gitlab-org--gitlab-foss/app/controllers/profiles_controller.rb

class ProfilesController < Profiles::ApplicationController
  include ActionView::Helpers::SanitizeHelper

  before_action :user
  before_action :authorize_change_username!, only: :update_username
  skip_before_action :require_email, only: [:show, :update]

  def show
  end

  def update
    user_params.except!(:email) if @user.ldap_user?

    respond_to do |format|
      if @user.update_attributes(user_params)
        message = "Profile was successfully updated"
        format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
        format.json { render json: { message: message } }
      else
        message = @user.errors.full_messages.uniq.join('. ')
        format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: "Failed to update profile. #{message}" }) }
        format.json { render json: { message: message }, status: :unprocessable_entity }
      end
    end
  end

  def reset_private_token
    if current_user.reset_authentication_token!
      flash[:notice] = "Token was successfully updated"
    end

    redirect_to profile_account_path
  end

  def audit_log
    @events = AuditEvent.where(entity_type: "User", entity_id: current_user.id).
      order("created_at DESC").
      page(params[:page])
  end

  def update_username
    @user.update_attributes(username: user_params[:username])

    respond_to do |format|
      format.js
    end
  end

  private

  def user
    @user = current_user
  end

  def authorize_change_username!
    return render_404 unless @user.can_change_username?
  end

  def user_params
    params.require(:user).permit(
      :avatar,
      :bio,
      :email,
      :hide_no_password,
      :hide_no_ssh_key,
      :hide_project_limit,
      :linkedin,
      :location,
      :name,
      :password,
      :password_confirmation,
      :public_email,
      :skype,
      :twitter,
      :username,
      :website_url,
      :organization
    )
  end
end
Add a page title to every page. 2015-04-30 13:06:18 -04:00			`class ProfilesController < Profiles::ApplicationController`
Sanitize user profile input 2013-02-25 15:51:15 -05:00			`include ActionView::Helpers::SanitizeHelper`

Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 08:03:37 -04:00			`before_action :user`
			`before_action :authorize_change_username!, only: :update_username`
			`skip_before_action :require_email, only: [:show, :update]`
Dont allow LDAP users to change password inside GitLab 2013-05-24 10:12:27 -04:00
init commit 2011-10-08 17:36:38 -04:00			`def show`
			`end`

Design tab for profile. Colorscheme as db value 2011-12-20 15:47:09 -05:00			`def update`
Make app works with strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 16:24:17 -04:00			`user_params.except!(:email) if @user.ldap_user?`
Read-only email field for LDAP user Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-27 03:32:37 -05:00
Improve user feedback on the Profile > Design page - Header changes immediately without a page reload - Lets the user know that we actually saved their setting when changed 2012-11-21 15:01:40 -05:00			`respond_to do \|format\|`
Respond to json requests 2016-03-17 10:41:38 -04:00			`if @user.update_attributes(user_params)`
			`message = "Profile was successfully updated"`
			`format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }`
			`format.json { render json: { message: message } }`
			`else`
			`message = @user.errors.full_messages.uniq.join('. ')`
			`format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: "Failed to update profile. #{message}" }) }`
			`format.json { render json: { message: message }, status: :unprocessable_entity }`
			`end`
Improve user feedback on the Profile > Design page - Header changes immediately without a page reload - Lets the user know that we actually saved their setting when changed 2012-11-21 15:01:40 -05:00			`end`
extended user profile with social fields 2011-10-19 18:34:05 -04:00			`end`

allow user to reset his private token 2011-11-15 08:08:20 -05:00			`def reset_private_token`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`if current_user.reset_authentication_token!`
			`flash[:notice] = "Token was successfully updated"`
			`end`

Restyle Profile#Account page 2013-10-09 09:37:37 -04:00			`redirect_to profile_account_path`
allow user to reset his private token 2011-11-15 08:08:20 -05:00			`end`
Backend Refactoring 2012-07-31 01:32:49 -04:00
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`def audit_log`
			`@events = AuditEvent.where(entity_type: "User", entity_id: current_user.id).`
			`order("created_at DESC").`
Use the configured Kaminari "per page" default 2016-03-19 17:37:54 -04:00			`page(params[:page])`
Refactored profile area 2012-09-14 12:13:25 -04:00			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00			`def update_username`
User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00			`@user.update_attributes(username: user_params[:username])`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 06:29:24 -05:00
			`respond_to do \|format\|`
			`format.js`
			`end`
			`end`

Refactored profile area 2012-09-14 12:13:25 -04:00			`private`
Backend Refactoring 2012-07-31 01:32:49 -04:00
			`def user`
			`@user = current_user`
			`end`
Sanitize user profile input 2013-02-25 15:51:15 -05:00
Dont allow LDAP users to change password inside GitLab 2013-05-24 10:12:27 -04:00			`def authorize_change_username!`
			`return render_404 unless @user.can_change_username?`
			`end`
User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00
			`def user_params`
			`params.require(:user).permit(`
Move the "Design" templates and logic to Preferences 2015-06-05 13:57:01 -04:00			`:avatar,`
			`:bio,`
			`:email,`
			`:hide_no_password,`
			`:hide_no_ssh_key,`
Notify user if they cannot create projects 2015-12-02 19:02:15 -05:00			`:hide_project_limit,`
Move the "Design" templates and logic to Preferences 2015-06-05 13:57:01 -04:00			`:linkedin,`
			`:location,`
			`:name,`
			`:password,`
			`:password_confirmation,`
			`:public_email,`
			`:skype,`
			`:twitter,`
			`:username,`
Add organization field to user profile Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-09-26 12:24:14 -04:00			`:website_url,`
			`:organization`
User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00			`)`
			`end`
init commit 2011-10-08 17:36:38 -04:00			`end`