user management

2015-10-20 21:49:59 -05:00
parent c204389103
commit 41ceccc5b5
17 changed files with 158 additions and 49 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
-  before_filter :require_login
+  before_action :require_login
  respond_to :html, :json
  helper :access

--- a/app/controllers/docs_controller.rb
+++ b/app/controllers/docs_controller.rb
@ -1,5 +1,5 @@
 class DocsController < ApplicationController
-  skip_before_filter :require_login
+  skip_before_action :require_login

  def index
    @doc = {
--- a/app/controllers/oauths_controller.rb
+++ b/app/controllers/oauths_controller.rb
@ -1,5 +1,5 @@
 class OauthsController < ApplicationController
-  skip_before_filter :require_login
+  skip_before_action :require_login

  def oauth
    login_at(params[:provider])
--- a/app/controllers/staff_controller.rb
+++ b/app/controllers/staff_controller.rb
@ -1,6 +0,0 @@
-class StaffController < ApplicationController
-  def index
-    @staff = Person.staff
-    respond_with @staff
-  end
-end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,6 +1,66 @@
 class UsersController < ApplicationController
  def index
-    @users = Person.admins
-    respond_with @users
+    redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
+
+    @admins = Person.admins
+    @staff = Person.staff
  end
+
+  def new
+    redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
+
+    @user = Person.new
+  end
+
+  def register
+    redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
+
+    @user = Person.create(user_params)
+    if @user
+      redirect_to :root, notice: 'Success! We will authorize you soon.'
+      return
+    else
+      render :new
+    end
+  end
+
+  def edit
+    redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
+
+    @user = Person.find_by_id(params[:id])
+  end
+
+  def show
+    redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
+
+    @user = Person.find_by_id(params[:id])
+  end
+
+  def update
+    redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user
+
+    @user = Person.find(params[:id])
+    if @user.update(user_params)
+      redirect_to user_path(@user), notice: 'Updated!'
+    else
+      render :edit
+    end
+  end
+
+  private
+
+    def verify_admin! user
+      user && user.admin?
+    end
+
+    def user_params
+      params.require(:user).permit(
+        :first_name,
+        :last_name,
+        :phone,
+        :email,
+        :admin,
+        :staff
+      )
+    end
 end