New - Pastie

Language:

## mark a section (Learn more)

## users controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin class UsersController < ApplicationController before_filter :login_required # require_role :admin def new @user = User.new end def create cookies.delete :auth_token # protects against session fixation attacks, wreaks havoc with # request forgery protection. # uncomment at your own risk # reset_session params[:user][:role_ids] ||= [] @user = User.new(params[:user]) @user.save if @user.errors.empty? self.current_user = @user redirect_back_or_default('/') flash[:notice] = "Thanks for signing up!" else render :action => 'new' end end end ## new users view <%= error_messages_for :user %> <% form_for(@user) do |f| -%> <label for="login">Login</label> <%= f.text_field :login %> <label for="email">Email</label> <%= f.text_field :email %> <label for="password">Password</label> <%= f.password_field :password %> <label for="password_confirmation">Confirm Password</label> <%= f.password_field :password_confirmation %> <ul id="roles"> <% for role in Role.find(:all, :order => :name) %> <li><%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %></li> <% end %> </ul> <%= submit_tag 'Sign up' %> <% end -%> ## sessions (edit user) controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin on update action # This controller handles the login/logout function of the site. class SessionsController < ApplicationController before_filter :login_required, :except => [:new, :create] # render new.rhtml def new end def create self.current_user = User.authenticate(params[:login], params[:password]) if logged_in? if params[:remember_me] == "1" current_user.remember_me unless current_user.remember_token? cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } end redirect_back_or_default('/') flash[:notice] = "Logged in successfully" else flash[:error] = "Incorrect username and/or password" render :action => 'new' end end def destroy self.current_user.forget_me if logged_in? cookies.delete :auth_token reset_session flash[:notice] = "You have been logged out." redirect_back_or_default('/') end def edit @user = User.find(params[:id], :conditions => ["id = ?", current_user.id]) end def update params[:user][:role_ids] ||= [] @user = User.find(params[:id]) if @user.update_attributes(params[:user]) flash[:notice] = "User was successfully updated." redirect_to :action => 'edit', :id => @user else flash[:error] = 'Unsuccessful. Try again.' redirect_to :action => 'edit', :id => @user end end def change_password @user = User.find(params[:id]) return unless request.post? if (params[:password] == params[:password_confirmation]) current_user.password_confirmation = params[:password_confirmation] current_user.password = params[:password] flash[:notice] = current_user.save ? "Password changed" : "Password not changed. Try again." else flash[:error] = "Password mismatch. Try again." @old_password = params[:old_password] end end end ## sessions edit view <%= error_messages_for 'user' %> <% form_tag(:action => 'update', :id => @user) do %> <label for="user_login">Username</label> <%= text_field 'user', 'login' %> <label for="user_email">Email Address</label> <%= text_field 'user', 'email' %> <ul id="roles"> <% for role in Role.find(:all, :order => :name) %> <li><%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %></li> <% end %> </ul> <%= submit_tag 'Edit' %> <% end %> ## user.rb model class User < ActiveRecord::Base # needed this to fix Can't mass assign these protected attributes: role_ids attr_accessible :role_ids end