## users controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin

class UsersController < ApplicationController
before_filter :login_required
# require_role :admin

def new
@user = User.new
end

def create
cookies.delete :auth_token
# protects against session fixation attacks, wreaks havoc with
# request forgery protection.
# uncomment at your own risk
# reset_session
params[:user][:role_ids] ||= []
@user = User.new(params[:user])
@user.save
if @user.errors.empty?
self.current_user = @user
redirect_back_or_default('/')
flash[:notice] = "Thanks for signing up!"
else
render :action => 'new'
end
end




end

## new users view
<%= error_messages_for :user %>

<% form_for(@user) do |f| -%>
<p><label for="login">Login</label><br/>
<%= f.text_field :login %></p>

<p><label for="email">Email</label><br/>
<%= f.text_field :email %></p>

<p><label for="password">Password</label><br/>
<%= f.password_field :password %></p>

<p><label for="password_confirmation">Confirm Password</label><br/>
<%= f.password_field :password_confirmation %></p>

<ul id="roles">
<% for role in Role.find(:all, :order => :name) %>
<li><%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %></li>
<% end %>
</ul>

<p><%= submit_tag 'Sign up' %></p>
<% end -%>

## sessions (edit user) controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin on update action

# This controller handles the login/logout function of the site.
class SessionsController < ApplicationController
before_filter :login_required, :except => [:new, :create]

# render new.rhtml
def new
end

def create
self.current_user = User.authenticate(params[:login], params[:password])
if logged_in?
if params[:remember_me] == "1"
current_user.remember_me unless current_user.remember_token?
cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
end
redirect_back_or_default('/')
flash[:notice] = "Logged in successfully"
else

flash[:error] = "Incorrect username and/or password"
render :action => 'new'
end
end

def destroy
self.current_user.forget_me if logged_in?
cookies.delete :auth_token
reset_session
flash[:notice] = "You have been logged out."
redirect_back_or_default('/')
end

def edit
@user = User.find(params[:id], :conditions => ["id = ?", current_user.id])
end

def update
params[:user][:role_ids] ||= []
@user = User.find(params[:id])
if @user.update_attributes(params[:user])
flash[:notice] = "User was successfully updated."
redirect_to :action => 'edit', :id => @user
else
flash[:error] = 'Unsuccessful. Try again.'
redirect_to :action => 'edit', :id => @user
end
end

def change_password
@user = User.find(params[:id])

return unless request.post?
if (params[:password] == params[:password_confirmation])
current_user.password_confirmation = params[:password_confirmation]
current_user.password = params[:password]
flash[:notice] = current_user.save ?
"Password changed" :
"Password not changed. Try again."

else
flash[:error] = "Password mismatch. Try again."
@old_password = params[:old_password]
end
end
end

## sessions edit view
<%= error_messages_for 'user' %>
<% form_tag(:action => 'update', :id => @user) do %>

<p><label for="user_login">Username</label><br/>
<%= text_field 'user', 'login' %></p>

<p><label for="user_email">Email Address</label><br/>
<%= text_field 'user', 'email' %></p>

<ul id="roles">
<% for role in Role.find(:all, :order => :name) %>
<li><%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %></li>
<% end %>
</ul>

<p><%= submit_tag 'Edit' %></p>
<% end %>

## user.rb model
class User < ActiveRecord::Base
# needed this to fix Can't mass assign these protected attributes: role_ids
attr_accessible :role_ids

end