trabajo-afectivo/app/controllers/users_controller.rb

555 lines
12 KiB
Ruby
Raw Normal View History

# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class UsersController < ApplicationController
2012-04-23 06:55:16 +00:00
before_filter :authentication_check, :except => [:create, :password_reset_send, :password_reset_verify]
2012-04-10 14:06:46 +00:00
=begin
Format:
JSON
Example:
{
"id":2,
"organization_id":null,
"login":"m@edenhofer.de",
"firstname":"Marti",
"lastname":"Ede",
"email":"m@edenhofer.de",
"image":"http://www.gravatar.com/avatar/1c38b099f2344976005de69965733465?s=48",
"web":"http://127.0.0.1",
"password":"123",
"phone":"112",
"fax":"211",
"mobile":"",
"street":"",
"zip":"",
"city":"",
"country":null,
"verified":false,
"active":true,
"note":"some note",
"source":null,
"role_ids":[1,2],
"group_ids":[1,2,3,4],
}
=end
=begin
Resource:
GET /api/v1/users.json
Response:
[
{
"id": 1,
"login": "some_login1",
...
},
{
"id": 2,
"login": "some_login2",
...
}
]
Test:
curl http://localhost/api/v1/users.json -v -u #{login}:#{password}
=end
2012-04-10 14:06:46 +00:00
def index
2013-07-19 14:21:44 +00:00
# only allow customer to fetch him self
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
users = User.where( :id => current_user.id )
else
users = User.all
end
users_all = []
users.each {|user|
users_all.push User.user_data_full( user.id )
2012-04-10 14:06:46 +00:00
}
2013-07-19 14:21:44 +00:00
render :json => users_all, :status => :ok
2012-04-10 14:06:46 +00:00
end
=begin
Resource:
GET /api/v1/users/1.json
Response:
{
"id": 1,
"login": "some_login1",
...
},
Test:
curl http://localhost/api/v1/users/#{id}.json -v -u #{login}:#{password}
=end
2012-04-10 14:06:46 +00:00
def show
2013-07-19 14:21:44 +00:00
# access deny
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
if params[:id].to_i != current_user.id
response_access_deny
return
end
end
user = User.user_data_full( params[:id] )
render :json => user
2012-04-10 14:06:46 +00:00
end
=begin
Resource:
POST /api/v1/users.json
Payload:
{
"login": "some_login",
"firstname": "some firstname",
"lastname": "some lastname",
"email": "some@example.com"
}
Response:
{
"id": 1,
"login": "some_login",
...
},
Test:
curl http://localhost/api/v1/users.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
=end
2012-04-10 14:06:46 +00:00
def create
user = User.new( User.param_cleanup(params) )
begin
2013-04-21 23:03:19 +00:00
# check if it's first user
count = User.all.count()
2012-04-10 14:06:46 +00:00
# if it's a signup, add user to customer role
2013-04-21 23:03:19 +00:00
if !current_user
user.updated_by_id = 1
user.created_by_id = 1
2012-08-10 07:43:36 +00:00
# check if feature is enabled
if !Setting.get('user_create_account')
render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
return
end
2013-04-21 23:03:19 +00:00
# add first user as admin/agent and to all groups
group_ids = []
role_ids = []
if count <= 2
Role.where( :name => [ 'Admin', 'Agent'] ).each { |role|
role_ids.push role.id
}
Group.all().each { |group|
group_ids.push group.id
}
2012-08-10 07:43:36 +00:00
# everybody else will go as customer per default
2012-04-10 14:06:46 +00:00
else
role_ids.push Role.where( :name => 'Customer' ).first.id
end
user.role_ids = role_ids
user.group_ids = group_ids
# else do assignment as defined
else
if params[:role_ids]
user.role_ids = params[:role_ids]
2012-04-10 14:06:46 +00:00
end
if params[:group_ids]
user.group_ids = params[:group_ids]
end
end
2012-08-10 07:43:36 +00:00
2013-01-20 01:27:47 +00:00
# check if user already exists
if user.email
exists = User.where( :email => user.email ).first
if exists
render :json => { :error => 'User already exists!' }, :status => :unprocessable_entity
return
end
end
2012-11-06 21:43:13 +00:00
user.save
# if first user set init done
if count <= 2
Setting.create_or_update(
:title => 'System Init Done',
:name => 'system_init_done',
:area => 'Core',
:description => 'Defines if application is in init mode.',
:options => {},
:state => true,
:frontend => true
)
end
2013-01-03 10:47:39 +00:00
# send inviteation if needed / only if session exists
if params[:invite] && current_user
2012-08-10 07:43:36 +00:00
2013-01-03 09:39:33 +00:00
# generate token
token = Token.create( :action => 'PasswordReset', :user_id => user.id )
# send mail
data = {}
data[:subject] = 'Invitation to #{config.product_name} at #{config.fqdn}'
2013-01-03 10:53:11 +00:00
data[:body] = 'Hi #{user.firstname},
2013-01-03 09:39:33 +00:00
I (#{current_user.firstname} #{current_user.lastname}) invite you to #{config.product_name} - a customer support / ticket system platform.
Click on the following link and set your password:
2013-01-03 09:39:33 +00:00
#{config.http_type}://#{config.fqdn}/#password_reset_verify/#{token.name}
2013-01-03 09:39:33 +00:00
Enjoy,
2013-01-03 09:39:33 +00:00
#{current_user.firstname} #{current_user.lastname}
2013-01-03 09:39:33 +00:00
Your #{config.product_name} Team
'
2013-01-03 09:39:33 +00:00
# prepare subject & body
[:subject, :body].each { |key|
data[key.to_sym] = NotificationFactory.build(
:locale => user.locale,
2013-01-03 09:39:33 +00:00
:string => data[key.to_sym],
:objects => {
:token => token,
:user => user,
:current_user => current_user,
}
)
}
2013-01-03 09:39:33 +00:00
# send notification
NotificationFactory.send(
:recipient => user,
:subject => data[:subject],
:body => data[:body]
)
2012-04-10 14:06:46 +00:00
end
2013-01-03 09:39:33 +00:00
user_new = User.user_data_full( user.id )
render :json => user_new, :status => :created
rescue Exception => e
render :json => { :error => e.message }, :status => :unprocessable_entity
2012-04-10 14:06:46 +00:00
end
end
=begin
Resource:
PUT /api/v1/users/#{id}.json
Payload:
{
"login": "some_login",
"firstname": "some firstname",
"lastname": "some lastname",
"email": "some@example.com"
}
Response:
{
"id": 2,
"login": "some_login",
...
},
Test:
curl http://localhost/api/v1/users/2.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
=end
2012-04-10 14:06:46 +00:00
def update
2013-04-21 23:03:19 +00:00
# allow user to update him self
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
2013-07-19 14:21:44 +00:00
if params[:id] != current_user.id
response_access_deny
return
end
2013-04-21 23:03:19 +00:00
end
user = User.find( params[:id] )
2012-04-10 14:06:46 +00:00
begin
user.update_attributes( User.param_cleanup(params) )
2013-04-21 23:03:19 +00:00
# only allow Admin's and Agent's
if is_role('Admin') && is_role('Agent') && params[:role_ids]
user.role_ids = params[:role_ids]
end
2013-04-21 23:03:19 +00:00
# only allow Admin's
if is_role('Admin') && params[:group_ids]
user.group_ids = params[:group_ids]
2012-04-10 14:06:46 +00:00
end
2013-04-21 23:03:19 +00:00
# only allow Admin's and Agent's
if is_role('Admin') && is_role('Agent') && params[:organization_ids]
user.organization_ids = params[:organization_ids]
end
2013-04-21 23:03:19 +00:00
# get new data
user_new = User.user_data_full( params[:id] )
render :json => user_new, :status => :ok
rescue Exception => e
render :json => { :error => e.message }, :status => :unprocessable_entity
2012-04-10 14:06:46 +00:00
end
end
# DELETE /api/v1/users/1
2012-04-10 14:06:46 +00:00
def destroy
return if deny_if_not_role('Admin')
model_destory_render(User, params)
end
2012-04-10 14:06:46 +00:00
# GET /api/v1/users/search
def search
2012-11-14 01:05:53 +00:00
2013-07-19 14:21:44 +00:00
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
response_access_deny
return
end
# do query
2013-05-21 22:30:09 +00:00
user_all = User.search(
:query => params[:term],
:limit => params[:limit],
:current_user => current_user,
)
2012-11-14 01:05:53 +00:00
# build result list
users = []
user_all.each do |user|
realname = user.firstname.to_s + ' ' + user.lastname.to_s
if user.email && user.email.to_s != ''
realname = realname + ' <' + user.email.to_s + '>'
end
a = { :id => user.id, :label => realname, :value => realname }
users.push a
end
# return result
render :json => users
2012-04-10 14:06:46 +00:00
end
2012-04-23 06:55:16 +00:00
=begin
Resource:
POST /api/v1/users/password_reset
Payload:
{
"username": "some user name"
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/password_reset.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'
=end
2012-04-23 06:55:16 +00:00
def password_reset_send
# check if feature is enabled
if !Setting.get('user_lost_password')
render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
return
end
2012-04-23 06:55:16 +00:00
success = User.password_reset_send( params[:username] )
if success
render :json => { :message => 'ok' }, :status => :ok
else
render :json => { :message => 'failed' }, :status => :unprocessable_entity
end
end
=begin
Resource:
POST /api/v1/users/password_reset_verify
Payload:
{
"token": "SoMeToKeN",
"password" "new_password"
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/password_reset_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'
=end
2012-04-23 06:55:16 +00:00
def password_reset_verify
2012-04-23 16:59:35 +00:00
if params[:password]
2013-01-03 12:00:55 +00:00
user = User.password_reset_via_token( params[:token], params[:password] )
2012-04-23 16:59:35 +00:00
else
2013-01-03 12:00:55 +00:00
user = User.password_reset_check( params[:token] )
2012-04-23 16:59:35 +00:00
end
2013-01-03 12:00:55 +00:00
if user
render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
2012-04-23 06:55:16 +00:00
else
render :json => { :message => 'failed' }, :status => :unprocessable_entity
end
end
2013-02-10 21:38:35 +00:00
=begin
Resource:
POST /api/v1/users/password_change
2013-02-10 21:38:35 +00:00
Payload:
{
"password_old": "some_password_old",
2013-02-12 00:56:23 +00:00
"password_new": "some_password_new"
2013-02-10 21:38:35 +00:00
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new": "password_new"}'
2013-02-10 21:38:35 +00:00
=end
def password_change
# check old password
if !params[:password_old]
render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity
return
2013-02-10 21:38:35 +00:00
end
user = User.authenticate( current_user.login, params[:password_old] )
if !user
render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity
return
2013-02-10 21:38:35 +00:00
end
# set new password
if !params[:password_new]
render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity
return
2013-02-10 21:38:35 +00:00
end
user.update_attributes( :password => params[:password_new] )
render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
end
2013-02-12 00:56:23 +00:00
=begin
Resource:
PUT /api/v1/users/preferences.json
2013-02-12 00:56:23 +00:00
Payload:
{
"language": "de",
"notification": true
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/preferences.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"language": "de", "notifications": true}'
2013-02-12 00:56:23 +00:00
=end
def preferences
if !current_user
render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
return
2013-02-12 00:56:23 +00:00
end
if params[:user]
params[:user].each {|key, value|
current_user.preferences[key.to_sym] = value
}
end
current_user.save
render :json => { :message => 'ok' }, :status => :ok
end
=begin
Resource:
DELETE /api/v1/users/account.json
Payload:
{
"provider": "twitter",
"uid": 581482342942
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/account.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"provider": "twitter", "uid": 581482342942}'
=end
def account_remove
if !current_user
render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
return
end
# provider + uid to remove
if !params[:provider]
render :json => { :message => 'provider needed!' }, :status => :unprocessable_entity
return
end
if !params[:uid]
render :json => { :message => 'uid needed!' }, :status => :unprocessable_entity
return
end
# remove from database
record = Authorization.where(
:user_id => current_user.id,
:provider => params[:provider],
:uid => params[:uid],
)
if !record.first
render :json => { :message => 'No record found!' }, :status => :unprocessable_entity
return
end
record.destroy_all
render :json => { :message => 'ok' }, :status => :ok
end
2012-04-10 14:06:46 +00:00
end