fixed routes, fixed become/revert

2014-05-01 20:56:03 +02:00
parent c2b9b1fdd7
commit c85364fdd1
4 changed files with 57 additions and 46 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -39,7 +39,50 @@ class SessionsController < ApplicationController
  end

  def destroy
-    session.delete(:user_id)
-    redirect_to login_path, :notice => "Logged out!"
+    if original_user = User.find_by_id(session[:original_user_id])
+      logout_user = current_user
+      session[:user_id] = original_user.try(:id)
+      session.delete(:original_user_id)
+      flash[:notice] = "You are no longer #{logout_user.name}!"
+      redirect_to original_user
+    else
+      session.delete(:user_id)
+      redirect_to login_path, :notice => "Logged out!"
+    end
+  end
+
+  def become
+    original_user = current_user
+    new_user = User.find_by_id(params[:user])
+    if original_user && new_user && admin? && current_user.role >= new_user.role
+      if original_user == new_user
+        flash[:alert] = "You are already \"#{new_user.name}\"!"
+      else
+        if session[:original_user_id]
+          flash[:alert] = "Please revert to your account first"
+        else
+          session[:original_user_id] = original_user.id
+          session[:user_id] = new_user.id
+          flash[:notice] = "You are now \"#{new_user.name}\"!"
+        end
+      end
+    else
+      flash[:alert] = "You are not allowed to become this user"
+    end
+    redirect_to new_user
+  end
+
+  def revert
+    if old_user = current_user
+      original_user = User.find_by_id(session[:original_user_id])
+      if original_user && original_user.try(:admin?)
+        session.delete(:original_user_id)
+        session[:user_id] = original_user.try(:id)
+        flash[:notice] = "You are no longer '#{old_user.name}'!"
+      end
+      redirect_to old_user
+    else
+      redirect_to login_path
+    end
  end
 end