user management
This commit is contained in:
@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base
|
||||
# Prevent CSRF attacks by raising an exception.
|
||||
# For APIs, you may want to use :null_session instead.
|
||||
protect_from_forgery with: :exception
|
||||
before_filter :require_login
|
||||
before_action :require_login
|
||||
respond_to :html, :json
|
||||
helper :access
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
class DocsController < ApplicationController
|
||||
skip_before_filter :require_login
|
||||
skip_before_action :require_login
|
||||
|
||||
def index
|
||||
@doc = {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
class OauthsController < ApplicationController
|
||||
skip_before_filter :require_login
|
||||
skip_before_action :require_login
|
||||
|
||||
def oauth
|
||||
login_at(params[:provider])
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
class StaffController < ApplicationController
|
||||
def index
|
||||
@staff = Person.staff
|
||||
respond_with @staff
|
||||
end
|
||||
end
|
||||
@ -1,6 +1,66 @@
|
||||
class UsersController < ApplicationController
|
||||
def index
|
||||
@users = Person.admins
|
||||
respond_with @users
|
||||
redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
|
||||
|
||||
@admins = Person.admins
|
||||
@staff = Person.staff
|
||||
end
|
||||
|
||||
def new
|
||||
redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
|
||||
|
||||
@user = Person.new
|
||||
end
|
||||
|
||||
def register
|
||||
redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
|
||||
|
||||
@user = Person.create(user_params)
|
||||
if @user
|
||||
redirect_to :root, notice: 'Success! We will authorize you soon.'
|
||||
return
|
||||
else
|
||||
render :new
|
||||
end
|
||||
end
|
||||
|
||||
def edit
|
||||
redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
|
||||
|
||||
@user = Person.find_by_id(params[:id])
|
||||
end
|
||||
|
||||
def show
|
||||
redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
|
||||
|
||||
@user = Person.find_by_id(params[:id])
|
||||
end
|
||||
|
||||
def update
|
||||
redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
|
||||
|
||||
@user = Person.find(params[:id])
|
||||
if @user.update(user_params)
|
||||
redirect_to user_path(@user), notice: 'Updated!'
|
||||
else
|
||||
render :edit
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def verify_admin! user
|
||||
user && user.admin?
|
||||
end
|
||||
|
||||
def user_params
|
||||
params.require(:user).permit(
|
||||
:first_name,
|
||||
:last_name,
|
||||
:phone,
|
||||
:email,
|
||||
:admin,
|
||||
:staff
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
@ -4,5 +4,4 @@
|
||||
%li{ class: active_controller('children') }= link_to 'Children', list_children_path
|
||||
%li{ class: active_controller('pages') }= link_to 'Pages', list_pages_path
|
||||
- if can_edit_user? current_user
|
||||
%li{ class: active_controller('staff') }= link_to 'Staff', list_staff_path
|
||||
%li{ class: active_controller('users') }= link_to 'Users', list_users_path
|
||||
|
||||
@ -1 +0,0 @@
|
||||
-# %ul.sub-nav
|
||||
@ -1,4 +0,0 @@
|
||||
%h1 Staff
|
||||
%ul
|
||||
- @staff.each do |staff|
|
||||
%li= staff.name
|
||||
29
app/views/users/_form.html.haml
Normal file
29
app/views/users/_form.html.haml
Normal file
@ -0,0 +1,29 @@
|
||||
%ul.sub-nav
|
||||
%li= link_to 'back', :back
|
||||
|
||||
- if @user.errors.full_messages.any?
|
||||
.errors
|
||||
%h1 Uh oh!
|
||||
- @user.errors.full_messages.each do |e|
|
||||
%p= e
|
||||
|
||||
= form_for @user, as: :user, url: form_action do |f|
|
||||
= f.label :first_name
|
||||
= f.text_field :first_name
|
||||
|
||||
= f.label :last_name
|
||||
= f.text_field :last_name
|
||||
|
||||
= f.label :phone
|
||||
= f.phone_field :phone
|
||||
|
||||
= f.label :email, 'GMAIL ADDRESS'
|
||||
= f.email_field :email
|
||||
|
||||
= f.label :admin
|
||||
= f.check_box :admin
|
||||
|
||||
= f.label :staff
|
||||
= f.check_box :staff
|
||||
|
||||
= f.submit
|
||||
@ -1 +1,3 @@
|
||||
-# %ul.sub-nav
|
||||
- if can_create_user? current_user
|
||||
%ul.sub-nav
|
||||
%li= link_to 'New', new_user_path
|
||||
|
||||
3
app/views/users/edit.html.haml
Normal file
3
app/views/users/edit.html.haml
Normal file
@ -0,0 +1,3 @@
|
||||
%h2 Edit #{@user.name}
|
||||
|
||||
= render partial: 'form', locals: {form_action: edit_user_path}
|
||||
@ -1,5 +1,13 @@
|
||||
%h1 Users
|
||||
%h1 Admins
|
||||
%ul.index
|
||||
- @admins.each do |user|
|
||||
%li.name
|
||||
= link_to user.name, user_path(user)
|
||||
= edit_btn(edit_user_path(user))
|
||||
|
||||
%ul
|
||||
- @users.each do |user|
|
||||
%li= user.name
|
||||
%h1 Staff
|
||||
%ul.index
|
||||
- @staff.each do |staff|
|
||||
%li.name
|
||||
= link_to staff.name, user_path(staff)
|
||||
= edit_btn(edit_user_path(staff))
|
||||
|
||||
3
app/views/users/new.html.haml
Normal file
3
app/views/users/new.html.haml
Normal file
@ -0,0 +1,3 @@
|
||||
%h2 Register a new User
|
||||
|
||||
= render partial: 'form', locals: {form_action: add_user_path}
|
||||
16
app/views/users/show.html.haml
Normal file
16
app/views/users/show.html.haml
Normal file
@ -0,0 +1,16 @@
|
||||
%h2= @user.name
|
||||
|
||||
%ul.sub-nav
|
||||
%li= link_to 'back', :back
|
||||
%li= link_to 'edit', edit_user_path(@user)
|
||||
|
||||
%p Email: #{mail_to(@user.email, nil, encode: 'hex')}
|
||||
%p Phone: #{number_to_phone @user.phone} #{page_link(@user)}
|
||||
|
||||
- unless @user.children.empty?
|
||||
%p Children:
|
||||
%ul
|
||||
- @user.children.each do |child|
|
||||
%li
|
||||
= link_to child.name, child_path(child)
|
||||
= link_to 'remove', del_parenthood_path(@user, child), method: :delete
|
||||
Reference in New Issue
Block a user