coderwall-next/app/controllers/users_controller.rb at master · coderwall/coderwall-next · GitHub

Name: coderwall-next/app/controllers/users_controller.rb at master · coderwall/coderwall-next · GitHub
Rating: 4.9 (4419 reviews)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
classUsersController < ApplicationController
before_action:require_login,only: [:edit,:update,:unsubscribe_comment_emails]
skip_before_action:verify_authenticity_token,only: :show,
if: ->{request.format.json?}

defshow
scope=User.visible_to(current_user)
ifparams[:username].blank? && params[:id]
@user=scope.find(params[:id])
returnredirect_to(profile_path(username: @user.username))
elsifparams[:username] == 'random'
@user=scope.order("random()").first
elsifparams[:delete_account]
returnredirect_to(sign_in_url)unlesssigned_in?
@user=current_user
else
@user=scope.includes(:badges,:protips).find_by_username!(params[:username])
end
respond_todo |format|
format.htmldo
fresh_when(web_etag_key_for_user)
end
format.jsondo
ifstale?(api_etag_key_for_user)
render(json: @user,callback: params[:callback])
end
end
format.all{head(:not_found)}
end
end

defedit
@user=User.where(id: params[:id]).first || current_user
returnhead(:forbidden)if !current_user.can_edit?(@user)
end

defcreate
returnhead(:forbidden)ifsigned_in?
@user=User.new(new_user_params)
if !captcha_valid_user?(params["g-recaptcha-response"],remote_ip)
flash[:notice]="Let us know if you're human below :D"
renderaction: :new
return
end

if@user.save
sign_in(@user)
redirect_tofinish_signup_url
else
renderaction: :new
end
end

defindex
redirect_tosign_up_url
end

defupdate
@user=User.find(params[:id])
returnhead(:forbidden)if !current_user.can_edit?(@user)
@user.attributes=user_params
if@user.save
redirect_toprofile_url(username: @user.username)
else
renderaction: :edit
end
end

defimpersonate
ifRails.env.development? || current_user.admin?
@user=ifparams[:username]
User.find_by_username(params[:username])
else
User.order('random()').first
end
logger.info"signing in as #{@user.username}"
sign_in(@user)do |status|
ifstatus.success?
redirect_back_orClearance.configuration.redirect_url
else
flash.now.notice=status.failure_message
rendertemplate: "sessions/new",status: :unauthorized
end
end
end
end

defdestroy
@user=User.find(params[:id])
head(:forbidden)unlesscurrent_user.can_edit?(@user)
UserMailer.destroy_email(@user).deliver_now
@user.destroy
if@user == current_user
sign_out
flash[:notice]="You are no longer signed in to Coderwall. Your acccount, #{@user.username}, has been deleted."
else
flash[:notice]="#{@user.username}'s account deleted."
end
redirect_to_back_or_default
end

protected

defnew_user_params
params.require(:user).permit(:username,:password,:email)
end

defuser_params
safe_attributes=[
:twitter,
:github,
:color,
:email,
:avatar,
:title,
:company,
:location,
:editable_skills,
:about,
:receive_newsletter,
:receive_weekly_digest
]
safe_attributes << :usernameifadmin?
params.require(:user).permit(safe_attributes)
end

defweb_etag_key_for_user
{
etag:['v4',@user,current_user,params[:protips],params[:protips]],
last_modified: @user.updated_at.utc,
public: false
}
end

defapi_etag_key_for_user
{
etag:['v5',@user,params[:callback]],
last_modified: @user.updated_at.utc,
public: true
}
end

end