2013-06-12 15:59:58 +00:00
|
|
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class UsersController < ApplicationController
|
2012-04-23 06:55:16 +00:00
|
|
|
before_filter :authentication_check, :except => [:create, :password_reset_send, :password_reset_verify]
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
Format:
|
|
|
|
JSON
|
|
|
|
|
|
|
|
Example:
|
|
|
|
{
|
|
|
|
"id":2,
|
|
|
|
"organization_id":null,
|
|
|
|
"login":"m@edenhofer.de",
|
|
|
|
"firstname":"Marti",
|
|
|
|
"lastname":"Ede",
|
|
|
|
"email":"m@edenhofer.de",
|
|
|
|
"image":"http://www.gravatar.com/avatar/1c38b099f2344976005de69965733465?s=48",
|
|
|
|
"web":"http://127.0.0.1",
|
|
|
|
"password":"123",
|
|
|
|
"phone":"112",
|
|
|
|
"fax":"211",
|
|
|
|
"mobile":"",
|
|
|
|
"street":"",
|
|
|
|
"zip":"",
|
|
|
|
"city":"",
|
|
|
|
"country":null,
|
|
|
|
"verified":false,
|
|
|
|
"active":true,
|
|
|
|
"note":"some note",
|
|
|
|
"source":null,
|
|
|
|
"role_ids":[1,2],
|
|
|
|
"group_ids":[1,2,3,4],
|
|
|
|
}
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
GET /api/v1/users.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Response:
|
|
|
|
[
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"login": "some_login1",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": 2,
|
|
|
|
"login": "some_login2",
|
|
|
|
...
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users.json -v -u #{login}:#{password}
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def index
|
2013-07-19 14:21:44 +00:00
|
|
|
|
|
|
|
# only allow customer to fetch him self
|
|
|
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
|
|
|
users = User.where( :id => current_user.id )
|
|
|
|
else
|
|
|
|
users = User.all
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
users_all = []
|
|
|
|
users.each {|user|
|
|
|
|
users_all.push User.user_data_full( user.id )
|
2012-04-10 14:06:46 +00:00
|
|
|
}
|
2013-07-19 14:21:44 +00:00
|
|
|
render :json => users_all, :status => :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
GET /api/v1/users/1.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"login": "some_login1",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/#{id}.json -v -u #{login}:#{password}
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def show
|
2013-07-19 14:21:44 +00:00
|
|
|
|
|
|
|
# access deny
|
|
|
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
|
|
|
if params[:id].to_i != current_user.id
|
|
|
|
response_access_deny
|
|
|
|
return
|
|
|
|
end
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
user = User.user_data_full( params[:id] )
|
|
|
|
render :json => user
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"login": "some_login",
|
|
|
|
"firstname": "some firstname",
|
|
|
|
"lastname": "some lastname",
|
|
|
|
"email": "some@example.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"login": "some_login",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def create
|
2012-09-20 12:08:02 +00:00
|
|
|
user = User.new( User.param_cleanup(params) )
|
2013-01-08 00:43:07 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
begin
|
2013-04-21 23:03:19 +00:00
|
|
|
# check if it's first user
|
|
|
|
count = User.all.count()
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-04-12 11:27:01 +00:00
|
|
|
# if it's a signup, add user to customer role
|
2013-04-21 23:03:19 +00:00
|
|
|
if !current_user
|
|
|
|
user.updated_by_id = 1
|
|
|
|
user.created_by_id = 1
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-01-08 00:43:07 +00:00
|
|
|
# check if feature is enabled
|
|
|
|
if !Setting.get('user_create_account')
|
|
|
|
render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2013-04-21 23:03:19 +00:00
|
|
|
# add first user as admin/agent and to all groups
|
2012-04-13 13:51:10 +00:00
|
|
|
group_ids = []
|
|
|
|
role_ids = []
|
2012-04-12 11:27:01 +00:00
|
|
|
if count <= 2
|
2012-04-13 13:51:10 +00:00
|
|
|
Role.where( :name => [ 'Admin', 'Agent'] ).each { |role|
|
|
|
|
role_ids.push role.id
|
|
|
|
}
|
|
|
|
Group.all().each { |group|
|
|
|
|
group_ids.push group.id
|
|
|
|
}
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
# everybody else will go as customer per default
|
2012-04-10 14:06:46 +00:00
|
|
|
else
|
2012-04-12 11:27:01 +00:00
|
|
|
role_ids.push Role.where( :name => 'Customer' ).first.id
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
user.role_ids = role_ids
|
|
|
|
user.group_ids = group_ids
|
2012-04-12 11:27:01 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
# else do assignment as defined
|
2012-04-12 11:27:01 +00:00
|
|
|
else
|
|
|
|
if params[:role_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.role_ids = params[:role_ids]
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-12 11:27:01 +00:00
|
|
|
if params[:group_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.group_ids = params[:group_ids]
|
2012-04-12 11:27:01 +00:00
|
|
|
end
|
|
|
|
end
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-01-20 01:27:47 +00:00
|
|
|
# check if user already exists
|
|
|
|
if user.email
|
|
|
|
exists = User.where( :email => user.email ).first
|
|
|
|
if exists
|
|
|
|
render :json => { :error => 'User already exists!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-06 21:43:13 +00:00
|
|
|
user.save
|
|
|
|
|
2013-03-19 00:46:49 +00:00
|
|
|
# if first user set init done
|
|
|
|
if count <= 2
|
|
|
|
Setting.create_or_update(
|
|
|
|
:title => 'System Init Done',
|
|
|
|
:name => 'system_init_done',
|
|
|
|
:area => 'Core',
|
|
|
|
:description => 'Defines if application is in init mode.',
|
|
|
|
:options => {},
|
|
|
|
:state => true,
|
|
|
|
:frontend => true
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2013-01-03 10:47:39 +00:00
|
|
|
# send inviteation if needed / only if session exists
|
|
|
|
if params[:invite] && current_user
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-01-03 09:39:33 +00:00
|
|
|
# generate token
|
|
|
|
token = Token.create( :action => 'PasswordReset', :user_id => user.id )
|
|
|
|
|
|
|
|
# send mail
|
|
|
|
data = {}
|
|
|
|
data[:subject] = 'Invitation to #{config.product_name} at #{config.fqdn}'
|
2013-01-03 10:53:11 +00:00
|
|
|
data[:body] = 'Hi #{user.firstname},
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
I (#{current_user.firstname} #{current_user.lastname}) invite you to #{config.product_name} - a customer support / ticket system platform.
|
|
|
|
|
|
|
|
Click on the following link and set your password:
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
#{config.http_type}://#{config.fqdn}/#password_reset_verify/#{token.name}
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Enjoy,
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
#{current_user.firstname} #{current_user.lastname}
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Your #{config.product_name} Team
|
|
|
|
'
|
2013-01-03 09:39:33 +00:00
|
|
|
|
|
|
|
# prepare subject & body
|
|
|
|
[:subject, :body].each { |key|
|
|
|
|
data[key.to_sym] = NotificationFactory.build(
|
2013-01-04 14:28:55 +00:00
|
|
|
:locale => user.locale,
|
2013-01-03 09:39:33 +00:00
|
|
|
:string => data[key.to_sym],
|
|
|
|
:objects => {
|
|
|
|
:token => token,
|
|
|
|
:user => user,
|
|
|
|
:current_user => current_user,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
}
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2013-01-03 09:39:33 +00:00
|
|
|
# send notification
|
|
|
|
NotificationFactory.send(
|
|
|
|
:recipient => user,
|
|
|
|
:subject => data[:subject],
|
|
|
|
:body => data[:body]
|
|
|
|
)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2012-10-16 09:46:22 +00:00
|
|
|
user_new = User.user_data_full( user.id )
|
|
|
|
render :json => user_new, :status => :created
|
2012-09-20 12:08:02 +00:00
|
|
|
rescue Exception => e
|
|
|
|
render :json => { :error => e.message }, :status => :unprocessable_entity
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
PUT /api/v1/users/#{id}.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"login": "some_login",
|
|
|
|
"firstname": "some firstname",
|
|
|
|
"lastname": "some lastname",
|
|
|
|
"email": "some@example.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
"id": 2,
|
|
|
|
"login": "some_login",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/2.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def update
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# allow user to update him self
|
|
|
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
2013-07-19 14:21:44 +00:00
|
|
|
if params[:id] != current_user.id
|
|
|
|
response_access_deny
|
|
|
|
return
|
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
user = User.find( params[:id] )
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
begin
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
user.update_attributes( User.param_cleanup(params) )
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# only allow Admin's and Agent's
|
|
|
|
if is_role('Admin') && is_role('Agent') && params[:role_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.role_ids = params[:role_ids]
|
2012-04-12 11:27:01 +00:00
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# only allow Admin's
|
|
|
|
if is_role('Admin') && params[:group_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.group_ids = params[:group_ids]
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# only allow Admin's and Agent's
|
|
|
|
if is_role('Admin') && is_role('Agent') && params[:organization_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.organization_ids = params[:organization_ids]
|
2012-04-20 15:39:50 +00:00
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# get new data
|
2012-10-16 09:46:22 +00:00
|
|
|
user_new = User.user_data_full( params[:id] )
|
|
|
|
render :json => user_new, :status => :ok
|
2012-09-20 12:08:02 +00:00
|
|
|
rescue Exception => e
|
|
|
|
render :json => { :error => e.message }, :status => :unprocessable_entity
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-08-06 22:10:28 +00:00
|
|
|
# DELETE /api/v1/users/1
|
2012-04-10 14:06:46 +00:00
|
|
|
def destroy
|
2013-07-23 16:45:28 +00:00
|
|
|
return if deny_if_not_role('Admin')
|
2012-09-20 12:08:02 +00:00
|
|
|
model_destory_render(User, params)
|
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2013-08-06 22:10:28 +00:00
|
|
|
# GET /api/v1/users/search
|
2012-09-20 12:08:02 +00:00
|
|
|
def search
|
2012-11-14 01:05:53 +00:00
|
|
|
|
2013-07-19 14:21:44 +00:00
|
|
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
|
|
|
response_access_deny
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
# do query
|
2013-05-21 22:30:09 +00:00
|
|
|
user_all = User.search(
|
|
|
|
:query => params[:term],
|
|
|
|
:limit => params[:limit],
|
|
|
|
:current_user => current_user,
|
2012-09-20 12:08:02 +00:00
|
|
|
)
|
2012-11-14 01:05:53 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
# build result list
|
|
|
|
users = []
|
|
|
|
user_all.each do |user|
|
|
|
|
realname = user.firstname.to_s + ' ' + user.lastname.to_s
|
|
|
|
if user.email && user.email.to_s != ''
|
|
|
|
realname = realname + ' <' + user.email.to_s + '>'
|
|
|
|
end
|
|
|
|
a = { :id => user.id, :label => realname, :value => realname }
|
|
|
|
users.push a
|
|
|
|
end
|
|
|
|
|
|
|
|
# return result
|
|
|
|
render :json => users
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-23 06:55:16 +00:00
|
|
|
|
2013-10-21 19:00:58 +00:00
|
|
|
# GET /api/v1/users/history/1
|
|
|
|
def history
|
|
|
|
|
|
|
|
# permissin check
|
|
|
|
if !is_role('Admin') && !is_role('Agent')
|
|
|
|
response_access_deny
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# get user data
|
|
|
|
user = User.find( params[:id] )
|
|
|
|
|
|
|
|
# get history of user
|
|
|
|
history = user.history_get(true)
|
|
|
|
|
|
|
|
# return result
|
|
|
|
render :json => history
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_reset
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"username": "some user name"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/password_reset.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
def password_reset_send
|
2013-01-08 00:43:07 +00:00
|
|
|
|
|
|
|
# check if feature is enabled
|
|
|
|
if !Setting.get('user_lost_password')
|
|
|
|
render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
success = User.password_reset_send( params[:username] )
|
|
|
|
if success
|
|
|
|
render :json => { :message => 'ok' }, :status => :ok
|
|
|
|
else
|
|
|
|
render :json => { :message => 'failed' }, :status => :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_reset_verify
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"token": "SoMeToKeN",
|
|
|
|
"password" "new_password"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/password_reset_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
def password_reset_verify
|
2012-04-23 16:59:35 +00:00
|
|
|
if params[:password]
|
2013-01-03 12:00:55 +00:00
|
|
|
user = User.password_reset_via_token( params[:token], params[:password] )
|
2012-04-23 16:59:35 +00:00
|
|
|
else
|
2013-01-03 12:00:55 +00:00
|
|
|
user = User.password_reset_check( params[:token] )
|
2012-04-23 16:59:35 +00:00
|
|
|
end
|
2013-01-03 12:00:55 +00:00
|
|
|
if user
|
|
|
|
render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
|
2012-04-23 06:55:16 +00:00
|
|
|
else
|
|
|
|
render :json => { :message => 'failed' }, :status => :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-02-10 21:38:35 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_change
|
2013-02-10 21:38:35 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"password_old": "some_password_old",
|
2013-02-12 00:56:23 +00:00
|
|
|
"password_new": "some_password_new"
|
2013-02-10 21:38:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new": "password_new"}'
|
2013-02-10 21:38:35 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def password_change
|
|
|
|
|
|
|
|
# check old password
|
|
|
|
if !params[:password_old]
|
|
|
|
render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
user = User.authenticate( current_user.login, params[:password_old] )
|
|
|
|
if !user
|
|
|
|
render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# set new password
|
|
|
|
if !params[:password_new]
|
|
|
|
render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
user.update_attributes( :password => params[:password_new] )
|
|
|
|
render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
|
|
|
|
end
|
|
|
|
|
2013-02-12 00:56:23 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
PUT /api/v1/users/preferences.json
|
2013-02-12 00:56:23 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"language": "de",
|
|
|
|
"notification": true
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/preferences.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"language": "de", "notifications": true}'
|
2013-02-12 00:56:23 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def preferences
|
|
|
|
if !current_user
|
|
|
|
render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 00:56:23 +00:00
|
|
|
end
|
|
|
|
if params[:user]
|
|
|
|
params[:user].each {|key, value|
|
|
|
|
current_user.preferences[key.to_sym] = value
|
|
|
|
}
|
|
|
|
end
|
|
|
|
current_user.save
|
|
|
|
render :json => { :message => 'ok' }, :status => :ok
|
|
|
|
end
|
|
|
|
|
2013-02-12 22:37:04 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
DELETE /api/v1/users/account.json
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"provider": "twitter",
|
|
|
|
"uid": 581482342942
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/account.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"provider": "twitter", "uid": 581482342942}'
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def account_remove
|
|
|
|
if !current_user
|
|
|
|
render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# provider + uid to remove
|
|
|
|
if !params[:provider]
|
|
|
|
render :json => { :message => 'provider needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
if !params[:uid]
|
|
|
|
render :json => { :message => 'uid needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# remove from database
|
|
|
|
record = Authorization.where(
|
|
|
|
:user_id => current_user.id,
|
|
|
|
:provider => params[:provider],
|
|
|
|
:uid => params[:uid],
|
|
|
|
)
|
|
|
|
if !record.first
|
|
|
|
render :json => { :message => 'No record found!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
record.destroy_all
|
|
|
|
render :json => { :message => 'ok' }, :status => :ok
|
|
|
|
end
|
|
|
|
|
2013-11-02 21:32:00 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
GET /api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7
|
|
|
|
|
|
|
|
Response:
|
|
|
|
<IMAGE>
|
|
|
|
|
|
|
|
Test:
|
|
|
|
curl http://localhost/api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7 -v -u #{login}:#{password}
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def image
|
|
|
|
|
|
|
|
# cache image
|
|
|
|
response.headers['Expires'] = 1.year.from_now.httpdate
|
|
|
|
response.headers["Cache-Control"] = "cache, store, max-age=31536000, must-revalidate"
|
|
|
|
response.headers["Pragma"] = "cache"
|
|
|
|
|
|
|
|
# serve user image
|
|
|
|
user = User.where( :image => params[:hash] ).first
|
|
|
|
if user
|
|
|
|
# find file
|
|
|
|
list = Store.list( :object => 'User::Image', :o_id => user.id )
|
|
|
|
if list && list[0]
|
|
|
|
file = Store.find( list[0] )
|
|
|
|
send_data(
|
|
|
|
file.store_file.data,
|
|
|
|
:filename => file.filename,
|
|
|
|
:type => file.preferences['Content-Type'] || file.preferences['Mime-Type'],
|
|
|
|
:disposition => 'inline'
|
|
|
|
)
|
|
|
|
return
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# serve defalt image
|
|
|
|
image = 'R0lGODdhMAAwAOMAAMzMzJaWlr6+vqqqqqOjo8XFxbe3t7GxsZycnAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAMAAwAAAEcxDISau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru98TwuAA+KQAQqJK8EAgBAgMEqmkzUgBIeSwWGZtR5XhSqAULACCoGCJGwlm1MGQrq9RqgB8fm4ZTUgDBIEcRR9fz6HiImKi4yNjo+QkZKTlJWWkBEAOw=='
|
|
|
|
send_data(
|
|
|
|
Base64.decode64(image),
|
|
|
|
:filename => 'image.gif',
|
|
|
|
:type => 'image/gif',
|
|
|
|
:disposition => 'inline',
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|