gitlab-org--gitlab-foss/app/controllers/admin/users_controller.rb
Dmitriy Zaporozhets 8fee5a0572
Make app works with strong params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-26 23:24:17 +03:00

120 lines
3.1 KiB
Ruby

class Admin::UsersController < Admin::ApplicationController
before_filter :user, only: [:show, :edit, :update, :destroy]
def index
@users = User.filter(params[:filter])
@users = @users.search(params[:name]) if params[:name].present?
@users = @users.alphabetically.page(params[:page])
end
def show
@personal_projects = user.personal_projects
@joined_projects = user.projects.joined(@user)
end
def new
@user = User.new
end
def edit
user
end
def block
if user.block
redirect_to :back, alert: "Successfully blocked"
else
redirect_to :back, alert: "Error occurred. User was not blocked"
end
end
def unblock
if user.activate
redirect_to :back, alert: "Successfully unblocked"
else
redirect_to :back, alert: "Error occurred. User was not unblocked"
end
end
def create
opts = {
force_random_password: true,
password_expires_at: Time.now
}
@user = User.new(user_params.merge(opts))
@user.created_by_id = current_user.id
@user.generate_password
@user.skip_confirmation!
respond_to do |format|
if @user.save
format.html { redirect_to [:admin, @user], notice: 'User was successfully created.' }
format.json { render json: @user, status: :created, location: @user }
else
format.html { render "new" }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
def update
if params[:user][:password].present?
user_params.merge(
password: params[:user][:password],
password_confirmation: params[:user][:password_confirmation],
)
end
respond_to do |format|
if user.update_attributes(user_params)
user.confirm!
format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
format.json { head :ok }
else
# restore username to keep form action url.
user.username = params[:id]
format.html { render "edit" }
format.json { render json: user.errors, status: :unprocessable_entity }
end
end
end
def destroy
# 1. Remove groups where user is the only owner
user.solo_owned_groups.map(&:destroy)
# 2. Remove user with all authored content including personal projects
user.destroy
respond_to do |format|
format.html { redirect_to admin_users_path }
format.json { head :ok }
end
end
def remove_email
email = user.emails.find(params[:email_id])
email.destroy
respond_to do |format|
format.html { redirect_to :back, notice: "Successfully removed email." }
format.js { render nothing: true }
end
end
protected
def user
@user ||= User.find_by!(username: params[:id])
end
def user_params
params.require(:user).permit(
:email, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
:projects_limit, :can_create_group, :admin
)
end
end