1 files changed, 177 insertions, 0 deletions
diff --git a/app/controllers/person_controller.rb b/app/controllers/person_controller.rb
new file mode 100644
index 0000000..43cecb9
--- /dev/null
+++ b/app/controllers/person_controller.rb
@@ -0,0 +1,177 @@
+
+
+class PersonController < ApplicationController
+#  model :location, :person
+
+#  before_filter :validate_person, :only => [:edit, :update, :do_change_pass]
+
+  @person = ''
+ 
+  def login
+    if session[:person]
+      reset_session
+    end
+  end
+ 
+  def sign_on
+    person = Person.authenticate( params[:person][:email], 
+                                  params[:person][:password])
+
+    if person
+      session[:person] = person
+      if session[:url]
+        redirect_to session[:url]
+      else
+        redirect_to :controller => "person", :action => "show", :id => session[:person].id
+      end
+      session[:url] = nil
+    else
+      flash[:notice] = "Login fehlgeschlagen."
+      redirect_to :action => "login"
+    end
+  end
+
+  def logout
+    reset_session
+    redirect_to :action => "login"
+  end
+  def login
+  end
+
+  def index
+    redirect_to :action => "list"
+  end
+
+  # list all persons
+  def list
+    @persons = Person.find(:all, :order => :email )
+  end
+
+  # show information about a person
+  def show
+    begin
+      @person = Person.find(params[:id])
+
+      @locations = Location.find(:all,
+                       :conditions => ["person_id = ?", params[:id]] )
+    
+    rescue ActiveRecord::RecordNotFound
+      render_text "Error, Person not found"
+    end
+  end
+
+  # edit a specific person identified by param person id
+  def edit
+    @person = Person.find(params[:id])
+    if session[:person] != @person and session[:person].email != 'nine@wirdorange.org'
+      flash[:notice] = 'Sie haben nicht die Berechtigung hierfür.'
+      redirect_to :back
+    end
+  end
+
+  # update the information about a person identified by person id
+  def update
+    @person = Person.find(params[:id])
+    if session[:person] != @person and session[:person].email != 'nine@wirdorange.org'
+      flash[:notice] = 'Sie haben nicht die Berechtigung hierfür.'
+      redirect_to :back
+    else 
+      if @person.update_attributes(params[:person])
+        flash[:notice] = 'Person wurde erfolgreich upgedatet.'
+        redirect_to :action => 'show', :id => @person
+      else
+        flash[:notice] = 'Person wurde NICHT verändert.'
+        redirect_to :action => 'edit', :id => @person
+      end
+    end
+  end
+
+  def register
+  end
+
+  # create new person record
+  def create
+   if params[:password] == params[:password2]
+      values = params[:person]
+      values[:password] = params[:password] 
+      @person = Person.new(values)
+      @person.password = params[:person][:password]
+      if @person.save
+        flash[:notice] = 'Person erfolgreich registriert'
+        redirect_to :action => 'show', :id => @person
+      else
+        params[:person][:password2] = "";
+        params[:person][:password] = "";
+        render :action => 'register', :person => params[:person]
+      end
+    else
+      flash[:notice] = 'Bitte überprüfen Sie ihre Eingabe'
+      render :action => 'register', :person => params[:person]
+    end
+  end
+
+  # revoke password form
+  def revoke_pass
+    reset_session
+  end
+
+  # generate new password and mail to the poor guy
+  def do_revoke
+    password = newpass( 8 ) 
+    @person = Person.find( :first,
+                           :conditions => [ "email = ?", params[:person][:email] ] )
+    if @person == nil
+      flash[:notice] = 'Die angegebene Email Adresse ist nicht registriert.'
+      redirect_to :action => 'revoke_pass'
+    elsif @person.update_attribute( 'password', password )
+      mail = PasswordMailer.deliver_password( @person, password )
+      flash[:notice] = 'Ihr neues Passwort wird Ihnen via email zugesendet.'
+      redirect_to :action => 'login'
+    else
+      render :action => 'revoke_pass'
+    end
+  end
+
+  def change_pass
+    @person = Person.find(params[:id])
+    if session[:person] != @person
+      flash[:notice] = 'Sie haben nicht die Berechtigung hierfür.'
+      redirect_to :back
+    end
+  end
+
+  def do_change_pass
+      person = Person.find( :first, :conditions =>
+                      [ "email = BINARY ? AND password = BINARY ?",
+                        session[:person][:email],
+                        Digest::MD5.hexdigest(params[:oldpassword]) ] )
+      if person and params[:password] == params[:password2]
+        person.update_attribute( 'password', params[:password] )
+	flash[:notice] = 'Ihr Passwort wurde geaendert.'
+	redirect_to :action => 'show', :id => session[:person][:id]
+      else
+        flash[:notice] = 'Ihr altes Passwort wurde falsch eingegeben.'
+	redirect_to :back
+      end
+  end
+
+
+protected
+  # validate rights of person
+  def validate_person
+    if session[:person] != @person
+      flash[:notice] = 'Sie sind leider nicht berechtigt!'
+      redirect_to :back
+    end
+  end
+
+private
+  # generate alphanumeric password 
+  def newpass( len )
+    chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
+    newpass = ""
+    1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
+    return newpass
+  end
+
+end