profile_editor_controller.rb 5.18 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 
class ProfileEditorController < MyProfileController

  protect 'edit_profile', :profile, :except => [:destroy_profile]
  protect 'destroy_profile', :profile, :only => [:destroy_profile]

  before_filter :access_welcome_page, :only => [:welcome_page]
  before_filter :back_to
  before_filter :forbid_destroy_profile, :only => [:destroy_profile]
  before_filter :check_user_can_edit_header_footer, :only => [:header_footer]
  helper_method :has_welcome_page
  helper CustomFieldsHelper
  include CategoriesHelper

  def index
    @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
    @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance')
    @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer'))
  end

  helper :profile

  # edits the profile info (posts back)
  def edit
    @profile_data = profile
    @possible_domains = profile.possible_domains
    if request.post?
      params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
      Profile.transaction do
        Image.transaction do
          begin
            @plugins.dispatch(:profile_editor_transaction_extras)
            # TODO: This is unsafe! Add sanitizer
            @profile_data.update!(params[:profile_data])
            redirect_to :action => 'index', :profile => profile.identifier
          rescue Exception => ex
            profile.identifier = params[:profile] if profile.identifier.blank?
          end
        end
      end
    end
  end

  def enable
    @to_enable = profile
    if request.post? && params[:confirmation]
      unless @to_enable.update_attribute('enabled', true)
        session[:notice] = _('%s was not enabled.') % @to_enable.name
      end
      redirect_to :action => 'index'
    end
  end

  def disable
    @to_disable = profile
    if request.post? && params[:confirmation]
      unless @to_disable.update_attribute('enabled', false)
        session[:notice] = _('%s was not disabled.') % @to_disable.name
      end
      redirect_to :action => 'index'
    end
  end

  def update_categories
    @object = profile
    render_categories 'profile_data'
  end

  def header_footer
    @no_design_blocks = true
    if request.post?
      @profile.update_header_and_footer(params[:custom_header], params[:custom_footer])
      redirect_to :action => 'index'
    else
      @header = boxes_holder.custom_header
      @footer = boxes_holder.custom_footer
    end
  end

  def destroy_profile
    if request.post?
      if @profile.destroy
        session[:notice] = _('The profile was deleted.')
        if(params[:return_to])
          redirect_to url_for(params[:return_to])
        else
          redirect_to :controller => 'home'
        end
      else
        session[:notice] = _('Could not delete profile')
      end
    end
  end

  def welcome_page
    @welcome_page = profile.welcome_page || TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
    if request.post?
      begin
        @welcome_page.update!(params[:welcome_page])
        profile.welcome_page = @welcome_page
        profile.save!
        session[:notice] = _('Welcome page saved successfully.')
        redirect_to :action => 'index'
      rescue Exception => exception
        session[:notice] = _('Welcome page could not be saved.')
      end
    end
  end

  def deactivate_profile
    if environment.admins.include?(current_person)
      profile = environment.profiles.find(params[:id])
      if profile.disable
        profile.save
        session[:notice] = _("The profile '%s' was deactivated.") % profile.name
      else
        session[:notice] = _('Could not deactivate profile.')
      end
    end

    redirect_to_previous_location
  end

  def activate_profile
    if environment.admins.include?(current_person)
      profile = environment.profiles.find(params[:id])

      if profile.enable
        session[:notice] = _("The profile '%s' was activated.") % profile.name
      else
        session[:notice] = _('Could not activate the profile.')
      end
    end

    redirect_to_previous_location
  end

  def reset_private_token
    profile = environment.profiles.find(params[:id])
    profile.user.generate_private_token!

    redirect_to_previous_location
  end

  protected

  def redirect_to_previous_location
    redirect_to @back_to
  end

  #TODO Consider using this as a general controller feature to be available on every action.
  def back_to
    @back_to = params[:back_to] || request.referer || "/"
  end

  private

  def has_welcome_page
    profile.is_template
  end

  def access_welcome_page
    unless has_welcome_page
      render_access_denied
    end
  end

  def forbid_destroy_profile
    if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
      session[:notice] = _('You can not destroy the profile.')
      redirect_to_previous_location
    end
  end

  def check_user_can_edit_header_footer
    user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer')
    redirect_to back_to if user_can_not_edit_header_footer
  end
end