Permalink
Browse files

enabled automated Flickr ID lookup from screenname and authentication…

… once access is granted
  • Loading branch information...
1 parent 4041e1b commit a54ddbe3cd6ac8a5aef9e4274ebb30acd0071d97 @stevenhaddox committed Oct 23, 2009
View
12 app/controllers/application_controller.rb
@@ -1,5 +1,6 @@
class ApplicationController < ActionController::Base
include Twitter::AuthenticationHelpers
+ before_filter :check_flickr_auth
helper :all # include all helpers, all the time
protect_from_forgery # See ActionController::RequestForgeryProtection for details
@@ -12,7 +13,16 @@ class ApplicationController < ActionController::Base
private
def force_sign_in(exception)
reset_session
- flash[:error] = 'Seems your credentials are not good anymore. Please sign in again.'
+ flash[:error] = 'Seems your credentials have expired or are invalid. Please sign in again.'
redirect_to new_session_path
end
+
+ # make sure that any authenticated in user has authenticated with flickr
+ def check_flickr_auth
+ return unless current_user
+ exempt_controllers = ['sessions','users']
+ unless current_user.flickr_token && current_user.flickr_user_id
+ redirect_to edit_user_path(current_user) unless exempt_controllers.include?(params[:controller])
+ end
+ end
end
View
76 app/controllers/users_controller.rb
@@ -1,55 +1,95 @@
class UsersController < ApplicationController
before_filter :authenticate, :except => [:index, :show]
+ before_filter :get_user, :only => [:show, :edit, :update]
+ before_filter :set_flickr, :only => [:show, :edit, :update, :flickr_callback]
+ before_filter :check_flickr_auth, :except => [:new, :create, :edit, :update, :flickr_callback]
skip_before_filter :verify_authenticity_token, :only => [:create]
def index
@users = User.all
end
def show
- @user = User.find_by_twitter_username(params[:twitter_username])
- unless @user.flickr_token
- redirect_to edit_user_path
- end
end
def new
@user = User.new
end
def edit
- @user = User.find_by_twitter_username(params[:twitter_username])
- if edit_self? != true
+ if self? != true
flash[:error] = "Editing another user's profile is not allowed."
- redirect_to users_path
+ redirect_to users_path and return false
end
- @flickr = Flickr.new(FLICKR) # FLICKR.merge(:token => flickr_token)
end
def update
# convert the flickr_username to their flickr_user_id
+ unless params[:user][:flickr_user_id]
+ flash[:error] = 'You must provide your Flickr screenname to lokup your ID'
+ render :action => :edit and return false
+ end
flickr_username = params[:user][:flickr_user_id]
flickr_id = convert_user_flickrname_to_id(flickr_username)
- params[:user][:flickr_user_id] = flickr_id unless flickr_id.blank?
- @user = User.update_attributes(params[:user])
- respond_to do |format|
- if @user.valid?
- @user.save
+ unless flickr_id && flickr_id.include?('@')
+ flash[:error] = "There was an error looking up your ID"
+ render :action => :edit and return false
+ end
+ params[:user][:flickr_user_id] = flickr_id
+ @user.update_attributes(params[:user])
+ unless @user.flickr_token
+ redirect_to @flickr.auth.url(:write) and return
+ else
+ respond_to do |format|
format.html { redirect_to user_path(@user) }
- else
- format.html { render :action => "new" }
end
end
end
+
+ def flickr_callback
+ flickr = Flickr.new(FLICKR)
+ flickr.auth.frob = params[:frob]
+ current_user.update_attribute :flickr_token, flickr.auth.token.token
+ respond_to do |format|
+ format.html { redirect_to user_path(current_user) }
+ end
+ end
private
- def edit_self?
+ def get_user
+ unless params[:twitter_username] or params[:id]
+ flash[:error]='You must provide a username.'
+ redirect_to users_path and return false
+ end
+ twitter_username = params[:twitter_username]
+ twitter_username ||= params[:id]
+ @user = User.find_by_twitter_username(twitter_username)
+ unless @user
+ flash[:error] = 'We could not locate that user.'
+ redirect_to users_path and return false
+ end
+ end
+
+ def self?
if current_user == @user
return true
else
return false
- flash[:error]="Editing another user's profile is not allowed."
- redirect_to users_path
+ end
+ end
+
+ def set_flickr
+ if current_user.flickr_token
+ @flickr = Flickr.new(FLICKR.merge(:token => current_user.flickr_token))
+ else
+ @flickr = Flickr.new(FLICKR)
+ end
+ end
+
+ def check_flickr_auth
+ return unless current_user
+ unless current_user.flickr_token && current_user.flickr_user_id
+ redirect_to edit_user_path(current_user) and return
end
end
View
17 app/views/users/edit.rhtml
@@ -1,3 +1,18 @@
<%- if @user.flickr_token.blank? -%>
<%= link_to 'Authenticate with Flickr', @flickr.auth.url(:write) %>
-<%- end -%>
+<%- end -%>
+
+<%- form_for @user, :html => { :multipart => true } do |f| -%>
+ <%= f.error_messages %>
+ <%- field_set_tag "Flickr" do -%>
+ <div id="flickr_id">
+ <%= label_tag :flickr_username, "Flickr Username" %>
+ <%= f.text_field :flickr_user_id %>
+ </div>
+ <%- end -%>
+ <%- field_set_tag do -%>
+ <div class="submit field">
+ <%= f.submit "Update Profile" %>
+ </div>
+ <%- end -%>
+<%- end -%>
View
24 app/views/users/new.rhtml
@@ -1,24 +0,0 @@
-<%- form_for @user, :html => { :multipart => true } do |f| -%>
- <%= f.error_messages %>
- <%- field_set_tag "Twitter" do -%>
- <div class="Twitter username required">
- <%= label_tag :twitter_username, "Twitter Username" %>
- <%= f.text_field :twitter_username %>
- </div>
- <div class="Twitter password (temporarily) required">
- <%= label_tag :twitter_password, "Twitter Password" %>
- <%= f.password_field :twitter_password %>
- </div>
- <%- end -%>
- <%- field_set_tag "Flickr" do -%>
- <div class="Flickr username required">
- <%= label_tag :flickr_username, "Flickr Username" %>
- <%= f.text_field :flickr_user_id %>
- </div>
- <%- end -%>
- <%- field_set_tag do -%>
- <div class="submit field">
- <%= f.submit "Save" %>
- </div>
- <%- end -%>
-<%- end -%>
View
0 script/performance/benchmarker 100755 → 100644
File mode changed.
View
0 script/performance/profiler 100755 → 100644
File mode changed.

0 comments on commit a54ddbe

Please sign in to comment.