change password and delete account

flurdy · May 22, 2012 · fad97ae · fad97ae
1 parent a622230
commit fad97ae
Show file tree

Hide file tree

Showing 11 changed files with 259 additions and 30 deletions.
diff --git a/app/controllers/Application.scala b/app/controllers/Application.scala
@@ -47,15 +47,6 @@ object Application extends Controller with Secured {
 
   def index = Action { implicit request =>
     Ok(views.html.index(EventController.searchForm, EventController.createForm, registerForm))
-//    flash.get("eventId") match {
-//      case None =>  {
-//        session.get("eventId") match {
-//          case None => Ok(views.html.index(EventController.searchForm, EventController.createForm, registerForm))
-//          case Some(eventId) => Redirect(routes.EventController.viewEvent(eventId.toLong)).withSession(session - "eventId")
-//        }
-//      }
-//      case Some(eventId) => Redirect(routes.EventController.viewEvent(eventId.toLong))
-//    }
   }
 
   def showLogin = Action { implicit request =>

diff --git a/app/controllers/ParticipantController.scala b/app/controllers/ParticipantController.scala
@@ -16,16 +16,6 @@ object ParticipantController extends Controller with Secured {
       "username" -> nonEmptyText(maxLength = 99),
       "fullname" -> optional(text(maxLength = 99)),
       "email" -> optional(text(maxLength = 99))
-//      "password" -> nonEmptyText(minLength = 4, maxLength = 99),
-//      "confirm" -> nonEmptyText(minLength = 4, maxLength = 99)
-//    ) verifying("Passwords does not match", fields => fields match {
-//      case (username, fullname, email, password, confirmPassword) => {
-//        password.trim == confirmPassword.trim
-//      }
-//    ) verifying("Username is already taken", fields => fields match {
-//      case (username, fullname, email, password, confirmPassword) => {
-//        !Participant.findByUsername(username.trim).isDefined
-//      }
     ) verifying("Email address is not valid", fields => fields match {
       case (username, fullname, email ) => {
         email match {
@@ -36,6 +26,18 @@ object ParticipantController extends Controller with Secured {
     })
   )
 
+  val passwordForm = Form(
+    tuple(
+      "password" -> nonEmptyText(minLength = 4, maxLength = 99),
+      "newpassword" -> nonEmptyText(minLength = 4, maxLength = 99),
+      "confirm" ->    nonEmptyText(minLength = 4, maxLength = 99)
+    ) verifying("Passwords does not match", fields => fields match {
+      case ( password, newPassword, confirmPassword) => {
+        newPassword.trim == confirmPassword.trim
+      }
+    })
+  )
+
    def viewParticipant(participantId: Long) = Action { implicit request =>
      Participant.findById(participantId).map { participant =>
        Ok(views.html.participant.viewparticipant(participant,Event.findAllEventsAsParticipantOrOrganiser(participantId),updateParticipantForm.fill((participant.username,participant.fullName,participant.email))))
@@ -58,14 +60,47 @@ object ParticipantController extends Controller with Secured {
           fullName = updatedForm._2,
           email = updatedForm._3)
           Participant.updateParticipant(updatedParticipant)
-          Redirect(routes.ParticipantController.viewParticipant(participantId));
+          Redirect(routes.ParticipantController.viewParticipant(participantId)).flashing("message" -> "Participant updated")
         }.getOrElse{
           NotFound.flashing("message" -> "Participant not found")
         }
       }
     )
   }
 
-  def deleteParticipant(participantId: Long) = TODO
+  def confirmDeleteParticipant(participantId: Long) = withParticipant { participant => implicit request =>
+    if(participant.participantId == participantId){
+      Ok(views.html.participant.deleteparticipant(participant))
+    } else {
+      Logger.warn("Participant:" + participant.participantId + " can not delete " + participantId)
+      Unauthorized.flashing("messageError"->"Can only delete your own account")
+    }
+  }
+
+  def deleteParticipant(participantId: Long) = withParticipant { participant => implicit request =>
+    if(participant.participantId == participantId){
+      Logger.info("Participant deleted:" + participantId + " | " + participant.username)
+      participant.deleteAccount
+      Redirect(routes.Application.index()).withNewSession;
+    } else {
+      Logger.warn("Participant:" + participant.participantId + " can not delete " + participantId)
+      Unauthorized.flashing("messageError"->"Can only delete your own account")
+    }
+  }
+
+  def changePassword(participantId: Long) = withParticipant { participant => implicit request =>
+    passwordForm.bindFromRequest.fold(
+      errors => {
+        Logger.warn("Bad change passwords request:"+errors)
+        BadRequest(views.html.participant.viewparticipant(participant,Event.findAllEventsAsParticipantOrOrganiser(participantId),updateParticipantForm)).flashing("messageError"->"Password change failed")
+      },
+      passwords => {
+         val newParticipant = participant.copy(password = Option(passwords._2))
+        Logger.info("Changing password for " + participantId)
+         Participant.updatePassword(newParticipant)
+        Redirect(routes.ParticipantController.viewParticipant(participantId)).flashing("message" -> "Password changed")
+      }
+    )
+  }
 
 }
diff --git a/app/models/Album.scala b/app/models/Album.scala
@@ -110,4 +110,18 @@ object Album {
     }
   }
 
+
+  def deleteAllAlbumsByEvent(eventId: Long) {
+    DB.withConnection { implicit connection =>
+      SQL(
+        """
+          DELETE FROM snapalbum
+          WHERE eventid = {eventid}
+        """
+      ).on(
+        'eventid -> eventId
+      ).execute()
+    }
+  }
+
 }
diff --git a/app/models/Event.scala b/app/models/Event.scala
@@ -171,6 +171,9 @@ object Event {
   }
 
   def deleteEvent(eventId: Long){
+    removeAllJoinRequestsByEvent(eventId)
+    removeAllParticipantsByEvent(eventId)
+    Album.deleteAllAlbumsByEvent(eventId)
     DB.withConnection { implicit connection =>
       SQL(
         """
@@ -223,7 +226,7 @@ object Event {
   }
 
 
-  private def findAllEventsByOrganiser(organiserId: Long) = {
+  def findAllEventsByOrganiser(organiserId: Long) = {
     DB.withConnection { implicit connection =>
       SQL(
         """
@@ -238,7 +241,7 @@ object Event {
     }
   }
 
-  private def findAllEventsByParticipant(participantid: Long) = {
+  def findAllEventsByParticipant(participantid: Long) = {
     DB.withConnection { implicit connection =>
       SQL(
         """
@@ -416,4 +419,68 @@ object Event {
   }
 
 
+  def removeAllJoinRequestsByParticipant(participantId: Long) {
+    DB.withConnection { implicit connection =>
+      SQL(
+        """
+          delete from eventrequests
+          where participantid = {participantid}
+        """
+      ).on(
+        'participantid -> participantId
+      ).execute()
+    }
+  }
+
+  private def removeAllJoinRequestsByEvent(eventId: Long) {
+    DB.withConnection { implicit connection =>
+      SQL(
+        """
+          delete from eventrequests
+          where eventid = {eventid}
+        """
+      ).on(
+        'eventid -> eventId
+      ).execute()
+    }
+  }
+
+
+
+  private def removeAllParticipantsByEvent(eventId: Long) {
+    DB.withConnection { implicit connection =>
+      SQL(
+        """
+          delete from eventparticipant
+          where eventid = {eventid}
+        """
+      ).on(
+        'eventid -> eventId
+      ).execute()
+    }
+  }
+
+
+
+  def removeParticipantFromAllEvents(participantId: Long) {
+//    findAllEventsByParticipant(participantId).map { event =>
+      // TODO: delete albums by participant
+//    }
+    DB.withConnection { implicit connection =>
+      SQL(
+        """
+          delete from eventparticipant
+          where participantid = {participantid}
+        """
+      ).on(
+        'participantid -> participantId
+      ).execute()
+    }
+  }
+
+  def removeAllEventsByOrganiser(participantId: Long) = {
+    findAllEventsByOrganiser(participantId).map { event =>
+      Event.deleteEvent(event.eventId)
+    }
+  }
 }
diff --git a/app/models/Participant.scala b/app/models/Participant.scala
@@ -24,6 +24,13 @@ case class Participant(
     Event.createAndSaveEvent(new Event(eventName,participantId,Participant.DateFormat.format(new java.util.Date())))
   }
 
+  def deleteAccount  {
+    Event.removeAllJoinRequestsByParticipant(participantId)
+    Event.removeParticipantFromAllEvents(participantId)
+    Event.removeAllEventsByOrganiser(participantId)
+    Participant.deleteParticipant(participantId)
+  }
+
 }
 
 
@@ -198,7 +205,6 @@ object Participant {
 
 
   def updateParticipant(participant: Participant) = {
-    Logger.info("Updating : " + participant)
     findById(participant.participantId) match {
       case Some(existingParticipant) => {
         DB.withConnection { implicit connection =>
@@ -225,5 +231,41 @@ object Participant {
   }
 
 
+  def updatePassword(participant: Participant) = {
+    findById(participant.participantId) match {
+      case Some(existingParticipant) => {
+        DB.withConnection { implicit connection =>
+          SQL(
+            """
+              UPDATE participant
+              SET password  = {password}
+              WHERE participantid = {participantid}
+            """
+          ).on(
+            'participantid -> participant.participantId,
+            'password -> participant.encryptedPassword
+          ).executeInsert()
+        }
+      }
+      case None => {
+        throw new NullPointerException("Participant not found")
+      }
+    }
+  }
+
+  def deleteParticipant(participantId: Long) {
+    Logger.info("Deleting participant: " + participantId)
+    DB.withConnection { implicit connection =>
+      SQL(
+        """
+          DELETE FROM participant
+          WHERE participantid = {participantid}
+        """
+      ).on(
+        'participantid -> participantId
+      ).execute()
+    }
+  }
+
 
 }
diff --git a/app/views/events/delete.scala.html b/app/views/events/delete.scala.html
@@ -22,7 +22,7 @@ <h3>Event: @event.eventName: </h3>
 @form(action = routes.EventController.deleteEvent(event.eventId), 'class -> "form-horizontal"){
 <div class="form-actions">
     <button type="submit" class="btn btn-danger">Delete event</button>
-    <a href="@routes.EventController.viewEvent(event.eventId)"><button type="button" class="btn">Cancel</button></a>
+    <a class="btn" href="@routes.EventController.viewEvent(event.eventId)">Cancel</a>
 </div>
 }
 

diff --git a/app/views/index.scala.html b/app/views/index.scala.html
@@ -75,10 +75,16 @@ <h3>Register participant</h3>
         </fieldset>
     }
 
+    <p class="alert alert-warning">
+        Please note this is a system in development.
+        Data may not be persisted over time.
+    </p>
 
 }
 
 
+
+
 <style>
     #jib .breadcrumb { display: none; }
 </style>

diff --git a/app/views/main.scala.html b/app/views/main.scala.html
@@ -61,7 +61,7 @@ <h1 class="fill">
                                 <li><a href="http://flurdy.com/contact/" target="_blank">Contact</a></li>
                                 <li class="login-link">
                                 @currentParticipant match {
-                                    case Some(participant) => {<a href="@routes.Application.logout" rel="nofollow">Log out: @participant.username</a>
+                                    case Some(participant) => {<a href="@routes.Application.logout" rel="nofollow">Log out</a></li><li class="login-link"><a href="@routes.ParticipantController.viewParticipant(participant.participantId)">@participant.username</a>
                                     }
                                     case None => {<a href="@routes.Application.showLogin" rel="nofollow">Log in</a></li><li class="login-link"><a href="@routes.Application.showRegister">Register</a>
                                     }

diff --git a/app/views/participant/deleteparticipant.scala.html b/app/views/participant/deleteparticipant.scala.html
@@ -0,0 +1,32 @@
+@(participant: Participant)(implicit currentParticipant: Option[Participant])
+
+@import helper._
+@import helper.twitterBootstrap._
+@import models._
+
+@main(" snaps | delete account"){
+<li>
+    <span class="divider">/</span>
+    <a href="@routes.ParticipantController.viewParticipant(participant.participantId)">Participant</a>
+</li>
+} {
+
+       <h2>Delete account</h2>
+         <br/>
+        <h3>Participant: @participant.username</h3>
+    <br/>
+    <div class="alert alert-block">
+        Please confirm you want to delete your account
+        <br/><br/>
+        Note this will also delete your albums and events
+    </div>
+
+@form(action = routes.ParticipantController.deleteParticipant(participant.participantId), 'class -> "form-horizontal"){
+<div class="form-actions">
+    <button type="submit" class="btn btn-danger">Delete account</button>
+    <a class="btn" href="@routes.ParticipantController.viewParticipant(participant.participantId)">Cancel</a>
+</div>
+}
+
+
+}