2014-02-03 19:24:49 +00:00
|
|
|
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class UsersController < ApplicationController
|
2012-04-23 06:55:16 +00:00
|
|
|
before_filter :authentication_check, :except => [:create, :password_reset_send, :password_reset_verify]
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
Format:
|
|
|
|
JSON
|
|
|
|
|
|
|
|
Example:
|
|
|
|
{
|
|
|
|
"id":2,
|
|
|
|
"organization_id":null,
|
|
|
|
"login":"m@edenhofer.de",
|
|
|
|
"firstname":"Marti",
|
|
|
|
"lastname":"Ede",
|
|
|
|
"email":"m@edenhofer.de",
|
2013-11-19 10:04:46 +00:00
|
|
|
"image_source":"http://www.gravatar.com/avatar/1c38b099f2344976005de69965733465?s=48",
|
2012-09-20 12:08:02 +00:00
|
|
|
"web":"http://127.0.0.1",
|
|
|
|
"password":"123",
|
|
|
|
"phone":"112",
|
|
|
|
"fax":"211",
|
|
|
|
"mobile":"",
|
|
|
|
"street":"",
|
|
|
|
"zip":"",
|
|
|
|
"city":"",
|
|
|
|
"country":null,
|
|
|
|
"verified":false,
|
|
|
|
"active":true,
|
|
|
|
"note":"some note",
|
|
|
|
"source":null,
|
|
|
|
"role_ids":[1,2],
|
|
|
|
"group_ids":[1,2,3,4],
|
|
|
|
}
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
GET /api/v1/users.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Response:
|
|
|
|
[
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"login": "some_login1",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": 2,
|
|
|
|
"login": "some_login2",
|
|
|
|
...
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users.json -v -u #{login}:#{password}
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def index
|
2013-07-19 14:21:44 +00:00
|
|
|
|
|
|
|
# only allow customer to fetch him self
|
|
|
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
|
|
|
users = User.where( :id => current_user.id )
|
|
|
|
else
|
|
|
|
users = User.all
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
users_all = []
|
|
|
|
users.each {|user|
|
2014-08-13 11:32:43 +00:00
|
|
|
users_all.push User.lookup( :id => user.id ).attributes_with_associations
|
2012-04-10 14:06:46 +00:00
|
|
|
}
|
2013-07-19 14:21:44 +00:00
|
|
|
render :json => users_all, :status => :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
GET /api/v1/users/1.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"login": "some_login1",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/#{id}.json -v -u #{login}:#{password}
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def show
|
2013-07-19 14:21:44 +00:00
|
|
|
|
|
|
|
# access deny
|
2014-12-01 07:32:35 +00:00
|
|
|
return if !permission_check
|
2014-08-13 00:12:38 +00:00
|
|
|
|
|
|
|
if params[:full]
|
|
|
|
full = User.full( params[:id] )
|
|
|
|
render :json => full
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
user = User.find( params[:id] )
|
2012-09-20 12:08:02 +00:00
|
|
|
render :json => user
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"login": "some_login",
|
|
|
|
"firstname": "some firstname",
|
|
|
|
"lastname": "some lastname",
|
|
|
|
"email": "some@example.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"login": "some_login",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def create
|
2012-09-20 12:08:02 +00:00
|
|
|
user = User.new( User.param_cleanup(params) )
|
2013-01-08 00:43:07 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
begin
|
2013-04-21 23:03:19 +00:00
|
|
|
# check if it's first user
|
|
|
|
count = User.all.count()
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-04-12 11:27:01 +00:00
|
|
|
# if it's a signup, add user to customer role
|
2013-04-21 23:03:19 +00:00
|
|
|
if !current_user
|
|
|
|
user.updated_by_id = 1
|
|
|
|
user.created_by_id = 1
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-01-08 00:43:07 +00:00
|
|
|
# check if feature is enabled
|
|
|
|
if !Setting.get('user_create_account')
|
|
|
|
render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2013-04-21 23:03:19 +00:00
|
|
|
# add first user as admin/agent and to all groups
|
2012-04-13 13:51:10 +00:00
|
|
|
group_ids = []
|
|
|
|
role_ids = []
|
2012-04-12 11:27:01 +00:00
|
|
|
if count <= 2
|
2012-04-13 13:51:10 +00:00
|
|
|
Role.where( :name => [ 'Admin', 'Agent'] ).each { |role|
|
|
|
|
role_ids.push role.id
|
|
|
|
}
|
|
|
|
Group.all().each { |group|
|
|
|
|
group_ids.push group.id
|
|
|
|
}
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
# everybody else will go as customer per default
|
2012-04-10 14:06:46 +00:00
|
|
|
else
|
2012-04-12 11:27:01 +00:00
|
|
|
role_ids.push Role.where( :name => 'Customer' ).first.id
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
user.role_ids = role_ids
|
|
|
|
user.group_ids = group_ids
|
2012-04-12 11:27:01 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
# else do assignment as defined
|
2012-04-12 11:27:01 +00:00
|
|
|
else
|
2014-12-01 07:32:35 +00:00
|
|
|
|
|
|
|
# permission check by role
|
|
|
|
return if !permission_check_by_role
|
|
|
|
|
2012-04-12 11:27:01 +00:00
|
|
|
if params[:role_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.role_ids = params[:role_ids]
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-12 11:27:01 +00:00
|
|
|
if params[:group_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.group_ids = params[:group_ids]
|
2012-04-12 11:27:01 +00:00
|
|
|
end
|
|
|
|
end
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-01-20 01:27:47 +00:00
|
|
|
# check if user already exists
|
|
|
|
if user.email
|
|
|
|
exists = User.where( :email => user.email ).first
|
|
|
|
if exists
|
|
|
|
render :json => { :error => 'User already exists!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-06 21:43:13 +00:00
|
|
|
user.save
|
|
|
|
|
2014-11-04 09:06:41 +00:00
|
|
|
# if first user was added, set system init done
|
2013-03-19 00:46:49 +00:00
|
|
|
if count <= 2
|
2014-11-04 09:06:41 +00:00
|
|
|
Setting.set( 'system_init_done', true )
|
2013-03-19 00:46:49 +00:00
|
|
|
end
|
|
|
|
|
2013-01-03 10:47:39 +00:00
|
|
|
# send inviteation if needed / only if session exists
|
|
|
|
if params[:invite] && current_user
|
2012-08-10 07:43:36 +00:00
|
|
|
|
2013-01-03 09:39:33 +00:00
|
|
|
# generate token
|
|
|
|
token = Token.create( :action => 'PasswordReset', :user_id => user.id )
|
|
|
|
|
|
|
|
# send mail
|
|
|
|
data = {}
|
|
|
|
data[:subject] = 'Invitation to #{config.product_name} at #{config.fqdn}'
|
2013-01-03 10:53:11 +00:00
|
|
|
data[:body] = 'Hi #{user.firstname},
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2014-10-22 21:00:11 +00:00
|
|
|
I (#{current_user.firstname} #{current_user.lastname}) invite you to #{config.product_name} - the customer support / ticket system platform.
|
2013-06-12 15:59:58 +00:00
|
|
|
|
|
|
|
Click on the following link and set your password:
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
#{config.http_type}://#{config.fqdn}/#password_reset_verify/#{token.name}
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Enjoy,
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
#{current_user.firstname} #{current_user.lastname}
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
Your #{config.product_name} Team
|
|
|
|
'
|
2013-01-03 09:39:33 +00:00
|
|
|
|
|
|
|
# prepare subject & body
|
|
|
|
[:subject, :body].each { |key|
|
|
|
|
data[key.to_sym] = NotificationFactory.build(
|
2013-01-04 14:28:55 +00:00
|
|
|
:locale => user.locale,
|
2013-01-03 09:39:33 +00:00
|
|
|
:string => data[key.to_sym],
|
|
|
|
:objects => {
|
|
|
|
:token => token,
|
|
|
|
:user => user,
|
|
|
|
:current_user => current_user,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
}
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2013-01-03 09:39:33 +00:00
|
|
|
# send notification
|
|
|
|
NotificationFactory.send(
|
|
|
|
:recipient => user,
|
|
|
|
:subject => data[:subject],
|
|
|
|
:body => data[:body]
|
|
|
|
)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2013-01-03 09:39:33 +00:00
|
|
|
|
2014-08-13 00:12:38 +00:00
|
|
|
user_new = User.find( user.id )
|
2012-10-16 09:46:22 +00:00
|
|
|
render :json => user_new, :status => :created
|
2012-09-20 12:08:02 +00:00
|
|
|
rescue Exception => e
|
|
|
|
render :json => { :error => e.message }, :status => :unprocessable_entity
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
PUT /api/v1/users/#{id}.json
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"login": "some_login",
|
|
|
|
"firstname": "some firstname",
|
|
|
|
"lastname": "some lastname",
|
|
|
|
"email": "some@example.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
"id": 2,
|
|
|
|
"login": "some_login",
|
|
|
|
...
|
|
|
|
},
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/2.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def update
|
2013-04-21 23:03:19 +00:00
|
|
|
|
2014-12-01 07:32:35 +00:00
|
|
|
# access deny
|
|
|
|
return if !permission_check
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
user = User.find( params[:id] )
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
begin
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
user.update_attributes( User.param_cleanup(params) )
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# only allow Admin's and Agent's
|
|
|
|
if is_role('Admin') && is_role('Agent') && params[:role_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.role_ids = params[:role_ids]
|
2012-04-12 11:27:01 +00:00
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# only allow Admin's
|
|
|
|
if is_role('Admin') && params[:group_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.group_ids = params[:group_ids]
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# only allow Admin's and Agent's
|
|
|
|
if is_role('Admin') && is_role('Agent') && params[:organization_ids]
|
2012-09-20 12:08:02 +00:00
|
|
|
user.organization_ids = params[:organization_ids]
|
2012-04-20 15:39:50 +00:00
|
|
|
end
|
2013-04-21 23:03:19 +00:00
|
|
|
|
|
|
|
# get new data
|
2014-08-13 00:12:38 +00:00
|
|
|
user_new = User.find( params[:id] )
|
2012-10-16 09:46:22 +00:00
|
|
|
render :json => user_new, :status => :ok
|
2012-09-20 12:08:02 +00:00
|
|
|
rescue Exception => e
|
|
|
|
render :json => { :error => e.message }, :status => :unprocessable_entity
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-08-06 22:10:28 +00:00
|
|
|
# DELETE /api/v1/users/1
|
2012-04-10 14:06:46 +00:00
|
|
|
def destroy
|
2013-07-23 16:45:28 +00:00
|
|
|
return if deny_if_not_role('Admin')
|
2012-09-20 12:08:02 +00:00
|
|
|
model_destory_render(User, params)
|
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2013-08-06 22:10:28 +00:00
|
|
|
# GET /api/v1/users/search
|
2012-09-20 12:08:02 +00:00
|
|
|
def search
|
2012-11-14 01:05:53 +00:00
|
|
|
|
2013-07-19 14:21:44 +00:00
|
|
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
|
|
|
response_access_deny
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-09-24 23:12:23 +00:00
|
|
|
query_params = {
|
2013-05-21 22:30:09 +00:00
|
|
|
:query => params[:term],
|
|
|
|
:limit => params[:limit],
|
|
|
|
:current_user => current_user,
|
2014-09-24 23:12:23 +00:00
|
|
|
}
|
|
|
|
if params[:role_ids] && !params[:role_ids].empty?
|
|
|
|
query_params[:role_ids] = params[:role_ids]
|
|
|
|
end
|
|
|
|
|
|
|
|
# do query
|
|
|
|
user_all = User.search(query_params)
|
2012-11-14 01:05:53 +00:00
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
# build result list
|
2014-09-24 23:12:23 +00:00
|
|
|
if !params[:full]
|
|
|
|
users = []
|
|
|
|
user_all.each { |user|
|
|
|
|
realname = user.firstname.to_s + ' ' + user.lastname.to_s
|
|
|
|
if user.email && user.email.to_s != ''
|
|
|
|
realname = realname + ' <' + user.email.to_s + '>'
|
|
|
|
end
|
|
|
|
a = { :id => user.id, :label => realname, :value => realname }
|
|
|
|
users.push a
|
|
|
|
}
|
|
|
|
|
|
|
|
# return result
|
|
|
|
render :json => users
|
|
|
|
return
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
|
2014-09-24 23:12:23 +00:00
|
|
|
user_ids = []
|
|
|
|
assets = {}
|
|
|
|
user_all.each { |user|
|
|
|
|
assets = user.assets(assets)
|
|
|
|
user_ids.push user.id
|
|
|
|
}
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
# return result
|
2014-09-24 23:12:23 +00:00
|
|
|
render :json => {
|
|
|
|
:assets => assets,
|
2014-10-09 19:54:02 +00:00
|
|
|
:user_ids => user_ids.uniq,
|
2014-09-24 23:12:23 +00:00
|
|
|
}
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-23 06:55:16 +00:00
|
|
|
|
2013-10-21 19:00:58 +00:00
|
|
|
# GET /api/v1/users/history/1
|
|
|
|
def history
|
|
|
|
|
|
|
|
# permissin check
|
|
|
|
if !is_role('Admin') && !is_role('Agent')
|
|
|
|
response_access_deny
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# get user data
|
|
|
|
user = User.find( params[:id] )
|
|
|
|
|
|
|
|
# get history of user
|
|
|
|
history = user.history_get(true)
|
|
|
|
|
|
|
|
# return result
|
|
|
|
render :json => history
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_reset
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"username": "some user name"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/password_reset.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
def password_reset_send
|
2013-01-08 00:43:07 +00:00
|
|
|
|
|
|
|
# check if feature is enabled
|
|
|
|
if !Setting.get('user_lost_password')
|
|
|
|
render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
success = User.password_reset_send( params[:username] )
|
|
|
|
if success
|
|
|
|
render :json => { :message => 'ok' }, :status => :ok
|
|
|
|
else
|
|
|
|
render :json => { :message => 'failed' }, :status => :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_reset_verify
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"token": "SoMeToKeN",
|
|
|
|
"password" "new_password"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/password_reset_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
def password_reset_verify
|
2012-04-23 16:59:35 +00:00
|
|
|
if params[:password]
|
2013-01-03 12:00:55 +00:00
|
|
|
user = User.password_reset_via_token( params[:token], params[:password] )
|
2012-04-23 16:59:35 +00:00
|
|
|
else
|
2013-01-03 12:00:55 +00:00
|
|
|
user = User.password_reset_check( params[:token] )
|
2012-04-23 16:59:35 +00:00
|
|
|
end
|
2013-01-03 12:00:55 +00:00
|
|
|
if user
|
|
|
|
render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
|
2012-04-23 06:55:16 +00:00
|
|
|
else
|
|
|
|
render :json => { :message => 'failed' }, :status => :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-02-10 21:38:35 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_change
|
2013-02-10 21:38:35 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"password_old": "some_password_old",
|
2013-02-12 00:56:23 +00:00
|
|
|
"password_new": "some_password_new"
|
2013-02-10 21:38:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new": "password_new"}'
|
2013-02-10 21:38:35 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def password_change
|
|
|
|
|
|
|
|
# check old password
|
|
|
|
if !params[:password_old]
|
|
|
|
render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
user = User.authenticate( current_user.login, params[:password_old] )
|
|
|
|
if !user
|
|
|
|
render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# set new password
|
|
|
|
if !params[:password_new]
|
|
|
|
render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
user.update_attributes( :password => params[:password_new] )
|
|
|
|
render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
|
|
|
|
end
|
|
|
|
|
2013-02-12 00:56:23 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
PUT /api/v1/users/preferences.json
|
2013-02-12 00:56:23 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"language": "de",
|
|
|
|
"notification": true
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/preferences.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"language": "de", "notifications": true}'
|
2013-02-12 00:56:23 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def preferences
|
|
|
|
if !current_user
|
|
|
|
render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 00:56:23 +00:00
|
|
|
end
|
|
|
|
if params[:user]
|
|
|
|
params[:user].each {|key, value|
|
|
|
|
current_user.preferences[key.to_sym] = value
|
|
|
|
}
|
|
|
|
end
|
|
|
|
current_user.save
|
|
|
|
render :json => { :message => 'ok' }, :status => :ok
|
|
|
|
end
|
|
|
|
|
2013-02-12 22:37:04 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
DELETE /api/v1/users/account.json
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"provider": "twitter",
|
|
|
|
"uid": 581482342942
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2013-08-06 22:10:28 +00:00
|
|
|
curl http://localhost/api/v1/users/account.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"provider": "twitter", "uid": 581482342942}'
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def account_remove
|
|
|
|
if !current_user
|
|
|
|
render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# provider + uid to remove
|
|
|
|
if !params[:provider]
|
|
|
|
render :json => { :message => 'provider needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
if !params[:uid]
|
|
|
|
render :json => { :message => 'uid needed!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# remove from database
|
|
|
|
record = Authorization.where(
|
|
|
|
:user_id => current_user.id,
|
|
|
|
:provider => params[:provider],
|
|
|
|
:uid => params[:uid],
|
|
|
|
)
|
|
|
|
if !record.first
|
|
|
|
render :json => { :message => 'No record found!' }, :status => :unprocessable_entity
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
record.destroy_all
|
|
|
|
render :json => { :message => 'ok' }, :status => :ok
|
|
|
|
end
|
|
|
|
|
2013-11-02 21:32:00 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
GET /api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7
|
|
|
|
|
|
|
|
Response:
|
|
|
|
<IMAGE>
|
|
|
|
|
|
|
|
Test:
|
|
|
|
curl http://localhost/api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7 -v -u #{login}:#{password}
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def image
|
|
|
|
|
|
|
|
# cache image
|
2014-12-01 07:32:35 +00:00
|
|
|
response.headers['Expires'] = 1.year.from_now.httpdate
|
|
|
|
response.headers['Cache-Control'] = 'cache, store, max-age=31536000, must-revalidate'
|
|
|
|
response.headers['Pragma'] = 'cache'
|
2013-11-02 21:32:00 +00:00
|
|
|
|
2014-12-01 07:32:35 +00:00
|
|
|
file = Avatar.get_by_hash( params[:hash] )
|
|
|
|
if file
|
2014-07-27 11:40:42 +00:00
|
|
|
send_data(
|
2014-12-01 07:32:35 +00:00
|
|
|
file.content,
|
|
|
|
:filename => file.filename,
|
|
|
|
:type => file.preferences['Content-Type'] || file.preferences['Mime-Type'],
|
2014-07-27 11:40:42 +00:00
|
|
|
:disposition => 'inline'
|
|
|
|
)
|
|
|
|
return
|
2013-11-02 21:32:00 +00:00
|
|
|
end
|
|
|
|
|
2014-12-01 07:32:35 +00:00
|
|
|
# serve default image
|
|
|
|
image = 'R0lGODdhMAAwAOMAAMzMzJaWlr6+vqqqqqOjo8XFxbe3t7GxsZycnAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAMAAwAAAEcxDISau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru98TwuAA+KQAQqJK8EAgBAgMEqmkzUgBIeSwWGZtR5XhSqAULACCoGCJGwlm1MGQrq9RqgB8fm4ZTUgDBIEcRR9fz6HiImKi4yNjo+QkZKTlJWWkBEAOw=='
|
|
|
|
send_data(
|
|
|
|
Base64.decode64(image),
|
|
|
|
:filename => 'image.gif',
|
|
|
|
:type => 'image/gif',
|
|
|
|
:disposition => 'inline'
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
POST /api/v1/users/avatar
|
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"avatar_full": "base64 url",
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
|
|
|
curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"avatar": "base64 url"}'
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def avatar_new
|
|
|
|
return if !valid_session_with_user
|
|
|
|
|
|
|
|
# get & validate image
|
|
|
|
file_full = StaticAssets.data_url_attributes( params[:avatar_full] )
|
|
|
|
file_resize = StaticAssets.data_url_attributes( params[:avatar_resize] )
|
|
|
|
|
|
|
|
avatar = Avatar.add(
|
|
|
|
:object => 'User',
|
|
|
|
:o_id => current_user.id,
|
|
|
|
:full => {
|
|
|
|
:content => file_full[:content],
|
|
|
|
:mime_type => file_full[:mime_type],
|
|
|
|
},
|
|
|
|
:resize => {
|
|
|
|
:content => file_resize[:content],
|
|
|
|
:mime_type => file_resize[:mime_type],
|
|
|
|
},
|
|
|
|
:source => 'upload ' + Time.now.to_s,
|
|
|
|
:deletable => true,
|
|
|
|
)
|
|
|
|
|
|
|
|
# update user link
|
|
|
|
current_user.update_attributes( :image => avatar.store_hash )
|
|
|
|
|
|
|
|
render :json => { :avatar => avatar }, :status => :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
def avatar_set_default
|
|
|
|
return if !valid_session_with_user
|
|
|
|
|
|
|
|
# get & validate image
|
|
|
|
if !params[:id]
|
|
|
|
render :json => { :message => 'No id of avatar!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# set as default
|
|
|
|
avatar = Avatar.set_default( 'User', current_user.id, params[:id] )
|
|
|
|
|
|
|
|
# update user link
|
|
|
|
current_user.update_attributes( :image => avatar.store_hash )
|
|
|
|
|
|
|
|
render :json => {}, :status => :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
def avatar_destroy
|
|
|
|
return if !valid_session_with_user
|
|
|
|
|
|
|
|
# get & validate image
|
|
|
|
if !params[:id]
|
|
|
|
render :json => { :message => 'No id of avatar!' }, :status => :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# remove avatar
|
|
|
|
Avatar.remove_one( 'User', current_user.id, params[:id] )
|
|
|
|
|
|
|
|
# update user link
|
|
|
|
avatar = Avatar.get_default( 'User', current_user.id )
|
|
|
|
current_user.update_attributes( :image => avatar.store_hash )
|
|
|
|
|
|
|
|
render :json => {}, :status => :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
def avatar_list
|
|
|
|
return if !valid_session_with_user
|
|
|
|
|
|
|
|
# list of avatars
|
|
|
|
result = Avatar.list( 'User', current_user.id )
|
|
|
|
render :json => { :avatars => result }, :status => :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def permission_check_by_role
|
|
|
|
return true if is_role('Admin')
|
|
|
|
return true if is_role('Agent')
|
|
|
|
|
|
|
|
response_access_deny
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
def permission_check
|
|
|
|
return true if is_role('Admin')
|
|
|
|
return true if is_role('Agent')
|
|
|
|
|
|
|
|
# allow to update customer by him self
|
|
|
|
return true if is_role('Customer') && params[:id].to_i == current_user.id
|
|
|
|
|
|
|
|
response_access_deny
|
|
|
|
return false
|
2013-11-02 21:32:00 +00:00
|
|
|
end
|
|
|
|
|
2014-12-01 07:32:35 +00:00
|
|
|
end
|