gitlab-org--gitlab-foss/app/controllers/profiles_controller.rb

class ProfilesController < ApplicationController
  include ActionView::Helpers::SanitizeHelper

  before_filter :user
  layout 'profile'

  def show
  end

  def design
  end

  def account
  end

  def update
    if @user.update_attributes(user_attributes)
      flash[:notice] = "Profile was successfully updated"
    else
      flash[:alert] = "Failed to update profile"
    end

    respond_to do |format|
      format.html { redirect_to :back }
      format.js
    end
  end

  def token
  end

  def update_password
    params[:user].reject!{ |k, v| k != "password" && k != "password_confirmation"}

    if @user.update_attributes(params[:user])
      flash[:notice] = "Password was successfully updated. Please login with it"
      redirect_to new_user_session_path
    else
      render 'account'
    end
  end

  def reset_private_token
    if current_user.reset_authentication_token!
      flash[:notice] = "Token was successfully updated"
    end

    redirect_to account_profile_path
  end

  def history
    @events = current_user.recent_events.page(params[:page]).per(20)
  end

  def update_username
    if @user.can_change_username?
      @user.update_attributes(username: params[:user][:username])
    end

    respond_to do |format|
      format.js
    end
  end

  private

  def user
    @user = current_user
  end

  def user_attributes
    user_attributes = params[:user]

    # Sanitize user input because we dont have strict
    # validation for this fields
    %w(name skype linkedin twitter bio).each do |attr|
      value = user_attributes[attr]
      user_attributes[attr] = sanitize(value) if value.present?
    end

    user_attributes
  end
end
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`class ProfilesController < ApplicationController`
Sanitize user profile input 2013-02-25 15:51:15 -05:00			`include ActionView::Helpers::SanitizeHelper`

Backend Refactoring 2012-07-31 01:32:49 -04:00			`before_filter :user`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`layout 'profile'`
Backend Refactoring 2012-07-31 01:32:49 -04:00
init commit 2011-10-08 17:36:38 -04:00			`def show`
			`end`

Design tab for profile. Colorscheme as db value 2011-12-20 15:47:09 -05:00			`def design`
			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`def account`
			`end`

Design tab for profile. Colorscheme as db value 2011-12-20 15:47:09 -05:00			`def update`
Sanitize user profile input 2013-02-25 15:51:15 -05:00			`if @user.update_attributes(user_attributes)`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`flash[:notice] = "Profile was successfully updated"`
			`else`
			`flash[:alert] = "Failed to update profile"`
			`end`
Improve user feedback on the Profile > Design page - Header changes immediately without a page reload - Lets the user know that we actually saved their setting when changed 2012-11-21 15:01:40 -05:00
			`respond_to do \|format\|`
			`format.html { redirect_to :back }`
			`format.js`
			`end`
extended user profile with social fields 2011-10-19 18:34:05 -04:00			`end`

Password & token split up, icon to button for top panel 2012-05-19 05:00:46 -04:00			`def token`
			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`def update_password`
clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 09:46:25 -04:00			`params[:user].reject!{ \|k, v\| k != "password" && k != "password_confirmation"}`
init commit 2011-10-08 17:36:38 -04:00
			`if @user.update_attributes(params[:user])`
			`flash[:notice] = "Password was successfully updated. Please login with it"`
			`redirect_to new_user_session_path`
			`else`
Fix rendered action for password change failure Closes #1912 2012-11-04 16:47:37 -05:00			`render 'account'`
init commit 2011-10-08 17:36:38 -04:00			`end`
			`end`
allow user to reset his private token 2011-11-15 08:08:20 -05:00
			`def reset_private_token`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`if current_user.reset_authentication_token!`
			`flash[:notice] = "Token was successfully updated"`
			`end`

			`redirect_to account_profile_path`
allow user to reset his private token 2011-11-15 08:08:20 -05:00			`end`
Backend Refactoring 2012-07-31 01:32:49 -04:00
Refactored profile area 2012-09-14 12:13:25 -04:00			`def history`
			`@events = current_user.recent_events.page(params[:page]).per(20)`
			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`def update_username`
Add option to disable username changing This option allows to disable users from changing their username. This is very usefull in environments using strong internal authentication methods like ldap, pam or shibboleth. You can allow users to change theyr username in these environments, but then new users (users loging in first time) is blocked from gitlab is her username exists. 2013-01-30 15:14:34 -05:00			`if @user.can_change_username?`
			`@user.update_attributes(username: params[:user][:username])`
			`end`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00
			`respond_to do \|format\|`
			`format.js`
			`end`
			`end`

Refactored profile area 2012-09-14 12:13:25 -04:00			`private`
Backend Refactoring 2012-07-31 01:32:49 -04:00
			`def user`
			`@user = current_user`
			`end`
Sanitize user profile input 2013-02-25 15:51:15 -05:00
			`def user_attributes`
			`user_attributes = params[:user]`

			`# Sanitize user input because we dont have strict`
			`# validation for this fields`
			`%w(name skype linkedin twitter bio).each do \|attr\|`
			`value = user_attributes[attr]`
			`user_attributes[attr] = sanitize(value) if value.present?`
			`end`

			`user_attributes`
			`end`
init commit 2011-10-08 17:36:38 -04:00			`end`