diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index c62b3e094..3168d9d68 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -16,9 +16,6 @@ class SessionsController < ApplicationController user = User.find_fulldata(user.id) - # do not show password - user['password'] = '' - # auto population of default collections default_collection = default_collections() @@ -98,7 +95,7 @@ class SessionsController < ApplicationController @_current_user = session[:user_id] = nil # reset session cookie (set :expire_after to '' in case remember_me is active) - request.env['rack.session.options'][:expire_after] = '' + request.env['rack.session.options'][:expire_after] = -1.year.from_now request.env['rack.session.options'][:renew] = true render :json => { } diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 5b251bb9c..c1b9234e5 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -4,26 +4,16 @@ class UsersController < ApplicationController # GET /users def index @users = User.all - - @users.each {|i| -# r = i.roles.select('id, name').where(:active => true) -# i['roles'] = r - role_ids = i.role_ids - group_ids = i.group_ids - organization_id = i.organization_id - i[:role_ids] = role_ids - i[:group_ids] = group_ids - i[:organization_id] = organization_id + @users_all = [] + @users.each {|user| + @users_all.push user_data_full( user.id ) } - - render :json => @users + render :json => @users_all end # GET /users/1 def show -# @user = User.find(params[:id]) - @user = user_data_full(params[:id]) - + @user = user_data_full( params[:id] ) render :json => @user end @@ -90,6 +80,11 @@ class UsersController < ApplicationController if params[:group_ids] @user.group_ids = params[:group_ids] end + if params[:organization_ids] + @user.organization_ids = params[:organization_ids] + end + + @user = user_data_full( params[:id] ) render :json => @user, :status => :ok else render :json => @user.errors, :status => :unprocessable_entity diff --git a/app/models/user.rb b/app/models/user.rb index a827fee1c..a55041967 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,5 +1,6 @@ class User < ApplicationModel before_create :check_name, :check_email, :check_image + before_update :check_password after_create :cache_delete after_update :cache_delete after_destroy :cache_delete @@ -15,8 +16,8 @@ class User < ApplicationModel def self.authenticate( username, password ) # do not authenticate with nothing - return if !username - return if !password + return if !username || username == '' + return if !password || password == '' # try to find user based on login user = User.where( :login => username, :active => true ).first @@ -68,6 +69,9 @@ class User < ApplicationModel user = User.find(user_id) data = user.attributes + # do not show password + user['password'] = '' + # get linked accounts data['accounts'] = {} authorizations = user.authorizations() || [] @@ -84,13 +88,15 @@ class User < ApplicationModel roles.push role } data['roles'] = roles + data['role_ids'] = user.role_ids groups = [] user.groups.select('id, name').where( :active => true ).each { |group| groups.push group } data['groups'] = groups - + data['group_ids'] = user.group_ids + organization = user.organization data['organization'] = organization @@ -99,6 +105,7 @@ class User < ApplicationModel organizations.push organization } data['organizations'] = organizations + data['organization_ids'] = user.organization_ids cache_set(user.id, data) @@ -127,4 +134,14 @@ class User < ApplicationModel end end end + def check_password + + # set old password again + if self.password == '' || !self.password + + # get current record + current = User.find(self.id) + self.password = current.password + end + end end