac36aba33f8dcdd Mon Sep 17 00:00:00 2001 From: jomo Date: Sun, 29 Jun 2014 12:40:03 +0200 Subject: [PATCH] add /users/me --- app/controllers/users_controller.rb | 30 +++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 8c2c444..e1eef54 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -3,6 +3,8 @@ class UsersController < ApplicationController require 'open-uri' include MailerHelper + before_filter :set_user, except: [:index, :new, :create, :lost_password, :reset_password] + def index if params[:role] if params[:role].downcase == "staff" @@ -23,11 +25,6 @@ class UsersController < ApplicationController end def show - @user = User.find_by_id(params[:id]) - unless @user - flash[:alert] = "User does not exist!" - redirect_to users_path - end end # SIGNUP @@ -42,7 +39,6 @@ class UsersController < ApplicationController def confirm if current_user - @user = User.find(params[:id]) code = params[:code] if @user && @user.is?(current_user) && code && @user.email_token == code if !confirmed? @@ -77,7 +73,6 @@ class UsersController < ApplicationController end def edit - @user = User.find(params[:id]) unless (mod? && current_user.role >= @user.role) || current_user == @user flash[:alert] = "You are not allowed to edit this user" redirect_to user_path(@user) @@ -138,7 +133,6 @@ class UsersController < ApplicationController end def update - @user = User.find(params[:id]) if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?) if mod? userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :confirmed]) @@ -174,7 +168,6 @@ class UsersController < ApplicationController end def ban - @user = User.find(params[:id]) if mod? && current_user.role >= @user.role @user.role = Role.get :banned flash[:notice] = "'#{@user.name}' has been banned!" @@ -185,7 +178,6 @@ class UsersController < ApplicationController end def unban - @user = User.find(params[:id]) if mod? && current_user.role >= @user.role @user.role = Role.get :normal flash[:notice] = "\"#{@user.name}\" has been unbanned!" @@ -196,7 +188,6 @@ class UsersController < ApplicationController end def destroy - @user = User.find(params[:id]) if superadmin? if @user.destroy flash[:notice] = "User deleted forever." @@ -212,7 +203,6 @@ class UsersController < ApplicationController end def edit_notifications - @user = User.find(params[:id]) unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? flash[:alert] = "You are not allowed to edit this user's notification settings!" redirect_to @user @@ -220,7 +210,6 @@ class UsersController < ApplicationController end def edit_login - @user = User.find(params[:id]) unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? flash[:alert] = "You are not allowed to edit this user's login details!" redirect_to @user @@ -228,7 +217,6 @@ class UsersController < ApplicationController end def update_login - @user = User.find(params[:id]) if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password]) if params[:user][:password].present? @@ -310,6 +298,20 @@ class UsersController < ApplicationController user_token && user_token.destroy end + def set_user + id = params[:id] + if id == "me" + if current_user + id = current_user.id + else + flash[:alert] = "Please log in" + redirect_to login_path(return_path: request.env['PATH_INFO']) + return + end + end + @user = User.find(id) + end + def user_params(add = []) a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention] + add params.require(:user).permit(a)