239 lines
7.1 KiB
Ruby
239 lines
7.1 KiB
Ruby
class AdminController < ApplicationController
|
|
before_filter :authenticate_admin
|
|
filter_parameter_logging :password, :password_confirmation # do not log passwort parameters
|
|
|
|
verify :method => :post, :only => [ :destroyUser, :createUser, :updateUser, :destroyGroup, :createGroup, :updateGroup], :redirect_to => { :action => :index }
|
|
|
|
# Messages
|
|
MSG_USER_CREATED = 'Benutzer_in wurde erfolgreich angelegt.'
|
|
MSG_USER_UPDATED = 'Änderungen wurden gespeichert'
|
|
MSG_USER_DELETED = 'Benutzer_in wurde gelöscht'
|
|
ERR_NO_SELF_DELETE = 'Du darfst Dich nicht selbst löschen'
|
|
MESG_NO_ADMIN_ANYMORE = "Du bist nun kein Admin mehr"
|
|
|
|
def index
|
|
@user = self.current_user
|
|
@groups = Group.find(:all, :limit => 5, :order => 'created_on DESC')
|
|
@users = User.find(:all, :limit => 5, :order => 'created_on DESC')
|
|
end
|
|
|
|
# ************************** group actions **************************
|
|
def listGroups
|
|
if (params[:per_page] && params[:per_page].to_i > 0 && params[:per_page].to_i <= 100)
|
|
@per_page = params[:per_page].to_i
|
|
else
|
|
@per_page = 20
|
|
end
|
|
# if the search field is used
|
|
conditions = "name LIKE '%#{params[:query]}%'" unless params[:query].nil?
|
|
|
|
@total = Group.count(:conditions => conditions)
|
|
@groups = Group.paginate(:conditions => conditions, :page => params[:page], :per_page => @per_page, :order => 'type DESC, name')
|
|
|
|
respond_to do |format|
|
|
format.html # index.html.erb
|
|
format.js do
|
|
render :update do |page|
|
|
page.replace_html 'table', :partial => "listGroups"
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
def showGroup
|
|
@group = Group.find(params[:id])
|
|
end
|
|
|
|
def newGroup
|
|
@group = Group.new
|
|
render :action => 'newGroup'
|
|
end
|
|
|
|
def newOrderGroup
|
|
@group = OrderGroup.new
|
|
render :action => 'newGroup'
|
|
end
|
|
|
|
def createGroup
|
|
@group = Group.new(params[:group])
|
|
if @group.save
|
|
flash[:notice] = 'Neue Gruppe wurde angelegt.'
|
|
redirect_to :action => 'members', :id => @group.id
|
|
else
|
|
flash[:error] = 'Gruppe konnte nicht angelegt werden.'
|
|
render :action => 'newGroup'
|
|
end
|
|
end
|
|
|
|
def createOrderGroup
|
|
@group = OrderGroup.new(params[:group])
|
|
@group.account_balance = 0
|
|
@group.account_updated = Time.now
|
|
if @group.save
|
|
flash[:notice] = 'Neue Bestellgruppe wurde angelegt.'
|
|
redirect_to :action => 'members', :id => @group.id
|
|
else
|
|
flash[:error] = 'Gruppe konnte nicht angelegt werden.'
|
|
render :action => 'newGroup'
|
|
end
|
|
end
|
|
|
|
def editGroup
|
|
@group = Group.find(params[:id])
|
|
render :template => 'groups/edit'
|
|
end
|
|
|
|
def updateGroup
|
|
@group = Group.find(params[:id])
|
|
if @group.update_attributes(params[:group])
|
|
flash[:notice] = 'Group was successfully updated.'
|
|
redirect_to :action => 'showGroup', :id => @group
|
|
else
|
|
render :template => 'groups/edit'
|
|
end
|
|
end
|
|
|
|
def destroyGroup
|
|
begin
|
|
group = Group.find(params[:id])
|
|
group.destroy
|
|
redirect_to :action => 'listGroups'
|
|
rescue => error
|
|
flash[:error] = error.to_s
|
|
redirect_to :action => "showGroup", :id => group
|
|
end
|
|
end
|
|
|
|
# ************************** Membership methods ******************************
|
|
|
|
# loads the membership-page
|
|
def members
|
|
@group = Group.find(params[:id])
|
|
end
|
|
|
|
# adds a new member to the group
|
|
def addMember
|
|
@group = Group.find(params[:id])
|
|
user = User.find(params[:user])
|
|
Membership.create(:group => @group, :user => user)
|
|
redirect_to :action => 'memberships_reload', :id => @group
|
|
end
|
|
|
|
# the membership will find an end....
|
|
def dropMember
|
|
begin
|
|
group = Group.find(params[:group])
|
|
Membership.find(params[:membership]).destroy
|
|
if User.find(@current_user.id).role_admin?
|
|
redirect_to :action => 'memberships_reload', :id => group
|
|
else
|
|
# If the user drops himself from admin group
|
|
flash[:notice] = MESG_NO_ADMIN_ANYMORE
|
|
render(:update) {|page| page.redirect_to :controller => "index"}
|
|
end
|
|
rescue => error
|
|
flash[:error] = error.to_s
|
|
redirect_to :action => 'memberships_reload', :id => group
|
|
end
|
|
end
|
|
|
|
# the two boxes 'members' and 'non members' will be reload through ajax
|
|
def memberships_reload
|
|
@group = Group.find(params[:id])
|
|
render :update do |page|
|
|
page.replace_html 'members', :partial => 'groups/members', :object => @group
|
|
page.replace_html 'non_members', :partial => 'groups/non_members', :object => @group
|
|
end
|
|
end
|
|
|
|
|
|
# ****************************** User methdos ******************************
|
|
def listUsers
|
|
if (params[:per_page] && params[:per_page].to_i > 0 && params[:per_page].to_i <= 100)
|
|
@per_page = params[:per_page].to_i
|
|
else
|
|
@per_page = 20
|
|
end
|
|
# if the search field is used
|
|
conditions = "first_name LIKE '%#{params[:query]}%' OR last_name LIKE '%#{params[:query]}%'" unless params[:query].nil?
|
|
|
|
@total = User.count(:conditions => conditions)
|
|
@users = User.paginate :page => params[:page], :conditions => conditions, :per_page => @per_page, :order => 'nick'
|
|
|
|
respond_to do |format|
|
|
format.html # listUsers.haml
|
|
format.js do
|
|
render :update do |page|
|
|
page.replace_html 'table', :partial => "listUsers"
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
def showUser
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
def newUser
|
|
@user = User.new
|
|
if request.xml_http_request?
|
|
render :update do |page|
|
|
page.replace_html 'userForm', :partial => "newUser"
|
|
page['newUser'].show
|
|
end
|
|
end
|
|
end
|
|
|
|
def createUser
|
|
@user = User.new(params[:user])
|
|
@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
|
|
if @user.errors.empty? && @user.save
|
|
for setting in User::setting_keys.keys
|
|
@user.settings[setting] = (params[:user][:settings] && params[:user][:settings][setting] == '1' ? '1' : nil)
|
|
end
|
|
flash[:notice] = MSG_USER_CREATED
|
|
redirect_to :action => 'listUsers'
|
|
else
|
|
render :action => 'newUser'
|
|
end
|
|
end
|
|
|
|
def editUser
|
|
@user = User.find(params[:id])
|
|
if request.xml_http_request?
|
|
render :update do |page|
|
|
page.replace_html 'userForm', :partial => "newUser"
|
|
page['newUser'].show
|
|
end
|
|
end
|
|
end
|
|
|
|
def updateUser
|
|
@user = User.find(params[:id])
|
|
@user.set_password({:required => false}, params[:user][:password], params[:user][:password_confirmation])
|
|
@user.attributes = params[:user]
|
|
for setting in User::setting_keys.keys
|
|
@user.settings[setting] = (params[:user][:settings] && params[:user][:settings][setting] == '1' ? '1' : nil)
|
|
end
|
|
if @user.errors.empty? && @user.save
|
|
flash[:notice] = MSG_USER_UPDATED
|
|
redirect_to :action => 'showUser', :id => @user
|
|
else
|
|
render :action => 'editUser'
|
|
end
|
|
end
|
|
|
|
|
|
def destroyUser
|
|
user = User.find(params[:id])
|
|
if user.nick == @current_user.nick
|
|
# deny destroying logged-in-user
|
|
flash[:error] = ERR_NO_SELF_DELETE
|
|
else
|
|
user.destroy
|
|
flash[:notice] = MSG_USER_DELETED
|
|
end
|
|
redirect_to :action => 'listUsers'
|
|
end
|
|
|
|
end
|