64 lines
1.7 KiB
Ruby
64 lines
1.7 KiB
Ruby
class UsersController < ApplicationController
|
|
before_action :ensure_admin, only: [:destroy, :block]
|
|
|
|
def index
|
|
@users = User.all
|
|
end
|
|
|
|
def new
|
|
@user = User.new
|
|
end
|
|
|
|
def create
|
|
@user = User.create(params.require(:user).permit(:email, :password))
|
|
if @user.invalid?
|
|
redirect_to '/welcome', notice: notices_from_errors(@user)
|
|
else
|
|
session[:user_id] = @user.id
|
|
redirect_to '/welcome', notice: 'Account has been created'
|
|
end
|
|
end
|
|
|
|
def password_recovery_request
|
|
@user = User.where(email: params['email']).first
|
|
recovery_password = ('a'..'z').to_a.shuffle[0,8].join
|
|
@user.recovery_password = recovery_password
|
|
@user.save
|
|
UserMailer.with(user: @user, recovery_password: recovery_password).password_recovery.deliver_now
|
|
redirect_to '/welcome', notice: "Recovery email sent to #{params['email']}"
|
|
end
|
|
|
|
def password_recovery_request_form
|
|
end
|
|
|
|
def recover_password_form
|
|
@recovery_password = params[:recovery_password]
|
|
@user_id = params[:id]
|
|
end
|
|
|
|
def recover_password
|
|
user = User.find(params[:user_id])
|
|
if user.recovery_password_digest && user.authenticate_recovery_password(params[:recovery_password])
|
|
user.password = params[:password]
|
|
user.password_confirmation = params[:password_confirmation]
|
|
if user.save
|
|
user.update(recovery_password: nil)
|
|
redirect_to '/welcome', notice: 'Password changed'
|
|
else
|
|
redirect_to '/welcome', notice: 'Passwords don\'t match'
|
|
end
|
|
else
|
|
redirect_to '/welcome', notice: 'Recovery link expired or invalid'
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
User.destroy(params[:id])
|
|
redirect_to '/users'
|
|
end
|
|
|
|
def block
|
|
User.find(params[:id]).update(status: :blocked)
|
|
redirect_to '/users'
|
|
end
|
|
end
|