class AccountsController < ApplicationController # Be sure to include AuthenticationSystem in Application Controller instead # include AuthenticatedSystem # Protect these actions behind an admin login # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge] before_filter :find_account, :only => [:suspend, :unsuspend, :destroy, :purge] # render new.rhtml def new end def create cookies.delete :auth_token # protects against session fixation attacks, wreaks havoc with # request forgery protection. # uncomment at your own risk # reset_session @account = Account.new(params[:account]) @account.register! if @account.valid? if @account.errors.empty? self.current_account = @account redirect_back_or_default('/') flash[:notice] = "Thanks for signing up!" else render :action => 'new' end end def activate self.current_account = params[:activation_code].blank? ? false : Account.find_by_activation_code(params[:activation_code]) if logged_in? && !current_account.active? current_account.activate! flash[:notice] = "Signup complete!" end redirect_back_or_default('/') end def suspend @account.suspend! redirect_to accounts_path end def unsuspend @account.unsuspend! redirect_to accounts_path end def destroy @account.delete! redirect_to accounts_path end def purge @account.destroy redirect_to accounts_path end protected def find_account @account = Account.find(params[:id]) end end