profile_editor_controller.rb
5.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
class ProfileEditorController < MyProfileController
  protect 'edit_profile', :profile, :except => [:destroy_profile]
  protect 'destroy_profile', :profile, :only => [:destroy_profile]
  before_filter :access_welcome_page, :only => [:welcome_page]
  before_filter :back_to
  before_filter :forbid_destroy_profile, :only => [:destroy_profile]
  before_filter :check_user_can_edit_header_footer, :only => [:header_footer]
  helper_method :has_welcome_page
  helper CustomFieldsHelper
  include CategoriesHelper
  def index
    @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
    @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance')
    @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer'))
  end
  helper :profile
  # edits the profile info (posts back)
  def edit
    @profile_data = profile
    @possible_domains = profile.possible_domains
    if request.post?
      params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
      Profile.transaction do
        Image.transaction do
          begin
            @plugins.dispatch(:profile_editor_transaction_extras)
            @profile_data.update!(params[:profile_data])
            redirect_to :action => 'index', :profile => profile.identifier
          rescue Exception => ex
            profile.identifier = params[:profile] if profile.identifier.blank?
          end
        end
      end
    end
  end
  def enable
    @to_enable = profile
    if request.post? && params[:confirmation]
      unless @to_enable.update_attribute('enabled', true)
        session[:notice] = _('%s was not enabled.') % @to_enable.name
      end
      redirect_to :action => 'index'
    end
  end
  def disable
    @to_disable = profile
    if request.post? && params[:confirmation]
      unless @to_disable.update_attribute('enabled', false)
        session[:notice] = _('%s was not disabled.') % @to_disable.name
      end
      redirect_to :action => 'index'
    end
  end
  def update_categories
    @object = profile
    render_categories 'profile_data'
  end
  def header_footer
    @no_design_blocks = true
    if request.post?
      @profile.update_header_and_footer(params[:custom_header], params[:custom_footer])
      redirect_to :action => 'index'
    else
      @header = boxes_holder.custom_header
      @footer = boxes_holder.custom_footer
    end
  end
  def destroy_profile
    if request.post?
      if @profile.destroy
        session[:notice] = _('The profile was deleted.')
        if(params[:return_to])
          redirect_to url_for(params[:return_to])
        else
          redirect_to :controller => 'home'
        end
      else
        session[:notice] = _('Could not delete profile')
      end
    end
  end
  def welcome_page
    @welcome_page = profile.welcome_page || TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
    if request.post?
      begin
        @welcome_page.update!(params[:welcome_page])
        profile.welcome_page = @welcome_page
        profile.save!
        session[:notice] = _('Welcome page saved successfully.')
        redirect_to :action => 'index'
      rescue Exception => exception
        session[:notice] = _('Welcome page could not be saved.')
      end
    end
  end
  def deactivate_profile
    if environment.admins.include?(current_person)
      profile = environment.profiles.find(params[:id])
      if profile.disable
        profile.save
        session[:notice] = _("The profile '%s' was deactivated.") % profile.name
      else
        session[:notice] = _('Could not deactivate profile.')
      end
    end
    redirect_to_previous_location
  end
  def activate_profile
    if environment.admins.include?(current_person)
      profile = environment.profiles.find(params[:id])
      if profile.enable
        session[:notice] = _("The profile '%s' was activated.") % profile.name
      else
        session[:notice] = _('Could not activate the profile.')
      end
    end
    redirect_to_previous_location
  end
  def reset_private_token
    profile = environment.profiles.find(params[:id])
    profile.user.generate_private_token!
    redirect_to_previous_location
  end
  protected
  def redirect_to_previous_location
    redirect_to @back_to
  end
  #TODO Consider using this as a general controller feature to be available on every action.
  def back_to
    @back_to = params[:back_to] || request.referer || "/"
  end
  private
  def has_welcome_page
    profile.is_template
  end
  def access_welcome_page
    unless has_welcome_page
      render_access_denied
    end
  end
  def forbid_destroy_profile
    if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
      session[:notice] = _('You can not destroy the profile.')
      redirect_to_previous_location
    end
  end
  def check_user_can_edit_header_footer
    user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer')
    redirect_to back_to if user_can_not_edit_header_footer
  end
end