Thank you to anyone who has already donated - your generous donations helped make three months of treatment possible.

My brother Nate continues to fight stage IV Hodgkin's lymphoma. He's just 31, with a wife and baby girl. They have no active income (since he's been unable to return to work), no insurance, and cannot afford the treatment he needs. Nate and his family need your help. Please consider a donation, every dollar helps. Thanks.


users controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin


			
class UsersController < ApplicationController  
  before_filter :login_required
  # require_role :admin

  def new
    @user = User.new
  end

  def create
    cookies.delete :auth_token
    # protects against session fixation attacks, wreaks havoc with 
    # request forgery protection.
    # uncomment at your own risk
    # reset_session
    params[:user][:role_ids] ||= []
    @user = User.new(params[:user])
    @user.save
    if @user.errors.empty?
      self.current_user = @user
      redirect_back_or_default('/')
      flash[:notice] = "Thanks for signing up!"
    else
      render :action => 'new'
    end
  end




end

new users view


			
<%= error_messages_for :user %>

<% form_for(@user) do |f| -%>


<%= f.text_field :login %>


<%= f.text_field :email %>


<%= f.password_field :password %>


<%= f.password_field :password_confirmation %>

    <% for role in Role.find(:all, :order => :name) %>
  • <%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %>
  • <% end %>

<%= submit_tag 'Sign up' %>

<% end -%>

sessions (edit user) controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin on update action


			
# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController
  before_filter :login_required, :except => [:new, :create]

  # render new.rhtml
  def new
  end

  def create
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        current_user.remember_me unless current_user.remember_token?
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      redirect_back_or_default('/')
      flash[:notice] = "Logged in successfully"
    else

      flash[:error] = "Incorrect username and/or password"
      render :action => 'new'
    end
  end

  def destroy
    self.current_user.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_back_or_default('/')
  end

  def edit    
    @user = User.find(params[:id], :conditions => ["id = ?", current_user.id])
  end

  def update  
    params[:user][:role_ids] ||= []  
    @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:notice] = "User was successfully updated."
      redirect_to :action => 'edit', :id => @user
    else
      flash[:error] = 'Unsuccessful. Try again.'
      redirect_to :action => 'edit', :id => @user
    end
  end

  def change_password    
    @user = User.find(params[:id])

    return unless request.post?
      if (params[:password] == params[:password_confirmation])
        current_user.password_confirmation = params[:password_confirmation]
        current_user.password = params[:password]
        flash[:notice] = current_user.save ?
        "Password changed" : 
        "Password not changed. Try again."

      else
        flash[:error] = "Password mismatch. Try again." 
        @old_password = params[:old_password]
      end
  end
end

sessions edit view


			
<%= error_messages_for 'user' %>
<% form_tag(:action => 'update', :id => @user) do %>


<%= text_field 'user', 'login' %>


<%= text_field 'user', 'email' %>

    <% for role in Role.find(:all, :order => :name) %>
  • <%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %>
  • <% end %>

<%= submit_tag 'Edit' %>

<% end %>

user.rb model


			
class User < ActiveRecord::Base
  # needed this to fix Can't mass assign these protected attributes: role_ids
  attr_accessible :role_ids

end