fat_free_crm 0.13.0 → 0.13.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of fat_free_crm might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Capfile +1 -4
- data/Gemfile.lock +0 -1
- data/README.md +1 -0
- data/app/assets/javascripts/lists.js.coffee +1 -2
- data/app/controllers/application_controller.rb +27 -25
- data/app/controllers/emails_controller.rb +1 -30
- data/app/controllers/entities/contacts_controller.rb +1 -1
- data/app/controllers/entities/opportunities_controller.rb +1 -1
- data/app/controllers/entities_controller.rb +0 -1
- data/app/controllers/home_controller.rb +0 -4
- data/app/controllers/passwords_controller.rb +3 -3
- data/app/controllers/tasks_controller.rb +17 -10
- data/app/controllers/users_controller.rb +23 -46
- data/app/helpers/application_helper.rb +0 -3
- data/app/helpers/campaigns_helper.rb +0 -1
- data/app/helpers/leads_helper.rb +0 -11
- data/app/helpers/opportunities_helper.rb +0 -1
- data/app/helpers/tags_helper.rb +0 -8
- data/app/helpers/versions_helper.rb +1 -1
- data/app/models/entities/account_contact.rb +1 -1
- data/app/models/entities/campaign.rb +3 -3
- data/app/models/entities/contact.rb +3 -3
- data/app/models/entities/lead.rb +5 -5
- data/app/models/entities/opportunity.rb +1 -3
- data/app/models/fields/field_group.rb +1 -0
- data/app/models/list.rb +2 -1
- data/app/models/polymorphic/avatar.rb +1 -1
- data/app/models/polymorphic/task.rb +7 -4
- data/app/models/setting.rb +0 -3
- data/app/models/users/ability.rb +13 -2
- data/app/models/users/user.rb +4 -1
- data/app/views/home/index.html.haml +0 -4
- data/app/views/layouts/application.html.haml +7 -5
- data/app/views/leads/_contact.html.haml +0 -3
- data/app/views/lists/_personal_sidebar.html.haml +2 -2
- data/app/views/lists/_sidebar.html.haml +2 -2
- data/config/application.rb +2 -2
- data/config/environments/development.rb +2 -0
- data/config/environments/production.rb +2 -3
- data/config/initializers/secret_token.rb +25 -1
- data/config/locales/en-US_fat_free_crm.yml +1 -1
- data/config/routes.rb +27 -32
- data/config/settings.default.yml +3 -4
- data/lib/development_tasks/rspec.rake +1 -5
- data/lib/fat_free_crm.rb +11 -1
- data/lib/fat_free_crm/fields.rb +1 -1
- data/lib/fat_free_crm/gem_ext/rails/text_helper.rb +1 -2
- data/lib/fat_free_crm/secret_token_generator.rb +59 -0
- data/lib/fat_free_crm/version.rb +1 -1
- data/spec/controllers/admin/users_controller_spec.rb +1 -3
- data/spec/controllers/home_controller_spec.rb +0 -7
- data/spec/controllers/passwords_controller_spec.rb +23 -5
- data/spec/controllers/users_controller_spec.rb +45 -17
- data/spec/lib/secret_token_generator_spec.rb +55 -0
- data/spec/models/users/abilities/user_ability_spec.rb +58 -0
- data/spec/routing/emails_routing_spec.rb +13 -14
- data/spec/spec_helper.rb +2 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9ec069bee0f0bade1f8ccaf400c483acf1806f99
|
4
|
+
data.tar.gz: 267efa985f28e83578031082c510be10d6e3eae7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 196ac4c6e50d2987143f102fa7d0d22c36d5e55c2942944bb156741abf5b372ecb94ae3b09914b240781b78a934c3a2c8610b738673aa463630b0237d312522e
|
7
|
+
data.tar.gz: ac3c0ef7606d672faad180129d1803ba69f184b640b8509aff0cfce38c4e7dfbbc5758e6483e5cd25072747224ab7fba87824df26d64745953d9fc74411e8e84
|
data/Capfile
CHANGED
@@ -1,5 +1,2 @@
|
|
1
1
|
load 'deploy'
|
2
|
-
|
3
|
-
# load 'deploy/assets'
|
4
|
-
Dir['vendor/gems/*/recipes/*.rb','vendor/plugins/*/recipes/*.rb'].each { |plugin| load(plugin) }
|
5
|
-
load 'config/deploy' # remove this line to skip loading any of the default tasks
|
2
|
+
load 'config/deploy'
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -54,6 +54,7 @@ Visit our website at http://www.fatfreecrm.com/
|
|
54
54
|
|
55
55
|
## System Requirements
|
56
56
|
|
57
|
+
* FFCRM gem versions 0.12.1 or higher (previous versions had [**known security vulnerabilities**](https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-(27th-Dec-2013))
|
57
58
|
* Ruby v2.0.0 recommended (it's faster!)
|
58
59
|
* Ruby 1.9.3 is also compatible
|
59
60
|
* Ruby 1.9.2 should be compatible but is not longer supported
|
@@ -65,7 +65,7 @@
|
|
65
65
|
icon.removeClass('fa-times-circle').addClass(iconText)
|
66
66
|
|
67
67
|
getIcon = (listType) ->
|
68
|
-
switch (listType)
|
68
|
+
switch (listType)
|
69
69
|
when "tasks" then "fa-check-square-o"
|
70
70
|
when "campaigns" then "fa-bar-chart-o"
|
71
71
|
when "leads" then "fa-tasks"
|
@@ -83,4 +83,3 @@
|
|
83
83
|
img_el.attr('src', "/assets/tab_icons/" + img_el.data('controller') + "_active.png")
|
84
84
|
|
85
85
|
) jQuery
|
86
|
-
|
@@ -24,6 +24,8 @@ class ApplicationController < ActionController::Base
|
|
24
24
|
rescue_from ActiveRecord::RecordNotFound, :with => :respond_to_not_found
|
25
25
|
rescue_from CanCan::AccessDenied, :with => :respond_to_access_denied
|
26
26
|
|
27
|
+
include ERB::Util # to give us h and j methods
|
28
|
+
|
27
29
|
# Common auto_complete handler for all core controllers.
|
28
30
|
#----------------------------------------------------------------------------
|
29
31
|
def auto_complete
|
@@ -40,7 +42,7 @@ class ApplicationController < ActionController::Base
|
|
40
42
|
respond_to do |format|
|
41
43
|
format.any(:js, :html) { render :partial => 'auto_complete' }
|
42
44
|
format.json { render :json => @auto_complete.inject({}){|h,a|
|
43
|
-
h[a.id] = a.respond_to?(:full_name) ? a.full_name : a.name; h
|
45
|
+
h[a.id] = a.respond_to?(:full_name) ? j(a.full_name) : j(a.name); h
|
44
46
|
}}
|
45
47
|
end
|
46
48
|
end
|
@@ -50,7 +52,7 @@ private
|
|
50
52
|
#
|
51
53
|
# Takes { :related => 'campaigns/7' } or { :related => '5' }
|
52
54
|
# and returns array of object ids that should be excluded from search
|
53
|
-
# assumes controller_name is
|
55
|
+
# assumes controller_name is a method on 'related' class that returns a collection
|
54
56
|
#----------------------------------------------------------------------------
|
55
57
|
def auto_complete_ids_to_exclude(related)
|
56
58
|
return [] if related.blank?
|
@@ -145,7 +147,7 @@ private
|
|
145
147
|
|
146
148
|
#----------------------------------------------------------------------------
|
147
149
|
def can_signup?
|
148
|
-
|
150
|
+
User.can_signup?
|
149
151
|
end
|
150
152
|
|
151
153
|
#----------------------------------------------------------------------------
|
@@ -199,10 +201,10 @@ private
|
|
199
201
|
flash[:warning] = t(:msg_asset_not_available, asset)
|
200
202
|
|
201
203
|
respond_to do |format|
|
202
|
-
format.html { redirect_to
|
204
|
+
format.html { redirect_to(redirection_url) }
|
203
205
|
format.js { render(:update) { |page| page.reload } }
|
204
|
-
format.json { render :text => flash[:warning],
|
205
|
-
format.xml { render :
|
206
|
+
format.json { render :text => flash[:warning], :status => :not_found }
|
207
|
+
format.xml { render :xml => [flash[:warning]], :status => :not_found }
|
206
208
|
end
|
207
209
|
end
|
208
210
|
|
@@ -213,32 +215,32 @@ private
|
|
213
215
|
|
214
216
|
url = send("#{related.pluralize}_path")
|
215
217
|
respond_to do |format|
|
216
|
-
format.html { redirect_to
|
217
|
-
format.js { render(:update) { |page| page.redirect_to
|
218
|
-
format.json { render :text => flash[:warning],
|
219
|
-
format.xml { render :
|
218
|
+
format.html { redirect_to(url) }
|
219
|
+
format.js { render(:update) { |page| page.redirect_to(url) } }
|
220
|
+
format.json { render :text => flash[:warning], :status => :not_found }
|
221
|
+
format.xml { render :xml => [flash[:warning]], :status => :not_found }
|
220
222
|
end
|
221
223
|
end
|
222
224
|
|
223
225
|
#----------------------------------------------------------------------------
|
224
226
|
def respond_to_access_denied
|
225
|
-
|
226
|
-
flash[:warning] = t(:msg_asset_not_authorized, asset)
|
227
|
-
|
228
|
-
else
|
229
|
-
flick = case self.action_name
|
230
|
-
when "destroy" then "delete"
|
231
|
-
when "promote" then "convert"
|
232
|
-
else self.action_name
|
233
|
-
end
|
234
|
-
flash[:warning] = t(:msg_cant_do, :action => flick, :asset => asset)
|
235
|
-
end
|
236
|
-
|
227
|
+
flash[:warning] = t(:msg_not_authorized, default: 'You are not authorized to take this action.')
|
237
228
|
respond_to do |format|
|
238
|
-
format.html { redirect_to
|
229
|
+
format.html { redirect_to(redirection_url) }
|
239
230
|
format.js { render(:update) { |page| page.reload } }
|
240
|
-
format.json { render :text => flash[:warning],
|
241
|
-
format.xml { render :
|
231
|
+
format.json { render :text => flash[:warning], :status => :unauthorized }
|
232
|
+
format.xml { render :xml => [flash[:warning]], :status => :unauthorized }
|
242
233
|
end
|
243
234
|
end
|
235
|
+
|
236
|
+
#----------------------------------------------------------------------------
|
237
|
+
def redirection_url
|
238
|
+
# Try to redirect somewhere sensible. Note: not all controllers have an index action
|
239
|
+
url = if current_user.present?
|
240
|
+
(respond_to?(:index) and self.action_name != 'index') ? { action: 'index' } : root_url
|
241
|
+
else
|
242
|
+
login_url
|
243
|
+
end
|
244
|
+
end
|
245
|
+
|
244
246
|
end
|
@@ -6,35 +6,6 @@
|
|
6
6
|
class EmailsController < ApplicationController
|
7
7
|
before_filter :require_user
|
8
8
|
|
9
|
-
# GET /email
|
10
|
-
# GET /email.xml not implemented
|
11
|
-
#----------------------------------------------------------------------------
|
12
|
-
# def index
|
13
|
-
# end
|
14
|
-
|
15
|
-
# GET /email/1
|
16
|
-
# GET /email/1.xml not implemented
|
17
|
-
#----------------------------------------------------------------------------
|
18
|
-
# def show
|
19
|
-
# end
|
20
|
-
|
21
|
-
# GET /emails/new
|
22
|
-
# GET /emails/new.xml not implemented
|
23
|
-
#----------------------------------------------------------------------------
|
24
|
-
# def new
|
25
|
-
# end
|
26
|
-
|
27
|
-
# GET /emails/1/edit not implemented
|
28
|
-
#----------------------------------------------------------------------------
|
29
|
-
# def edit
|
30
|
-
# end
|
31
|
-
|
32
|
-
# PUT /emails/1
|
33
|
-
# PUT /emails/1.xml not implemented
|
34
|
-
#----------------------------------------------------------------------------
|
35
|
-
# def update
|
36
|
-
# end
|
37
|
-
|
38
9
|
# DELETE /emails/1
|
39
10
|
# DELETE /emails/1.json
|
40
11
|
# DELETE /emails/1.xml AJAX
|
@@ -42,7 +13,7 @@ class EmailsController < ApplicationController
|
|
42
13
|
def destroy
|
43
14
|
@email = Email.find(params[:id])
|
44
15
|
@email.destroy
|
45
|
-
|
46
16
|
respond_with(@email)
|
47
17
|
end
|
18
|
+
|
48
19
|
end
|
@@ -68,7 +68,7 @@ class ContactsController < EntitiesController
|
|
68
68
|
unless params[:account][:id].blank?
|
69
69
|
@account = Account.find(params[:account][:id])
|
70
70
|
else
|
71
|
-
if request.referer =~ /\/accounts\/(
|
71
|
+
if request.referer =~ /\/accounts\/(\d+)\z/
|
72
72
|
@account = Account.find($1) # related account
|
73
73
|
else
|
74
74
|
@account = Account.new(:user => current_user)
|
@@ -82,7 +82,7 @@ class OpportunitiesController < EntitiesController
|
|
82
82
|
unless params[:account][:id].blank?
|
83
83
|
@account = Account.find(params[:account][:id])
|
84
84
|
else
|
85
|
-
if request.referer =~ /\/accounts\/(
|
85
|
+
if request.referer =~ /\/accounts\/(\d+)\z/
|
86
86
|
@account = Account.find($1) # related account
|
87
87
|
else
|
88
88
|
@account = Account.new(:user => current_user)
|
@@ -115,7 +115,6 @@ protected
|
|
115
115
|
def set_options
|
116
116
|
unless params[:cancel].true?
|
117
117
|
klass = controller_name.classify.constantize
|
118
|
-
action = params['action']
|
119
118
|
@per_page = current_user.pref[:"#{controller_name}_per_page"] || klass.per_page
|
120
119
|
@sort_by = current_user.pref[:"#{controller_name}_sort_by"] || klass.sort_by
|
121
120
|
end
|
@@ -6,13 +6,9 @@
|
|
6
6
|
class HomeController < ApplicationController
|
7
7
|
before_filter :require_user, :except => [ :toggle, :timezone ]
|
8
8
|
before_filter :set_current_tab, :only => :index
|
9
|
-
before_filter "hook(:home_before_filter, self, :amazing => true)"
|
10
9
|
|
11
10
|
#----------------------------------------------------------------------------
|
12
11
|
def index
|
13
|
-
@hello = "Hello world" # The hook below can access controller's instance variables.
|
14
|
-
hook(:home_controller, self, :params => "it works!")
|
15
|
-
|
16
12
|
@activities = get_activities
|
17
13
|
@my_tasks = Task.visible_on_dashboard(current_user).by_due_at
|
18
14
|
@my_opportunities = Opportunity.visible_on_dashboard(current_user).by_closes_on.by_amount
|
@@ -44,8 +44,9 @@ class PasswordsController < ApplicationController
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
|
47
|
-
#----------------------------------------------------------------------------
|
48
47
|
private
|
48
|
+
|
49
|
+
#----------------------------------------------------------------------------
|
49
50
|
def load_user_using_perishable_token
|
50
51
|
@user = User.find_using_perishable_token(params[:id])
|
51
52
|
unless @user
|
@@ -60,7 +61,6 @@ class PasswordsController < ApplicationController
|
|
60
61
|
#----------------------------------------------------------------------------
|
61
62
|
def empty_password?
|
62
63
|
(params[:user][:password] == params[:user][:password_confirmation]) &&
|
63
|
-
(params[:user][:password]
|
64
|
+
(params[:user][:password].blank?) # " ".blank? == true
|
64
65
|
end
|
65
66
|
end
|
66
|
-
|
@@ -11,7 +11,7 @@ class TasksController < ApplicationController
|
|
11
11
|
# GET /tasks
|
12
12
|
#----------------------------------------------------------------------------
|
13
13
|
def index
|
14
|
-
@view =
|
14
|
+
@view = view
|
15
15
|
@tasks = Task.find_all_grouped(current_user, @view)
|
16
16
|
|
17
17
|
respond_with @tasks do |format|
|
@@ -25,14 +25,13 @@ class TasksController < ApplicationController
|
|
25
25
|
#----------------------------------------------------------------------------
|
26
26
|
def show
|
27
27
|
@task = Task.tracked_by(current_user).find(params[:id])
|
28
|
-
|
29
28
|
respond_with(@task)
|
30
29
|
end
|
31
30
|
|
32
31
|
# GET /tasks/new
|
33
32
|
#----------------------------------------------------------------------------
|
34
33
|
def new
|
35
|
-
@view =
|
34
|
+
@view = view
|
36
35
|
@task = Task.new
|
37
36
|
@bucket = Setting.unroll(:task_bucket)[1..-1] << [ t(:due_specific_date, :default => 'On Specific Date...'), :specific_time ]
|
38
37
|
@category = Setting.unroll(:task_category)
|
@@ -52,7 +51,7 @@ class TasksController < ApplicationController
|
|
52
51
|
# GET /tasks/1/edit AJAX
|
53
52
|
#----------------------------------------------------------------------------
|
54
53
|
def edit
|
55
|
-
@view =
|
54
|
+
@view = view
|
56
55
|
@task = Task.tracked_by(current_user).find(params[:id])
|
57
56
|
@bucket = Setting.unroll(:task_bucket)[1..-1] << [ t(:due_specific_date, :default => 'On Specific Date...'), :specific_time ]
|
58
57
|
@category = Setting.unroll(:task_category)
|
@@ -68,7 +67,7 @@ class TasksController < ApplicationController
|
|
68
67
|
# POST /tasks
|
69
68
|
#----------------------------------------------------------------------------
|
70
69
|
def create
|
71
|
-
@view =
|
70
|
+
@view = view
|
72
71
|
@task = Task.new(params[:task]) # NOTE: we don't display validation messages for tasks.
|
73
72
|
|
74
73
|
respond_with(@task) do |format|
|
@@ -81,7 +80,7 @@ class TasksController < ApplicationController
|
|
81
80
|
# PUT /tasks/1
|
82
81
|
#----------------------------------------------------------------------------
|
83
82
|
def update
|
84
|
-
@view =
|
83
|
+
@view = view
|
85
84
|
@task = Task.tracked_by(current_user).find(params[:id])
|
86
85
|
@task_before_update = @task.dup
|
87
86
|
|
@@ -107,7 +106,7 @@ class TasksController < ApplicationController
|
|
107
106
|
# DELETE /tasks/1
|
108
107
|
#----------------------------------------------------------------------------
|
109
108
|
def destroy
|
110
|
-
@view =
|
109
|
+
@view = view
|
111
110
|
@task = Task.tracked_by(current_user).find(params[:id])
|
112
111
|
@task.destroy
|
113
112
|
|
@@ -142,7 +141,7 @@ class TasksController < ApplicationController
|
|
142
141
|
# Ajax request to filter out a list of tasks. AJAX
|
143
142
|
#----------------------------------------------------------------------------
|
144
143
|
def filter
|
145
|
-
@view =
|
144
|
+
@view = view
|
146
145
|
|
147
146
|
update_session do |filters|
|
148
147
|
if params[:checked].true?
|
@@ -167,8 +166,7 @@ private
|
|
167
166
|
# Collect data necessary to render filters sidebar.
|
168
167
|
#----------------------------------------------------------------------------
|
169
168
|
def update_sidebar
|
170
|
-
@view =
|
171
|
-
@view = "pending" unless %w(pending assigned completed).include?(@view)
|
169
|
+
@view = view
|
172
170
|
@task_total = Task.totals(current_user, @view)
|
173
171
|
|
174
172
|
# Update filters session if we added, deleted, or completed a task.
|
@@ -189,4 +187,13 @@ private
|
|
189
187
|
session[name] = filters unless filters.blank?
|
190
188
|
end
|
191
189
|
end
|
190
|
+
|
191
|
+
# Ensure view is allowed
|
192
|
+
#----------------------------------------------------------------------------
|
193
|
+
def view
|
194
|
+
view = params[:view]
|
195
|
+
views = Task::ALLOWED_VIEWS
|
196
|
+
views.include?(view) ? view : views.first
|
197
|
+
end
|
198
|
+
|
192
199
|
end
|
@@ -5,44 +5,30 @@
|
|
5
5
|
#------------------------------------------------------------------------------
|
6
6
|
class UsersController < ApplicationController
|
7
7
|
|
8
|
-
before_filter :require_no_user, :only => [ :new, :create ]
|
9
|
-
before_filter :require_user, :only => [ :show, :redraw ]
|
10
8
|
before_filter :set_current_tab, :only => [ :show, :opportunities_overview ] # Don't hightlight any tabs.
|
11
|
-
before_filter :require_and_assign_user, :except => [ :new, :create, :show, :avatar, :upload_avatar ]
|
12
|
-
before_filter :assign_given_or_current_user, :only => [ :show, :avatar, :upload_avatar, :edit, :update ]
|
13
9
|
|
14
|
-
|
10
|
+
check_authorization
|
11
|
+
load_and_authorize_resource # handles all security
|
15
12
|
|
16
13
|
respond_to :html, :only => [ :show, :new ]
|
17
14
|
|
18
15
|
# GET /users/1
|
19
|
-
# GET /users/1.
|
20
|
-
# GET /users/1.xml HTML
|
16
|
+
# GET /users/1.js
|
21
17
|
#----------------------------------------------------------------------------
|
22
18
|
def show
|
19
|
+
@user = current_user if params[:id].nil?
|
23
20
|
respond_with(@user)
|
24
21
|
end
|
25
22
|
|
26
23
|
# GET /users/new
|
27
|
-
# GET /users/new.
|
28
|
-
# GET /users/new.xml HTML
|
24
|
+
# GET /users/new.js
|
29
25
|
#----------------------------------------------------------------------------
|
30
26
|
def new
|
31
|
-
if can_signup?
|
32
|
-
respond_with(@user)
|
33
|
-
else
|
34
|
-
redirect_to login_path
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
# GET /users/1/edit AJAX
|
39
|
-
#----------------------------------------------------------------------------
|
40
|
-
def edit
|
41
27
|
respond_with(@user)
|
42
28
|
end
|
43
29
|
|
44
30
|
# POST /users
|
45
|
-
# POST /users.
|
31
|
+
# POST /users.js
|
46
32
|
#----------------------------------------------------------------------------
|
47
33
|
def create
|
48
34
|
if @user.save
|
@@ -58,31 +44,29 @@ class UsersController < ApplicationController
|
|
58
44
|
end
|
59
45
|
end
|
60
46
|
|
61
|
-
#
|
62
|
-
# PUT /users/1.json
|
63
|
-
# PUT /users/1.xml AJAX
|
47
|
+
# GET /users/1/edit.js
|
64
48
|
#----------------------------------------------------------------------------
|
65
|
-
def
|
66
|
-
@user.update_attributes(params[:user])
|
49
|
+
def edit
|
67
50
|
respond_with(@user)
|
68
51
|
end
|
69
52
|
|
70
|
-
#
|
71
|
-
#
|
53
|
+
# PUT /users/1
|
54
|
+
# PUT /users/1.js
|
72
55
|
#----------------------------------------------------------------------------
|
73
|
-
def
|
74
|
-
|
56
|
+
def update
|
57
|
+
@user.update_attributes(params[:user])
|
58
|
+
respond_with(@user)
|
75
59
|
end
|
76
60
|
|
77
61
|
# GET /users/1/avatar
|
78
|
-
# GET /users/1/avatar.
|
62
|
+
# GET /users/1/avatar.js
|
79
63
|
#----------------------------------------------------------------------------
|
80
64
|
def avatar
|
81
65
|
respond_with(@user)
|
82
66
|
end
|
83
67
|
|
84
68
|
# PUT /users/1/upload_avatar
|
85
|
-
# PUT /users/1/upload_avatar.
|
69
|
+
# PUT /users/1/upload_avatar.js
|
86
70
|
#----------------------------------------------------------------------------
|
87
71
|
def upload_avatar
|
88
72
|
if params[:gravatar]
|
@@ -106,19 +90,21 @@ class UsersController < ApplicationController
|
|
106
90
|
end
|
107
91
|
|
108
92
|
# GET /users/1/password
|
109
|
-
# GET /users/1/password.
|
93
|
+
# GET /users/1/password.js
|
110
94
|
#----------------------------------------------------------------------------
|
111
95
|
def password
|
112
96
|
respond_with(@user)
|
113
97
|
end
|
114
98
|
|
115
99
|
# PUT /users/1/change_password
|
116
|
-
# PUT /users/1/change_password.
|
100
|
+
# PUT /users/1/change_password.js
|
117
101
|
#----------------------------------------------------------------------------
|
118
102
|
def change_password
|
119
103
|
if @user.valid_password?(params[:current_password], true) || @user.password_hash.blank?
|
120
104
|
unless params[:user][:password].blank?
|
121
|
-
@user.
|
105
|
+
@user.password = params[:user][:password]
|
106
|
+
@user.password_confirmation = params[:user][:password_confirmation]
|
107
|
+
@user.save
|
122
108
|
flash[:notice] = t(:msg_password_changed)
|
123
109
|
else
|
124
110
|
flash[:notice] = t(:msg_password_not_changed)
|
@@ -130,27 +116,18 @@ class UsersController < ApplicationController
|
|
130
116
|
respond_with(@user)
|
131
117
|
end
|
132
118
|
|
133
|
-
# POST /users/1/redraw
|
119
|
+
# POST /users/1/redraw
|
134
120
|
#----------------------------------------------------------------------------
|
135
121
|
def redraw
|
136
122
|
current_user.preference[:locale] = params[:locale]
|
137
123
|
render(:update) { |page| page.redirect_to user_path(current_user) }
|
138
124
|
end
|
139
125
|
|
126
|
+
# GET /users/opportunities_overview
|
127
|
+
#----------------------------------------------------------------------------
|
140
128
|
def opportunities_overview
|
141
129
|
@users_with_opportunities = User.have_assigned_opportunities.order(:first_name)
|
142
130
|
@unassigned_opportunities = Opportunity.unassigned.pipeline.order(:stage)
|
143
131
|
end
|
144
132
|
|
145
|
-
private
|
146
|
-
|
147
|
-
#----------------------------------------------------------------------------
|
148
|
-
def require_and_assign_user
|
149
|
-
require_user
|
150
|
-
@user = current_user
|
151
|
-
end
|
152
|
-
|
153
|
-
def assign_given_or_current_user
|
154
|
-
@user = params[:id] ? User.find(params[:id]) : current_user
|
155
|
-
end
|
156
133
|
end
|