users_controller.rb 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536
  1. class UsersController < ApplicationController
  2. before_filter :authentication_check, :except => [:create, :password_reset_send, :password_reset_verify]
  3. =begin
  4. Format:
  5. JSON
  6. Example:
  7. {
  8. "id":2,
  9. "organization_id":null,
  10. "login":"m@edenhofer.de",
  11. "firstname":"Marti",
  12. "lastname":"Ede",
  13. "email":"m@edenhofer.de",
  14. "image":"http://www.gravatar.com/avatar/1c38b099f2344976005de69965733465?s=48",
  15. "web":"http://127.0.0.1",
  16. "password":"123",
  17. "phone":"112",
  18. "fax":"211",
  19. "mobile":"",
  20. "street":"",
  21. "zip":"",
  22. "city":"",
  23. "country":null,
  24. "verified":false,
  25. "active":true,
  26. "note":"some note",
  27. "source":null,
  28. "role_ids":[1,2],
  29. "group_ids":[1,2,3,4],
  30. }
  31. =end
  32. =begin
  33. Resource:
  34. GET /api/users.json
  35. Response:
  36. [
  37. {
  38. "id": 1,
  39. "login": "some_login1",
  40. ...
  41. },
  42. {
  43. "id": 2,
  44. "login": "some_login2",
  45. ...
  46. }
  47. ]
  48. Test:
  49. curl http://localhost/api/users.json -v -u #{login}:#{password}
  50. =end
  51. def index
  52. users = User.all
  53. users_all = []
  54. users.each {|user|
  55. users_all.push User.user_data_full( user.id )
  56. }
  57. render :json => users_all
  58. end
  59. =begin
  60. Resource:
  61. GET /api/users/1.json
  62. Response:
  63. {
  64. "id": 1,
  65. "login": "some_login1",
  66. ...
  67. },
  68. Test:
  69. curl http://localhost/api/users/#{id}.json -v -u #{login}:#{password}
  70. =end
  71. def show
  72. user = User.user_data_full( params[:id] )
  73. render :json => user
  74. end
  75. =begin
  76. Resource:
  77. POST /api/users.json
  78. Payload:
  79. {
  80. "login": "some_login",
  81. "firstname": "some firstname",
  82. "lastname": "some lastname",
  83. "email": "some@example.com"
  84. }
  85. Response:
  86. {
  87. "id": 1,
  88. "login": "some_login",
  89. ...
  90. },
  91. Test:
  92. curl http://localhost/api/users.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
  93. =end
  94. def create
  95. user = User.new( User.param_cleanup(params) )
  96. begin
  97. # check if it's first user
  98. count = User.all.count()
  99. # if it's a signup, add user to customer role
  100. if !current_user
  101. user.updated_by_id = 1
  102. user.created_by_id = 1
  103. # check if feature is enabled
  104. if !Setting.get('user_create_account')
  105. render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
  106. return
  107. end
  108. # add first user as admin/agent and to all groups
  109. group_ids = []
  110. role_ids = []
  111. if count <= 2
  112. Role.where( :name => [ 'Admin', 'Agent'] ).each { |role|
  113. role_ids.push role.id
  114. }
  115. Group.all().each { |group|
  116. group_ids.push group.id
  117. }
  118. # everybody else will go as customer per default
  119. else
  120. role_ids.push Role.where( :name => 'Customer' ).first.id
  121. end
  122. user.role_ids = role_ids
  123. user.group_ids = group_ids
  124. # else do assignment as defined
  125. else
  126. if params[:role_ids]
  127. user.role_ids = params[:role_ids]
  128. end
  129. if params[:group_ids]
  130. user.group_ids = params[:group_ids]
  131. end
  132. end
  133. # check if user already exists
  134. if user.email
  135. exists = User.where( :email => user.email ).first
  136. if exists
  137. render :json => { :error => 'User already exists!' }, :status => :unprocessable_entity
  138. return
  139. end
  140. end
  141. user.save
  142. # if first user set init done
  143. if count <= 2
  144. Setting.create_or_update(
  145. :title => 'System Init Done',
  146. :name => 'system_init_done',
  147. :area => 'Core',
  148. :description => 'Defines if application is in init mode.',
  149. :options => {},
  150. :state => true,
  151. :frontend => true
  152. )
  153. end
  154. # send inviteation if needed / only if session exists
  155. if params[:invite] && current_user
  156. # generate token
  157. token = Token.create( :action => 'PasswordReset', :user_id => user.id )
  158. # send mail
  159. data = {}
  160. data[:subject] = 'Invitation to #{config.product_name} at #{config.fqdn}'
  161. data[:body] = 'Hi #{user.firstname},
  162. I (#{current_user.firstname} #{current_user.lastname}) invite you to #{config.product_name} - a customer support / ticket system platform.
  163. Click on the following link and set your password:
  164. #{config.http_type}://#{config.fqdn}/#password_reset_verify/#{token.name}
  165. Enjoy,
  166. #{current_user.firstname} #{current_user.lastname}
  167. Your #{config.product_name} Team
  168. '
  169. # prepare subject & body
  170. [:subject, :body].each { |key|
  171. data[key.to_sym] = NotificationFactory.build(
  172. :locale => user.locale,
  173. :string => data[key.to_sym],
  174. :objects => {
  175. :token => token,
  176. :user => user,
  177. :current_user => current_user,
  178. }
  179. )
  180. }
  181. # send notification
  182. NotificationFactory.send(
  183. :recipient => user,
  184. :subject => data[:subject],
  185. :body => data[:body]
  186. )
  187. end
  188. user_new = User.user_data_full( user.id )
  189. render :json => user_new, :status => :created
  190. rescue Exception => e
  191. render :json => { :error => e.message }, :status => :unprocessable_entity
  192. end
  193. end
  194. =begin
  195. Resource:
  196. PUT /api/users/#{id}.json
  197. Payload:
  198. {
  199. "login": "some_login",
  200. "firstname": "some firstname",
  201. "lastname": "some lastname",
  202. "email": "some@example.com"
  203. }
  204. Response:
  205. {
  206. "id": 2,
  207. "login": "some_login",
  208. ...
  209. },
  210. Test:
  211. curl http://localhost/api/users/2.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'
  212. =end
  213. def update
  214. # allow user to update him self
  215. if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
  216. return if params[:id] != current_user.id
  217. end
  218. user = User.find( params[:id] )
  219. begin
  220. user.update_attributes( User.param_cleanup(params) )
  221. # only allow Admin's and Agent's
  222. if is_role('Admin') && is_role('Agent') && params[:role_ids]
  223. user.role_ids = params[:role_ids]
  224. end
  225. # only allow Admin's
  226. if is_role('Admin') && params[:group_ids]
  227. user.group_ids = params[:group_ids]
  228. end
  229. # only allow Admin's and Agent's
  230. if is_role('Admin') && is_role('Agent') && params[:organization_ids]
  231. user.organization_ids = params[:organization_ids]
  232. end
  233. # get new data
  234. user_new = User.user_data_full( params[:id] )
  235. render :json => user_new, :status => :ok
  236. rescue Exception => e
  237. render :json => { :error => e.message }, :status => :unprocessable_entity
  238. end
  239. end
  240. # DELETE /api/users/1
  241. def destroy
  242. return if !is_role('Admin')
  243. model_destory_render(User, params)
  244. end
  245. # GET /api/users/search
  246. def search
  247. # get params
  248. query = params[:term]
  249. limit = params[:limit] || 18
  250. # do query
  251. user_all = User.find(
  252. :all,
  253. :limit => limit,
  254. :conditions => ['firstname LIKE ? or lastname LIKE ? or email LIKE ?', "%#{query}%", "%#{query}%", "%#{query}%"],
  255. :order => 'firstname'
  256. )
  257. # build result list
  258. users = []
  259. user_all.each do |user|
  260. realname = user.firstname.to_s + ' ' + user.lastname.to_s
  261. if user.email && user.email.to_s != ''
  262. realname = realname + ' <' + user.email.to_s + '>'
  263. end
  264. a = { :id => user.id, :label => realname, :value => realname }
  265. users.push a
  266. end
  267. # return result
  268. render :json => users
  269. end
  270. =begin
  271. Resource:
  272. POST /api/users/password_reset
  273. Payload:
  274. {
  275. "username": "some user name"
  276. }
  277. Response:
  278. {
  279. :message => 'ok'
  280. }
  281. Test:
  282. curl http://localhost/api/users/password_reset.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'
  283. =end
  284. def password_reset_send
  285. # check if feature is enabled
  286. if !Setting.get('user_lost_password')
  287. render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
  288. return
  289. end
  290. success = User.password_reset_send( params[:username] )
  291. if success
  292. render :json => { :message => 'ok' }, :status => :ok
  293. else
  294. render :json => { :message => 'failed' }, :status => :unprocessable_entity
  295. end
  296. end
  297. =begin
  298. Resource:
  299. POST /api/users/password_reset_verify
  300. Payload:
  301. {
  302. "token": "SoMeToKeN",
  303. "password" "new_password"
  304. }
  305. Response:
  306. {
  307. :message => 'ok'
  308. }
  309. Test:
  310. curl http://localhost/api/users/password_reset_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'
  311. =end
  312. def password_reset_verify
  313. if params[:password]
  314. user = User.password_reset_via_token( params[:token], params[:password] )
  315. else
  316. user = User.password_reset_check( params[:token] )
  317. end
  318. if user
  319. render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
  320. else
  321. render :json => { :message => 'failed' }, :status => :unprocessable_entity
  322. end
  323. end
  324. =begin
  325. Resource:
  326. POST /api/users/password_change
  327. Payload:
  328. {
  329. "password_old": "some_password_old",
  330. "password_new": "some_password_new"
  331. }
  332. Response:
  333. {
  334. :message => 'ok'
  335. }
  336. Test:
  337. curl http://localhost/api/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new": "password_new"}'
  338. =end
  339. def password_change
  340. # check old password
  341. if !params[:password_old]
  342. render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity
  343. return
  344. end
  345. user = User.authenticate( current_user.login, params[:password_old] )
  346. if !user
  347. render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity
  348. return
  349. end
  350. # set new password
  351. if !params[:password_new]
  352. render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity
  353. return
  354. end
  355. user.update_attributes( :password => params[:password_new] )
  356. render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
  357. end
  358. =begin
  359. Resource:
  360. PUT /api/users/preferences.json
  361. Payload:
  362. {
  363. "language": "de",
  364. "notification": true
  365. }
  366. Response:
  367. {
  368. :message => 'ok'
  369. }
  370. Test:
  371. curl http://localhost/api/users/preferences.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"language": "de", "notifications": true}'
  372. =end
  373. def preferences
  374. if !current_user
  375. render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
  376. return
  377. end
  378. if params[:user]
  379. params[:user].each {|key, value|
  380. current_user.preferences[key.to_sym] = value
  381. }
  382. end
  383. current_user.save
  384. render :json => { :message => 'ok' }, :status => :ok
  385. end
  386. =begin
  387. Resource:
  388. DELETE /api/users/account.json
  389. Payload:
  390. {
  391. "provider": "twitter",
  392. "uid": 581482342942
  393. }
  394. Response:
  395. {
  396. :message => 'ok'
  397. }
  398. Test:
  399. curl http://localhost/api/users/account.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"provider": "twitter", "uid": 581482342942}'
  400. =end
  401. def account_remove
  402. if !current_user
  403. render :json => { :message => 'No current user!' }, :status => :unprocessable_entity
  404. return
  405. end
  406. # provider + uid to remove
  407. if !params[:provider]
  408. render :json => { :message => 'provider needed!' }, :status => :unprocessable_entity
  409. return
  410. end
  411. if !params[:uid]
  412. render :json => { :message => 'uid needed!' }, :status => :unprocessable_entity
  413. return
  414. end
  415. # remove from database
  416. record = Authorization.where(
  417. :user_id => current_user.id,
  418. :provider => params[:provider],
  419. :uid => params[:uid],
  420. )
  421. if !record.first
  422. render :json => { :message => 'No record found!' }, :status => :unprocessable_entity
  423. return
  424. end
  425. record.destroy_all
  426. render :json => { :message => 'ok' }, :status => :ok
  427. end
  428. end