BikeShed-1/app/controllers/api/v1/users_controller.rb

require 'securerandom'
class Api::V1::UsersController < Api::V1::BaseController
  CANNOT_MANAGE = "You do not have the permission to manager users"
  NOT_FOUND = "User not found"
  NOT_ALLOWED = "Not allowed to reset your own password in this fashion"
  PASS_LENGTH = 8

  def password_reset
    if can? :manage, User
      user = User.find_by_id(params[:user_id])
      render :json => { "errors" => [NOT_FOUND]}, :status => 404 and return if user.nil?
      render :json => { "errors" => [NOT_ALLOWED]}, :status => 403 and return if user.id == current_user.id

      new_pass = SecureRandom.hex[0,PASS_LENGTH]
      user.password = new_pass
      user.save
      render :json => { "password" => new_pass}, :status => 200 and return
    else
      render :json => { "errors" => [CANNOT_MANAGE]}, :status => 403 and return
    end
  end


=begin  Is this here by accident? Commenting out for now (1/30/14)
  def checkout
    #must use @current_user since user may not have signed in
    if !@current_user.checked_in?
      render :json => { "error" => "You were not even checked in."}, :status => 404 and return
    else
      @current_user.checkout
      render :nothing => true, :status => 204 and return
    end
  end
=end
end
Added reset password api method 12 years ago			`require 'securerandom'`
			`class Api::V1::UsersController < Api::V1::BaseController`
Added User password_reset spec and some refactor Make returned error in errors array Use constants 11 years ago			`CANNOT_MANAGE = "You do not have the permission to manager users"`
			`NOT_FOUND = "User not found"`
			`NOT_ALLOWED = "Not allowed to reset your own password in this fashion"`
			`PASS_LENGTH = 8`
Added reset password api method 12 years ago
			`def password_reset`
			`if can? :manage, User`
			`user = User.find_by_id(params[:user_id])`
Added User password_reset spec and some refactor Make returned error in errors array Use constants 11 years ago			`render :json => { "errors" => [NOT_FOUND]}, :status => 404 and return if user.nil?`
			`render :json => { "errors" => [NOT_ALLOWED]}, :status => 403 and return if user.id == current_user.id`
Added reset password api method 12 years ago
Added User password_reset spec and some refactor Make returned error in errors array Use constants 11 years ago			`new_pass = SecureRandom.hex[0,PASS_LENGTH]`
Added reset password api method 12 years ago			`user.password = new_pass`
			`user.save`
			`render :json => { "password" => new_pass}, :status => 200 and return`
			`else`
Added User password_reset spec and some refactor Make returned error in errors array Use constants 11 years ago			`render :json => { "errors" => [CANNOT_MANAGE]}, :status => 403 and return`
Added reset password api method 12 years ago			`end`
			`end`

WTF? Is this needed? Commenting this out for now users#checkout copy pasta perhaps? 11 years ago
			`=begin Is this here by accident? Commenting out for now (1/30/14)`
Added reset password api method 12 years ago			`def checkout`
			`#must use @current_user since user may not have signed in`
			`if !@current_user.checked_in?`
			`render :json => { "error" => "You were not even checked in."}, :status => 404 and return`
			`else`
			`@current_user.checkout`
			`render :nothing => true, :status => 204 and return`
			`end`
			`end`
WTF? Is this needed? Commenting this out for now users#checkout copy pasta perhaps? 11 years ago			`=end`
Added reset password api method 12 years ago			`end`