class UsersController < ApplicationController before_action :authenticate_user! before_action :set_user, only: [:edit, :update, :destroy] before_action :require_admin load_and_authorize_resource def index @users = User.all end def new @user = User.new @user.access_periods.build unless @user.access_periods.any? end def edit @user = User.find(params[:id]) @user.access_periods.build if @user.access_periods.empty? end def create @user = User.new(user_params) # Ensure an access period is built if none exist and no start_date is provided if @user.access_periods.empty? @user.access_periods.build(start_date: Date.today) # Set start date automatically end if @user.save update_user_roles(@user, params[:user][:roles] || ['user']) redirect_to users_path, notice: 'User was successfully created.' else render :new end end def update @user = User.find(params[:id]) # If @user is set in a before_action, this line can be removed. # Handling password change: if password fields are blank, they are removed from user_params to prevent updating the password to nil. cleaned_params = user_params if cleaned_params[:password].blank? cleaned_params.delete(:password) cleaned_params.delete(:password_confirmation) end if @user.update(cleaned_params.except(:roles)) # Update roles update_user_roles(@user, params[:user][:roles] || []) # Check and update the access revoked status and end date if params[:user][:access_revoked] == "1" current_period = @user.access_periods.order(:created_at).last current_period.update(end_date: Date.today) unless current_period.end_date.present? end redirect_to users_path, notice: 'User was successfully updated.' else render :edit end end def show @user = User.includes(:access_periods).find(params[:id]) end def destroy @user.destroy redirect_to users_path, notice: 'User was successfully deleted.' end private def set_user @user = User.find(params[:id]) end def user_params params.require(:user).permit( :email, :password, :password_confirmation, :remember_me, :first_name, :last_name, :phone, :company, :access_revoked, :access_start_date, :access_end_date, access_periods_attributes: [:id, :start_date, :end_date, :_destroy], roles: [] ) end def require_admin unless current_user.admin? redirect_to root_path, alert: 'Only admins are allowed to access this section.' end end def assign_roles(user) user.roles = [] params[:user][:roles].each do |role_name| user.add_role(role_name) unless role_name.blank? end if params[:user][:roles].present? end def update_user_roles(user, roles_names) return if roles_names.blank? # Do nothing if no roles provided roles_names.each do |role_name| user.add_role(role_name) unless role_name.blank? end end def handle_access_revocation if params[:user][:access_revoked] == "1" current_period = @user.access_periods.find_or_initialize_by(end_date: nil) current_period.update(end_date: Date.today) unless current_period.end_date.present? elsif params[:user][:access_revoked] == "0" && @user.access_periods.last&.end_date.present? @user.access_periods.build(start_date: Date.today) end end end