mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 201 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17164 Commits
33 Branches
Tree: 864e80652d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '864e80652d'
${ noResults }
redmine/app/controllers/users_controller.rb

users_controller.rb 7.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 
  1. # frozen_string_literal: true

  2. 

  3. # Redmine - project management software

  4. # Copyright (C) 2006-2022  Jean-Philippe Lang

  5. #

  6. # This program is free software; you can redistribute it and/or

  7. # modify it under the terms of the GNU General Public License

  8. # as published by the Free Software Foundation; either version 2

  9. # of the License, or (at your option) any later version.

  10. #

  11. # This program is distributed in the hope that it will be useful,

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  14. # GNU General Public License for more details.

  15. #

  16. # You should have received a copy of the GNU General Public License

  17. # along with this program; if not, write to the Free Software

  18. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19. 

  20. class UsersController < ApplicationController

  21.   layout 'admin'

  22.   self.main_menu = false

  23. 

  24.   before_action :require_admin, :except => :show

  25.   before_action lambda {find_user(false)}, :only => :show

  26.   before_action :find_user, :only => [:edit, :update, :destroy]

  27.   accept_api_auth :index, :show, :create, :update, :destroy

  28. 

  29.   helper :sort

  30.   include SortHelper

  31.   helper :custom_fields

  32.   include CustomFieldsHelper

  33.   include UsersHelper

  34.   helper :principal_memberships

  35.   helper :activities

  36.   include ActivitiesHelper

  37. 

  38.   require_sudo_mode :create, :update, :destroy

  39. 

  40.   def index

  41.     sort_init 'login', 'asc'

  42.     sort_update %w(login firstname lastname admin created_on last_login_on)

  43. 

  44.     case params[:format]

  45.     when 'xml', 'json'

  46.       @offset, @limit = api_offset_and_limit

  47.     else

  48.       @limit = per_page_option

  49.     end

  50. 

  51.     @status = params[:status] || 1

  52. 

  53.     scope = User.logged.status(@status).preload(:email_address)

  54.     scope = scope.like(params[:name]) if params[:name].present?

  55.     scope = scope.in_group(params[:group_id]) if params[:group_id].present?

  56. 

  57.     @user_count = scope.count

  58.     @user_pages = Paginator.new @user_count, @limit, params['page']

  59.     @offset ||= @user_pages.offset

  60.     @users =  scope.order(sort_clause).limit(@limit).offset(@offset).to_a

  61. 

  62.     respond_to do |format|

  63.       format.html do

  64.         @groups = Group.givable.sort

  65.         render :layout => !request.xhr?

  66.       end

  67.       format.csv do

  68.         send_data(users_to_csv(scope.order(sort_clause)), :type => 'text/csv; header=present', :filename => 'users.csv')

  69.       end

  70.       format.api

  71.     end

  72.   end

  73. 

  74.   def show

  75.     unless @user.visible?

  76.       render_404

  77.       return

  78.     end

  79. 

  80.     # show projects based on current user visibility

  81.     @memberships = @user.memberships.preload(:roles, :project).where(Project.visible_condition(User.current)).to_a

  82. 

  83.     @issue_counts = {}

  84.     @issue_counts[:assigned] = {

  85.       :total  => Issue.visible.assigned_to(@user).count,

  86.       :open   => Issue.visible.open.assigned_to(@user).count

  87.     }

  88.     @issue_counts[:reported] = {

  89.       :total  => Issue.visible.where(:author_id => @user.id).count,

  90.       :open   => Issue.visible.open.where(:author_id => @user.id).count

  91.     }

  92. 

  93.     respond_to do |format|

  94.       format.html do

  95.         events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)

  96.         @events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}

  97.         render :layout => 'base'

  98.       end

  99.       format.api

  100.     end

  101.   end

  102. 

  103.   def new

  104.     @user = User.new(:language => Setting.default_language,

  105.                      :mail_notification => Setting.default_notification_option)

  106.     @user.safe_attributes = params[:user]

  107.     @auth_sources = AuthSource.all

  108.   end

  109. 

  110.   def create

  111.     @user = User.new(:language => Setting.default_language,

  112.                      :mail_notification => Setting.default_notification_option,

  113.                      :admin => false)

  114.     @user.safe_attributes = params[:user]

  115.     unless @user.auth_source_id

  116.       @user.password              = params[:user][:password]

  117.       @user.password_confirmation = params[:user][:password_confirmation]

  118.     end

  119.     @user.pref.safe_attributes = params[:pref]

  120. 

  121.     if @user.save

  122.       Mailer.deliver_account_information(@user, @user.password) if params[:send_information]

  123. 

  124.       respond_to do |format|

  125.         format.html do

  126.           flash[:notice] =

  127.             l(:notice_user_successful_create,

  128.               :id => view_context.link_to(@user.login, user_path(@user)))

  129.           if params[:continue]

  130.             attrs = {:generate_password => @user.generate_password}

  131.             redirect_to new_user_path(:user => attrs)

  132.           else

  133.             redirect_to edit_user_path(@user)

  134.           end

  135.         end

  136.         format.api {render :action => 'show', :status => :created, :location => user_url(@user)}

  137.       end

  138.     else

  139.       @auth_sources = AuthSource.all

  140.       # Clear password input

  141.       @user.password = @user.password_confirmation = nil

  142. 

  143.       respond_to do |format|

  144.         format.html {render :action => 'new'}

  145.         format.api  {render_validation_errors(@user)}

  146.       end

  147.     end

  148.   end

  149. 

  150.   def edit

  151.     @auth_sources = AuthSource.all

  152.     @membership ||= Member.new

  153.   end

  154. 

  155.   def update

  156.     is_updating_password = params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)

  157.     if is_updating_password

  158.       @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]

  159.     end

  160.     @user.safe_attributes = params[:user]

  161.     # Was the account actived ? (do it before User#save clears the change)

  162.     was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])

  163.     # TODO: Similar to My#account

  164.     @user.pref.safe_attributes = params[:pref]

  165. 

  166.     if @user.save

  167.       @user.pref.save

  168. 

  169.       Mailer.deliver_password_updated(@user, User.current) if is_updating_password

  170.       if was_activated

  171.         Mailer.deliver_account_activated(@user)

  172.       elsif @user.active? && params[:send_information] && @user != User.current

  173.         Mailer.deliver_account_information(@user, @user.password)

  174.       end

  175. 

  176.       respond_to do |format|

  177.         format.html do

  178.           flash[:notice] = l(:notice_successful_update)

  179.           redirect_to_referer_or edit_user_path(@user)

  180.         end

  181.         format.api  {render_api_ok}

  182.       end

  183.     else

  184.       @auth_sources = AuthSource.all

  185.       @membership ||= Member.new

  186.       # Clear password input

  187.       @user.password = @user.password_confirmation = nil

  188. 

  189.       respond_to do |format|

  190.         format.html {render :action => :edit}

  191.         format.api  {render_validation_errors(@user)}

  192.       end

  193.     end

  194.   end

  195. 

  196.   def destroy

  197.     return render_error status: 422 if @user == User.current && !@user.own_account_deletable?

  198. 

  199.     if api_request? || params[:lock] || params[:confirm] == @user.login

  200.       if params[:lock]

  201.         @user.update_attribute :status, User::STATUS_LOCKED

  202.       else

  203.         @user.destroy

  204.       end

  205.       respond_to do |format|

  206.         format.html {redirect_back_or_default(users_path)}

  207.         format.api  {render_api_ok}

  208.       end

  209.     end

  210.   end

  211. 

  212.   private

  213. 

  214.   def find_user(logged = true)

  215.     if params[:id] == 'current'

  216.       require_login || return

  217.       @user = User.current

  218.     elsif logged

  219.       @user = User.logged.find(params[:id])

  220.     else

  221.       @user = User.find(params[:id])

  222.     end

  223.   rescue ActiveRecord::RecordNotFound

  224.     render_404

  225.   end

  226. end