2010-11-06 09:15:10 -07:00
|
|
|
class UsersController < ApplicationController
|
2025-02-16 09:32:52 -08:00
|
|
|
before_action :find_and_authorize_user!, only: [:edit, :update]
|
|
|
|
|
before_action :support_staff_only, only: [:edit]
|
2011-07-20 12:16:22 -07:00
|
|
|
|
2011-08-05 08:28:11 -07:00
|
|
|
def index # search, really
|
|
|
|
|
name = params[:name]
|
|
|
|
|
@user = User.find_by_name(name)
|
|
|
|
|
if @user
|
|
|
|
|
redirect_to user_closet_hangers_path(@user)
|
|
|
|
|
else
|
2013-01-01 19:34:30 -08:00
|
|
|
flash[:alert] = t('users.index.not_found', :name => name)
|
2011-08-05 08:28:11 -07:00
|
|
|
redirect_to root_path
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-11-06 09:15:10 -07:00
|
|
|
def top_contributors
|
|
|
|
|
@users = User.top_contributors.paginate :page => params[:page], :per_page => 20
|
|
|
|
|
end
|
2011-07-20 12:16:22 -07:00
|
|
|
|
2025-02-16 09:32:52 -08:00
|
|
|
def edit
|
|
|
|
|
end
|
|
|
|
|
|
2011-07-20 12:16:22 -07:00
|
|
|
def update
|
2023-08-06 15:56:28 -07:00
|
|
|
@user.attributes = user_params
|
|
|
|
|
success = @user.save
|
2011-07-22 11:02:04 -07:00
|
|
|
respond_to do |format|
|
|
|
|
|
format.html {
|
|
|
|
|
if success
|
2023-08-06 17:33:57 -07:00
|
|
|
flash[:notice] = t('users.update.success')
|
2011-07-22 11:02:04 -07:00
|
|
|
redirect_back! user_closet_hangers_path(@user)
|
|
|
|
|
else
|
2013-01-01 19:34:30 -08:00
|
|
|
flash[:alert] = t('users.update.invalid',
|
|
|
|
|
:errors => @user.errors.full_messages.to_sentence)
|
2011-07-22 11:02:04 -07:00
|
|
|
end
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
format.json {
|
|
|
|
|
if success
|
|
|
|
|
render :json => true
|
|
|
|
|
else
|
|
|
|
|
render :json => {:errors => @user.errors.full_messages}, :status => :unprocessable_entity
|
|
|
|
|
end
|
|
|
|
|
}
|
|
|
|
|
end
|
2011-07-20 12:16:22 -07:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
2025-02-16 09:32:52 -08:00
|
|
|
ALLOWED_ATTRS = [
|
|
|
|
|
:owned_closet_hangers_visibility,
|
|
|
|
|
:wanted_closet_hangers_visibility,
|
|
|
|
|
:contact_neopets_connection_id,
|
|
|
|
|
]
|
2023-07-29 11:07:14 -07:00
|
|
|
def user_params
|
2025-02-16 09:32:52 -08:00
|
|
|
if support_staff?
|
|
|
|
|
params.require(:user).permit(
|
|
|
|
|
*ALLOWED_ATTRS, :name, :shadowbanned, :support_staff
|
|
|
|
|
)
|
|
|
|
|
else
|
|
|
|
|
params.require(:user).permit(*ALLOWED_ATTRS)
|
|
|
|
|
end
|
2023-07-29 11:07:14 -07:00
|
|
|
end
|
|
|
|
|
|
2011-07-20 12:16:22 -07:00
|
|
|
def find_and_authorize_user!
|
2025-02-16 09:32:52 -08:00
|
|
|
@user = User.find(params[:id])
|
|
|
|
|
raise AccessDenied unless current_user == @user || support_staff?
|
2011-07-20 12:16:22 -07:00
|
|
|
end
|
2010-11-06 09:15:10 -07:00
|
|
|
end
|
2011-07-20 12:16:22 -07:00
|
|
|
|
