mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14090 Commits
33 Branches
Tree: 2fdbcd35dd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fdbcd35dd'
${ noResults }
redmine/app/controllers/users_controller.rb

users_controller.rb 6.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 
  1. # Redmine - project management software

  2. # Copyright (C) 2006-2017  Jean-Philippe Lang

  3. #

  4. # This program is free software; you can redistribute it and/or

  5. # modify it under the terms of the GNU General Public License

  6. # as published by the Free Software Foundation; either version 2

  7. # of the License, or (at your option) any later version.

  8. #

  9. # This program is distributed in the hope that it will be useful,

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. # GNU General Public License for more details.

  13. #

  14. # You should have received a copy of the GNU General Public License

  15. # along with this program; if not, write to the Free Software

  16. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  17. 

  18. class UsersController < ApplicationController

  19.   layout 'admin'

  20.   self.main_menu = false

  21. 

  22.   before_action :require_admin, :except => :show

  23.   before_action ->{ find_user(false) }, :only => :show

  24.   before_action :find_user, :only => [:edit, :update, :destroy]

  25.   accept_api_auth :index, :show, :create, :update, :destroy

  26. 

  27.   helper :sort

  28.   include SortHelper

  29.   helper :custom_fields

  30.   include CustomFieldsHelper

  31.   include UsersHelper

  32.   helper :principal_memberships

  33.   helper :activities

  34.   include ActivitiesHelper

  35. 

  36.   require_sudo_mode :create, :update, :destroy

  37. 

  38.   def index

  39.     sort_init 'login', 'asc'

  40.     sort_update %w(login firstname lastname admin created_on last_login_on)

  41. 

  42.     case params[:format]

  43.     when 'xml', 'json'

  44.       @offset, @limit = api_offset_and_limit

  45.     else

  46.       @limit = per_page_option

  47.     end

  48. 

  49.     @status = params[:status] || 1

  50. 

  51.     scope = User.logged.status(@status).preload(:email_address)

  52.     scope = scope.like(params[:name]) if params[:name].present?

  53.     scope = scope.in_group(params[:group_id]) if params[:group_id].present?

  54. 

  55.     @user_count = scope.count

  56.     @user_pages = Paginator.new @user_count, @limit, params['page']

  57.     @offset ||= @user_pages.offset

  58.     @users =  scope.order(sort_clause).limit(@limit).offset(@offset).to_a

  59. 

  60.     respond_to do |format|

  61.       format.html {

  62.         @groups = Group.givable.sort

  63.         render :layout => !request.xhr?

  64.       }

  65.       format.csv {

  66.         send_data(users_to_csv(scope.order(sort_clause)), :type => 'text/csv; header=present', :filename => 'users.csv')

  67.       }

  68.       format.api

  69.     end

  70.   end

  71. 

  72.   def show

  73.     unless @user.visible?

  74.       render_404

  75.       return

  76.     end

  77. 

  78.     # show projects based on current user visibility

  79.     @memberships = @user.memberships.preload(:roles, :project).where(Project.visible_condition(User.current)).to_a

  80. 

  81.     respond_to do |format|

  82.       format.html {

  83.         events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)

  84.         @events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}

  85.         render :layout => 'base'

  86.       }

  87.       format.api

  88.     end

  89.   end

  90. 

  91.   def new

  92.     @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)

  93.     @user.safe_attributes = params[:user]

  94.     @auth_sources = AuthSource.all

  95.   end

  96. 

  97.   def create

  98.     @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option, :admin => false)

  99.     @user.safe_attributes = params[:user]

  100.     @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id

  101.     @user.pref.safe_attributes = params[:pref]

  102. 

  103.     if @user.save

  104.       Mailer.deliver_account_information(@user, @user.password) if params[:send_information]

  105. 

  106.       respond_to do |format|

  107.         format.html {

  108.           flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))

  109.           if params[:continue]

  110.             attrs = {:generate_password => @user.generate_password }

  111.             redirect_to new_user_path(:user => attrs)

  112.           else

  113.             redirect_to edit_user_path(@user)

  114.           end

  115.         }

  116.         format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }

  117.       end

  118.     else

  119.       @auth_sources = AuthSource.all

  120.       # Clear password input

  121.       @user.password = @user.password_confirmation = nil

  122. 

  123.       respond_to do |format|

  124.         format.html { render :action => 'new' }

  125.         format.api  { render_validation_errors(@user) }

  126.       end

  127.     end

  128.   end

  129. 

  130.   def edit

  131.     @auth_sources = AuthSource.all

  132.     @membership ||= Member.new

  133.   end

  134. 

  135.   def update

  136.     if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)

  137.       @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]

  138.     end

  139.     @user.safe_attributes = params[:user]

  140.     # Was the account actived ? (do it before User#save clears the change)

  141.     was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])

  142.     # TODO: Similar to My#account

  143.     @user.pref.safe_attributes = params[:pref]

  144. 

  145.     if @user.save

  146.       @user.pref.save

  147. 

  148.       if was_activated

  149.         Mailer.deliver_account_activated(@user)

  150.       elsif @user.active? && params[:send_information] && @user != User.current

  151.         Mailer.deliver_account_information(@user, @user.password)

  152.       end

  153. 

  154.       respond_to do |format|

  155.         format.html {

  156.           flash[:notice] = l(:notice_successful_update)

  157.           redirect_to_referer_or edit_user_path(@user)

  158.         }

  159.         format.api  { render_api_ok }

  160.       end

  161.     else

  162.       @auth_sources = AuthSource.all

  163.       @membership ||= Member.new

  164.       # Clear password input

  165.       @user.password = @user.password_confirmation = nil

  166. 

  167.       respond_to do |format|

  168.         format.html { render :action => :edit }

  169.         format.api  { render_validation_errors(@user) }

  170.       end

  171.     end

  172.   end

  173. 

  174.   def destroy

  175.     @user.destroy

  176.     respond_to do |format|

  177.       format.html { redirect_back_or_default(users_path) }

  178.       format.api  { render_api_ok }

  179.     end

  180.   end

  181. 

  182.   private

  183. 

  184.   def find_user(logged = true)

  185.     if params[:id] == 'current'

  186.       require_login || return

  187.       @user = User.current

  188.     elsif logged

  189.       @user = User.logged.find(params[:id])

  190.     else

  191.       @user = User.find(params[:id])

  192.     end

  193.   rescue ActiveRecord::RecordNotFound

  194.     render_404

  195.   end

  196. end