1 files changed, 39 insertions, 5 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 58bf4c6..767d992 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,7 +1,10 @@
 class UsersController < ApplicationController
-	before_action :set_user, only: [:show, :edit, :update, :destroy]
+
+	require 'httparty'
+	require 'json'
 
 	# GET /users
+
 	# GET /users.json
 	def index
 		@users = User.all
@@ -25,13 +28,26 @@ class UsersController < ApplicationController
 	# POST /users.json
 	def create
 		@user = User.new(user_params)
+		unless (simple_captcha_valid?)
+			respond_to do |format|
+				format.html { render action: 'new', status: :unprocessable_entity }
+				format.json { render json: @user.errors, status: :unprocessable_entity }
+			end
+			return
+		end
 
 		respond_to do |format|
 			if @user.save
-				format.html { redirect_to @user, notice: 'User was successfully created.' }
+				sign_in @user
+				if @user.id == 1
+					# This is the first user, so give them all the power
+					@user.permissions = 0xFFFFFFFF
+					@user.save
+				end
+				format.html { redirect_to root_path, notice: 'User was successfully created.' }
 				format.json { render action: 'show', status: :created, location: @user }
 			else
-				format.html { render action: 'new' }
+				format.html { render action: 'new', status: :unprocessable_entity }
 				format.json { render json: @user.errors, status: :unprocessable_entity }
 			end
 		end
@@ -40,8 +56,17 @@ class UsersController < ApplicationController
 	# PATCH/PUT /users/1
 	# PATCH/PUT /users/1.json
 	def update
+		ok = true
+		if params[:user][:remote_usernames].nil?
+			ok &= @user.update(user_params)
+		else
+			params[:user][:remote_usernames].each do |game_name,user_name|
+				game = Game.find_by_name(game_name)
+				Sampling::RiotApi::set_remote_name(@user, game, user_name)
+			end
+		end
 		respond_to do |format|
-			if @user.update(user_params)
+			if ok
 				format.html { redirect_to @user, notice: 'User was successfully updated.' }
 				format.json { head :no_content }
 			else
@@ -61,14 +86,23 @@ class UsersController < ApplicationController
 		end
 	end
 
+
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_user
 		@user = User.find(params[:id])
 	end
 
+	def is_owner?(object)
+		object == current_user
+	end
+
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def user_params
-		params.require(:user).permit(:name, :email, :user_name)
+		permitted = [ :name, :email, :user_name, :password, :password_confirmation ]
+		if current_user.can? :edit_permissions
+			permitted.push(:abilities => User.permission_bits.keys)
+		end
+		params.require(:user).permit(permitted)
 	end
 end