redirect_to my_account_path
end
else
- @user.login = params[:user][:login]
unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
@user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
end
end
def create
- @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
+ @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option, :admin => false)
@user.safe_attributes = params[:user]
- @user.admin = params[:user][:admin] || false
- @user.login = params[:user][:login]
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
@user.pref.attributes = params[:pref] if params[:pref]
end
def update
- @user.admin = params[:user][:admin] if params[:user][:admin]
- @user.login = params[:user][:login] if params[:user][:login]
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
end
attr_accessor :remote_ip
# Prevents unauthorized assignments
- attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
+ attr_protected :password, :password_confirmation, :hashed_password
LOGIN_LENGTH_LIMIT = 60
MAIL_LENGTH_LIMIT = 60
'custom_fields',
'identity_url'
+ safe_attributes 'login',
+ :if => lambda {|user, current_user| user.new_record?}
+
safe_attributes 'status',
'auth_source_id',
'generate_password',
'must_change_passwd',
+ 'login',
+ 'admin',
:if => lambda {|user, current_user| current_user.admin?}
safe_attributes 'group_ids',
projects / redmine.git / commitdiff