class UsersController < ApplicationController
before_filter :login_required, :except => [:create, :new]
# GET /users
# GET /users.xml
def index
@users = User.find(:all)
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# render new.rhtml
def new
@user = User.new
@user.addresses.build
@user.phones.build
end
# GET /users/1/edit
def edit
if (current_user.id == params[:id].to_i || current_user.admin?)
@user = User.find(params[:id])
else
flash[:notice] = "You are only allowed to edit your own profile. This attempt has been logged."
redirect_back_or_default(spaces_path(:available => 'true'))
end
end
def create
cookies.delete :auth_token
# protects against session fixation attacks, wreaks havoc with
# request forgery protection.
# uncomment at your own risk
# reset_session
@user = User.new(params[:user])
@user.save
if @user.errors.empty?
self.current_user = @user
redirect_back_or_default(spaces_path(:available => 'true'))
flash[:notice] = "Thanks for signing up!"
else
render :action => 'new'
end
end
# PUT /users/1
# PUT /users/1.xml
def update
params[:user][:existing_address_attributes] ||= {}
params[:user][:existing_phone_attributes] ||= {}
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
flash[:notice] = 'User was successfully updated.'
format.html { redirect_to(@user) }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
end
Pastie << self Blog
