From 3c4c62abd55d495af0644f700fa674e41b46a589 Mon Sep 17 00:00:00 2001
From: Maxwell Salzberg <maxwell@joindiaspora.com>
Date: Thu, 19 May 2011 14:23:04 -0700
Subject: [PATCH] moved auth token to admins page, and added a link in the
 dropdown

---
 app/controllers/admins_controller.rb      |  7 +++++++
 app/controllers/application_controller.rb |  6 +++---
 app/controllers/users_controller.rb       | 10 ----------
 app/models/user.rb                        |  4 ++++
 app/views/admins/user_search.html.haml    |  5 +++++
 app/views/layouts/_header.html.haml       |  2 ++
 config/locales/diaspora/en.yml            |  1 +
 config/routes.rb                          |  2 +-
 8 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb
index 95ee54e9bf..95c5ed18d0 100644
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@@ -28,6 +28,13 @@ class AdminsController < ApplicationController
 
     redirect_to :back, :notice => notice, :user => {:id => u.id}
   end
+
+  def generate_new_token
+    current_user.reset_authentication_token!
+    current_user.authentication_token
+    redirect_to user_search_path, :notice => "auth token reset" 
+  end
+  
   def admin_inviter
     opts = {:service => 'email', :identifier => params[:identifier]}
     existing_user = Invitation.find_existing_user('email', params[:identifier])
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bd76960a90..af5088bc09 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -76,9 +76,9 @@ class ApplicationController < ActionController::Base
   end
 
   def redirect_unless_admin
-    admins = AppConfig[:admins]
-    unless admins.present? && admins.include?(current_user.username)
-      redirect_to root_url
+    unless current_user.admin?
+      redirect_to root_url, :notice => 'you need to be an admin to do that'
+      return
     end
   end
 
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 86e8f35c9e..cc8d482f38 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -141,14 +141,4 @@ class UsersController < ApplicationController
     tar_path = PhotoMover::move_photos(current_user)
     send_data( File.open(tar_path).read, :filename => "#{current_user.id}.tar" )
   end
-
-  before_filter :redirect_unless_admin, :only => :generate_new_token
-  def generate_new_token
-    if current_user.reset_authentication_token!
-      @token = current_user.authentication_token
-    else
-      @token = "No token created"
-    end
-    render :text => @token
-  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index b695d383be..9ff8afecb8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -322,6 +322,10 @@ class User < ActiveRecord::Base
     OpenSSL::PKey::RSA.new(serialized_private_key)
   end
 
+  def admin?
+    AppConfig[:admins].present? && AppConfig[:admins].include?(self.username)
+  end
+
   protected
 
   def remove_person
diff --git a/app/views/admins/user_search.html.haml b/app/views/admins/user_search.html.haml
index 2b63a61ff5..0518ed53a7 100644
--- a/app/views/admins/user_search.html.haml
+++ b/app/views/admins/user_search.html.haml
@@ -40,6 +40,11 @@
   = link_to "add 10 invites for this user", add_invites_path(:user_id => user.id)
   %br
   %br
+  %br
+%h3 your auth token
+%h2= current_user.authentication_token
+= link_to "reset auth token", new_auth_token_path
+%br
 = javascript_include_tag 'apiconsole'
 #query
   %h3 api console
diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml
index 02150f9056..ff5524d06a 100644
--- a/app/views/layouts/_header.html.haml
+++ b/app/views/layouts/_header.html.haml
@@ -42,6 +42,8 @@
         = link_to current_user.name, '#'
       %li= link_to t('.profile'), current_user.person
       %li= link_to t('.settings'), edit_user_path
+      -if current_user.admin?
+        %li= link_to t('.admin'), user_search_path
       %li= link_to t('.logout'), destroy_user_session_path
 
     -unless @landing_page
diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml
index 7a3895e6b6..2806b7c049 100644
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@@ -270,6 +270,7 @@ en:
       blog: "blog"
       login: "log in"
       code: "code"
+      admin: "admin"
     application:
       powered_by: "POWERED BY DIASPORA*"
       whats_new: "what's new?"
diff --git a/config/routes.rb b/config/routes.rb
index 9951299c9f..e5363f0f7e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -61,7 +61,6 @@ Diaspora::Application.routes.draw do
   end
 
   # generating a new user token (for devise)
-  match 'users/generate_new_token' => 'users#generate_new_token'
 
   # ActivityStreams routes
   scope "/activity_streams", :module => "activity_streams" do
@@ -75,6 +74,7 @@ Diaspora::Application.routes.draw do
     match 'user_search'   => :user_search
     get   'admin_inviter' => :admin_inviter
     get   'add_invites'   => :add_invites, :as => 'add_invites'
+    get   'generate_new_token' => :generate_new_token, :as => 'new_auth_token'
   end
 
   resource :profile
-- 
GitLab