Joseph Mastey
8b2f93516d
currently this is flagged manually in one place, but there's no reason not to let the user model handle it. this way, you can update your user model from a console or some other area without accidentally changing your password.
58 lines
1.5 KiB
Ruby
Executable File
58 lines
1.5 KiB
Ruby
Executable File
class UsersController < ApplicationController
|
|
skip_before_action :has_info
|
|
skip_before_action :authenticated, :only => [:new, :create]
|
|
|
|
def new
|
|
@user = User.new
|
|
end
|
|
|
|
def create
|
|
user = User.new(user_params)
|
|
if user.save
|
|
session[:user_id] = user.user_id
|
|
redirect_to home_dashboard_index_path
|
|
else
|
|
@user = user
|
|
flash[:error] = user.errors.full_messages.to_sentence
|
|
redirect_to :signup
|
|
end
|
|
end
|
|
|
|
def account_settings
|
|
@user = current_user
|
|
end
|
|
|
|
def update
|
|
message = false
|
|
|
|
user = User.where("user_id = '#{params[:user][:user_id]}'")[0]
|
|
|
|
if user
|
|
user.skip_user_id_assign = true
|
|
user.update_attributes(user_params_without_password)
|
|
if params[:user][:password].present? && (params[:user][:password] == params[:user][:password_confirmation])
|
|
user.password = params[:user][:password]
|
|
end
|
|
message = true if user.save!
|
|
respond_to do |format|
|
|
format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }
|
|
format.json { render :json => {:msg => message ? "success" : "false "} }
|
|
end
|
|
else
|
|
flash[:error] = "Could not update user!"
|
|
redirect_to user_account_settings_path(:user_id => current_user.user_id)
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def user_params
|
|
params.require(:user).permit!
|
|
end
|
|
|
|
# unpermitted attributes are ignored in production
|
|
def user_params_without_password
|
|
params.require(:user).permit(:email, :admin, :first_name, :last_name)
|
|
end
|
|
end
|