/core/app/controllers/spree/admin/users_controller.rb
Ruby | 68 lines | 53 code | 10 blank | 5 comment | 3 complexity | e6faedc95b5e40bd0b3576f3301cfffa MD5 | raw file
- module Spree
- module Admin
- class UsersController < ResourceController
- # http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
- before_filter :check_json_authenticity, :only => :index
- def index
- respond_with(@collection) do |format|
- format.html
- format.json { render :json => json_data }
- end
- end
- def dismiss_banner
- if request.xhr? and params[:banner_id]
- current_user.dismiss_banner(params[:banner_id])
- render :nothing => true
- end
- end
- protected
- def collection
- return @collection if @collection.present?
- unless request.xhr?
- @search = Spree::User.registered.ransack(params[:q])
- @collection = @search.result.page(params[:page]).per(Spree::Config[:admin_products_per_page])
- else
- #disabling proper nested include here due to rails 3.1 bug
- #@collection = User.includes(:bill_address => [:state, :country], :ship_address => [:state, :country]).
- @collection = Spree::User.includes(:bill_address, :ship_address).
- where("spree_users.email #{LIKE} :search
- OR (spree_addresses.firstname #{LIKE} :search AND spree_addresses.id = spree_users.bill_address_id)
- OR (spree_addresses.lastname #{LIKE} :search AND spree_addresses.id = spree_users.bill_address_id)
- OR (spree_addresses.firstname #{LIKE} :search AND spree_addresses.id = spree_users.ship_address_id)
- OR (spree_addresses.lastname #{LIKE} :search AND spree_addresses.id = spree_users.ship_address_id)",
- { :search => "#{params[:q].strip}%" }).
- limit(params[:limit] || 100)
- end
- end
- private
- # handling raise from Admin::ResourceController#destroy
- def user_destroy_with_orders_error
- invoke_callbacks(:destroy, :fails)
- render :status => :forbidden, :text => t(:error_user_destroy_with_orders)
- end
- # Allow different formats of json data to suit different ajax calls
- def json_data
- json_format = params[:json_format] or 'default'
- case json_format
- when 'basic'
- collection.map { |u| { 'id' => u.id, 'name' => u.email } }.to_json
- else
- address_fields = [:firstname, :lastname, :address1, :address2, :city, :zipcode, :phone, :state_name, :state_id, :country_id]
- includes = { :only => address_fields , :include => { :state => { :only => :name }, :country => { :only => :name } } }
- collection.to_json(:only => [:id, :email], :include =>
- { :bill_address => includes, :ship_address => includes })
- end
- end
- end
- end
- end