profile_editor_controller.rb
5.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
class ProfileEditorController < MyProfileController
protect 'edit_profile', :profile, :except => [:destroy_profile]
protect 'destroy_profile', :profile, :only => [:destroy_profile]
before_filter :access_welcome_page, :only => [:welcome_page]
before_filter :back_to
before_filter :forbid_destroy_profile, :only => [:destroy_profile]
before_filter :check_user_can_edit_header_footer, :only => [:header_footer]
helper_method :has_welcome_page
helper CustomFieldsHelper
include CategoriesHelper
def index
@pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
@show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance')
@show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer'))
end
helper :profile
# edits the profile info (posts back)
def edit
@profile_data = profile
@possible_domains = profile.possible_domains
if request.post?
params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
Profile.transaction do
Image.transaction do
begin
@plugins.dispatch(:profile_editor_transaction_extras)
# TODO: This is unsafe! Add sanitizer
@profile_data.update!(params[:profile_data])
redirect_to :action => 'index', :profile => profile.identifier
rescue Exception => ex
profile.identifier = params[:profile] if profile.identifier.blank?
end
end
end
end
end
def enable
@to_enable = profile
if request.post? && params[:confirmation]
unless @to_enable.update_attribute('enabled', true)
session[:notice] = _('%s was not enabled.') % @to_enable.name
end
redirect_to :action => 'index'
end
end
def disable
@to_disable = profile
if request.post? && params[:confirmation]
unless @to_disable.update_attribute('enabled', false)
session[:notice] = _('%s was not disabled.') % @to_disable.name
end
redirect_to :action => 'index'
end
end
def update_categories
@object = profile
render_categories 'profile_data'
end
def header_footer
@no_design_blocks = true
if request.post?
@profile.update_header_and_footer(params[:custom_header], params[:custom_footer])
redirect_to :action => 'index'
else
@header = boxes_holder.custom_header
@footer = boxes_holder.custom_footer
end
end
def destroy_profile
if request.post?
if @profile.destroy
session[:notice] = _('The profile was deleted.')
if(params[:return_to])
redirect_to url_for(params[:return_to])
else
redirect_to :controller => 'home'
end
else
session[:notice] = _('Could not delete profile')
end
end
end
def welcome_page
@welcome_page = profile.welcome_page || TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
if request.post?
begin
@welcome_page.update!(params[:welcome_page])
profile.welcome_page = @welcome_page
profile.save!
session[:notice] = _('Welcome page saved successfully.')
redirect_to :action => 'index'
rescue Exception => exception
session[:notice] = _('Welcome page could not be saved.')
end
end
end
def deactivate_profile
if environment.admins.include?(current_person)
profile = environment.profiles.find(params[:id])
if profile.disable
profile.save
session[:notice] = _("The profile '%s' was deactivated.") % profile.name
else
session[:notice] = _('Could not deactivate profile.')
end
end
redirect_to_previous_location
end
def activate_profile
if environment.admins.include?(current_person)
profile = environment.profiles.find(params[:id])
if profile.enable
session[:notice] = _("The profile '%s' was activated.") % profile.name
else
session[:notice] = _('Could not activate the profile.')
end
end
redirect_to_previous_location
end
def reset_private_token
profile = environment.profiles.find(params[:id])
profile.user.generate_private_token!
redirect_to_previous_location
end
protected
def redirect_to_previous_location
redirect_to @back_to
end
#TODO Consider using this as a general controller feature to be available on every action.
def back_to
@back_to = params[:back_to] || request.referer || "/"
end
private
def has_welcome_page
profile.is_template
end
def access_welcome_page
unless has_welcome_page
render_access_denied
end
end
def forbid_destroy_profile
if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
session[:notice] = _('You can not destroy the profile.')
redirect_to_previous_location
end
end
def check_user_can_edit_header_footer
user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer')
redirect_to back_to if user_can_not_edit_header_footer
end
end