/
users_controller.rb
145 lines (118 loc) · 4.53 KB
/
users_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# frozen_string_literal: true
module Spree
module Admin
class UsersController < ::Admin::ResourceController
helper I18nHelper
rescue_from Spree::User::DestroyWithOrdersError, with: :user_destroy_with_orders_error
after_action :sign_in_if_change_own_password, only: :update
# http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
before_action :check_json_authenticity, only: :index
before_action :load_roles, only: [:edit, :new, :update, :create,
:generate_api_key, :clear_api_key]
def index
respond_with(@collection) do |format|
format.html
format.json { render json: json_data }
end
end
def create
if params[:user]
roles = params[:user].delete("spree_role_ids")
end
@user = Spree::User.new(user_params)
if @user.save
if roles
@user.spree_roles = roles.compact_blank.collect{ |r| Spree::Role.find(r) }
end
flash[:success] = Spree.t(:created_successfully)
redirect_to edit_admin_user_path(@user)
else
render :new
end
end
def update
if params[:user]
roles = params[:user].delete("spree_role_ids")
end
if @user.update(user_params)
if roles
@user.spree_roles = roles.compact_blank.collect{ |r| Spree::Role.find(r) }
end
flash[:success] = update_message
redirect_to edit_admin_user_path(@user)
else
render :edit
end
end
protected
def collection
return @collection if @collection.present?
if request.xhr? && params[:q].present?
@collection = Spree::User.
includes(:bill_address, :ship_address).
where("spree_users.email #{LIKE} :search
OR (spree_addresses.firstname #{LIKE} :search
AND spree_addresses.id = spree_users.bill_address_id)
OR (spree_addresses.lastname #{LIKE} :search
AND spree_addresses.id = spree_users.bill_address_id)
OR (spree_addresses.firstname #{LIKE} :search
AND spree_addresses.id = spree_users.ship_address_id)
OR (spree_addresses.lastname #{LIKE} :search
AND spree_addresses.id = spree_users.ship_address_id)",
search: "#{params[:q].strip}%").
limit(params[:limit] || 100)
else
@search = Spree::User.ransack(params[:q])
@pagy, @collection = pagy(@search.result, items: Spree::Config[:admin_products_per_page])
@collection
end
end
private
def update_message
return Spree.t(:show_api_key_view_toggled) if @user.show_api_key_view_previously_changed?
if new_email_unconfirmed?
Spree.t(:email_updated)
else
Spree.t(:account_updated)
end
end
# handling raise from Admin::ResourceController#destroy
def user_destroy_with_orders_error
render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)
end
# Allow different formats of json data to suit different ajax calls
def json_data
json_format = params[:json_format] || 'default'
case json_format
when 'basic'
collection.map { |u| { 'id' => u.id, 'name' => u.email } }.to_json
else
address_fields = [:firstname, :lastname, :address1, :address2, :city,
:zipcode, :phone, :state_name, :state_id, :country_id]
includes = { only: address_fields, include: { state: { only: :name },
country: { only: :name } } }
collection.to_json(only: [:id, :email], include:
{ bill_address: includes, ship_address: includes })
end
end
def sign_in_if_change_own_password
return unless spree_current_user == @user && @user.password.present?
sign_in(@user, event: :authentication, bypass: true)
end
def load_roles
@roles = Spree::Role.where(nil)
end
def new_email_unconfirmed?
params[:user][:email] != @user.email
end
def build_resource
model_class.new(locale: I18n.default_locale)
end
def user_params
::PermittedAttributes::User.new(params).call(
%i[enterprise_limit show_api_key_view]
)
end
end
end
end