Class: LeanCms::UsersController

Inherits:
ApplicationController show all
Defined in:
app/controllers/lean_cms/users_controller.rb

Instance Method Summary collapse

Instance Method Details

#activateObject 



75
76
77
78
79
80
81
82
83
84
 
# File 'app/controllers/lean_cms/users_controller.rb', line 75

def activate
  authorize @user

  # Send a password reset link when activating a previously deactivated user
  magic_link = MagicLink.create_for_password_reset(@user, created_by_ip: request.remote_ip)
  UsersMailer.reactivation(@user, magic_link).deliver_later
  @user.activate!

  redirect_to lean_cms_users_path, notice: "User activated. They will receive an email to set a new password."
end

#createObject 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'app/controllers/lean_cms/users_controller.rb', line 20

def create
  @user = User.new(user_params)
  @user.active = false  # Will be activated when they set their password
  @user.password = SecureRandom.hex(32)  # Temporary password, will be replaced
  authorize @user

  if @user.save
    magic_link = MagicLink.create_for_invitation(@user, created_by_ip: request.remote_ip)
    UsersMailer.invitation(@user, magic_link).deliver_later
    redirect_to lean_cms_users_path, notice: "User invited. They will receive an email to set their password."
  else
    render :new, status: :unprocessable_entity
  end
end

#deactivateObject 



63
64
65
66
67
68
69
70
71
72
73
 
# File 'app/controllers/lean_cms/users_controller.rb', line 63

def deactivate
  authorize @user

  if @user == current_user
    redirect_to lean_cms_users_path, alert: "You cannot deactivate your own account."
    return
  end

  @user.deactivate!
  redirect_to lean_cms_users_path, notice: "User deactivated."
end

#editObject 



35
36
37
 
# File 'app/controllers/lean_cms/users_controller.rb', line 35

def edit
  authorize @user
end

#indexObject 



6
7
8
9
 
# File 'app/controllers/lean_cms/users_controller.rb', line 6

def index
  authorize User
  @users = policy_scope(User).includes(:sessions).order(created_at: :desc)
end

#newObject 



15
16
17
18
 
# File 'app/controllers/lean_cms/users_controller.rb', line 15

def new
  @user = User.new
  authorize @user
end

#send_password_resetObject 



86
87
88
89
90
91
92
93
 
# File 'app/controllers/lean_cms/users_controller.rb', line 86

def send_password_reset
  authorize @user

  magic_link = MagicLink.create_for_password_reset(@user, created_by_ip: request.remote_ip)
  UsersMailer.admin_triggered_password_reset(@user, magic_link).deliver_later

  redirect_to lean_cms_users_path, notice: "Password reset email sent to #{@user.email_address}."
end

#showObject 



11
12
13
 
# File 'app/controllers/lean_cms/users_controller.rb', line 11

def show
  authorize @user
end

#updateObject 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'app/controllers/lean_cms/users_controller.rb', line 39

def update
  authorize @user

  # Prevent non-super-admins from granting super admin or settings access
  if !current_user.is_super_admin?
    if params[:user][:is_super_admin] == "1" || params[:user][:is_super_admin] == true
      flash[:alert] = "Only super admins can grant super admin privileges."
      render :edit, status: :unprocessable_entity
      return
    end
    if params[:user][:can_access_settings] == "1" || params[:user][:can_access_settings] == true
      flash[:alert] = "Only super admins can grant settings access."
      render :edit, status: :unprocessable_entity
      return
    end
  end

  if @user.update(user_params)
    redirect_to lean_cms_users_path, notice: "User updated successfully."
  else
    render :edit, status: :unprocessable_entity
  end
end