root/app/controllers/account_controller.rb @ 4

#Generated by LoginGenerator: 
#  http://wiki.rubyonrails.org/rails/pages/LoginGenerator
class AccountController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  include AuthenticatedSystem
  # If you want "remember me" functionality, add this before_filter to Application Controller
  before_filter :login_from_cookie
  before_filter :login_required, :only => [:manage, :change_email, :modify]
    
  def index
    return unless request.post?
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
           if params[:remember_me] == "1"
        self.current_user.remember_me
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      redirect_back_or_default( '/'  )
      flash[:notice] = "Logged in successfully"
    end   
  end

  def login
    return unless request.post?
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        self.current_user.remember_me
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      redirect_back_or_default(:controller => '/account', :action => 'index')
      flash[:notice] = "Logged in successfully"
    end
  end

  def signup
        usercount = User.count
                
    if ((usercount != 0) && !(logged_in?))
        redirect_to :action => 'login'
    else
            @user = User.new(params[:user])
            return unless request.post?
            @user.save!
            self.current_user = @user
            redirect_back_or_default(:controller => '/account', :action => 'index')
            flash[:notice] = "Thanks for signing up!"
    end 
          rescue ActiveRecord::RecordInvalid
            render :action => 'signup'
  end
  
  def logout
    self.current_user.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_back_or_default(:controller => '/account', :action => 'index')
  end
  
  def manage
        if User.find_by_id(session[:user]).roles.include?("admin")
                @users = User.find(:all)
        else
                redirect_to :action => 'overview'
        end
  end
  
  def overview
        @user = User.find_by_id(session[:user])
  end
  
  def modify
        @user = User.find(params[:id])
        render :partial => 'form'
  end
  
  def reset_password
        @user = User.find(params[:id])
        if ( (User.find_by_id(session[:user]).login == @user.login) || ( 
                  User.find_by_id(session[:user]).roles.include?("admin")) )
                render :partial => 'change_password'
        else
                render :inline => '<h2 style="background-color: #333; color: white;">No Access</h2>'
        end
  end
  
  def change_email
        @user = User.find(params[:id])
                render :partial => 'change_email'
  end
  
  def update
          @user = User.find(params[:id])
        
      respond_to do |format|
      if @user.update_attributes(params[:user])
        #Regular Display      
        flash[:notice] = 'User was successfully updated.'
        format.html { redirect_to(:action => 'manage') }
        format.xml  { head :ok }
      end       
        end
  end
  
  def destroy
        if !permission_required :admin
                return
        end
        
    @user = User.find(params[:id])
    @user.destroy

    respond_to do |format|
      format.html { redirect_to(:action => 'manage') }
      format.xml  { head :ok }
    end
  end
end