cirandas.net

ref: master

app/controllers/my_profile/profile_editor_controller.rb

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

class ProfileEditorController < MyProfileController

  protect 'edit_profile', :profile, :except => [:destroy_profile]
  protect 'destroy_profile', :profile, :only => [:destroy_profile]

  before_filter :access_welcome_page, :only => [:welcome_page]
  before_filter :back_to
  before_filter :forbid_destroy_profile, :only => [:destroy_profile]
  before_filter :check_user_can_edit_header_footer, :only => [:header_footer]
  helper_method :has_welcome_page
  helper CustomFieldsHelper
  include CategoriesHelper

  include SearchTags

  def index
    @pending_tasks = Task.to(profile).pending.without_spam
    @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance')
    @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer'))
  end

  helper :profile

  # edits the profile info (posts back)
  def edit
    @profile_data = profile
    @possible_domains = profile.possible_domains
    @kinds = environment.kinds.where(:type => profile.type)
    if request.post?
      params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
      Profile.transaction do
        Image.transaction do
          begin
            @plugins.dispatch(:profile_editor_transaction_extras)
            # TODO: This is unsafe! Add sanitizer
            @profile_data.update!(params[:profile_data])
            redirect_to :action => 'index', :profile => profile.identifier
          rescue Exception => ex
            profile.identifier = params[:profile] if profile.identifier.blank?
          end
        end
      end
    end
  end

  def enable
    @to_enable = profile
    if request.post? && params[:confirmation]
      unless profile.enable user
        session[:notice] = _('%s was not enabled.') % profile.name
      end
      redirect_to :action => :index
    end
  end

  def disable
    @to_disable = profile
    if request.post? && params[:confirmation]
      unless profile.update_attribute :enabled, false
        session[:notice] = _('%s was not disabled.') % profile.name
      end
      redirect_to :action => :index
    end
  end

  def header_footer
    @no_design_blocks = true
    if request.post?
      @profile.update_header_and_footer(params[:custom_header], params[:custom_footer])
      redirect_to :action => 'index'
    else
      @header = boxes_holder.custom_header
      @footer = boxes_holder.custom_footer
    end
  end

  def destroy_profile
    if request.post?
      if @profile.destroy
        session[:notice] = _('The profile was deleted.')
        if(params[:return_to])
          redirect_to url_for(params[:return_to])
        else
          redirect_to :controller => 'home'
        end
      else
        session[:notice] = _('Could not delete profile')
      end
    end
  end

  def welcome_page
    @welcome_page = profile.welcome_page || TextArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
    if request.post?
      begin
        @welcome_page.update!(params[:welcome_page])
        profile.welcome_page = @welcome_page
        profile.save!
        session[:notice] = _('Welcome page saved successfully.')
        redirect_to :action => 'index'
      rescue Exception => exception
        session[:notice] = _('Welcome page could not be saved.')
      end
    end
  end

  def deactivate_profile
    if environment.admins.include?(current_person)
      profile = environment.profiles.find(params[:id])
      if profile.disable
        profile.save
        session[:notice] = _("The profile '%s' was deactivated.") % profile.name
      else
        session[:notice] = _('Could not deactivate profile.')
      end
    end

    redirect_to_previous_location
  end

  def activate_profile
    if environment.admins.include?(current_person)
      profile = environment.profiles.find(params[:id])

      if profile.enable
        session[:notice] = _("The profile '%s' was activated.") % profile.name
      else
        session[:notice] = _('Could not activate the profile.')
      end
    end

    redirect_to_previous_location
  end

  def reset_private_token
    profile = environment.profiles.find(params[:id])
    profile.user.generate_private_token!

    redirect_to_previous_location
  end

  protected

  def redirect_to_previous_location
    redirect_to @back_to
  end

  #TODO Consider using this as a general controller feature to be available on every action.
  def back_to
    @back_to = params[:back_to] || request.referer || "/"
  end

  private

  def has_welcome_page
    profile.is_template
  end

  def access_welcome_page
    unless has_welcome_page
      render_access_denied
    end
  end

  def forbid_destroy_profile
    if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
      session[:notice] = _('You can not destroy the profile.')
      redirect_to_previous_location
    end
  end

  def check_user_can_edit_header_footer
    user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer')
    redirect_to back_to if user_can_not_edit_header_footer
  end
end