Velocipede's User, Sales, and Bike Inventory Web App
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

35 lines
1.2 KiB

require 'securerandom'
class Api::V1::UsersController < Api::V1::BaseController
CANNOT_MANAGE = "You do not have the permission to manager users"
NOT_FOUND = "User not found"
NOT_ALLOWED = "Not allowed to reset your own password in this fashion"
PASS_LENGTH = 8
def password_reset
if can? :manage, User
user = User.find_by_id(params[:user_id])
render :json => { "errors" => [NOT_FOUND]}, :status => 404 and return if user.nil?
render :json => { "errors" => [NOT_ALLOWED]}, :status => 403 and return if user.id == current_user.id
new_pass = SecureRandom.hex[0,PASS_LENGTH]
user.password = new_pass
user.save
render :json => { "password" => new_pass}, :status => 200 and return
else
render :json => { "errors" => [CANNOT_MANAGE]}, :status => 403 and return
end
end
=begin Is this here by accident? Commenting out for now (1/30/14)
def checkout
#must use @current_user since user may not have signed in
if !@current_user.checked_in?
render :json => { "error" => "You were not even checked in."}, :status => 404 and return
else
@current_user.checkout
render :nothing => true, :status => 204 and return
end
end
=end
end