+ @friend = User.find_by(:display_name => params[:display_name])
+
+ if @friend
+ if request.post?
+ if current_user.is_friends_with?(@friend)
+ Friend.where(:user_id => current_user.id, :friend_user_id => @friend.id).delete_all
+ flash[:notice] = t "user.remove_friend.success", :name => @friend.display_name
+ else
+ flash[:error] = t "user.remove_friend.not_a_friend", :name => @friend.display_name
+ end
+
+ if params[:referer]
+ redirect_to params[:referer]
+ else
+ redirect_to :action => "view"
+ end
+ end
+ else
+ render_unknown_user params[:display_name]
+ end
+ end
+
+ ##
+ # sets a user's status
+ def set_status
+ @user.status = params[:status]
+ @user.save
+ redirect_to :action => "view", :display_name => params[:display_name]
+ end
+
+ ##
+ # delete a user, marking them as deleted and removing personal data
+ def delete
+ @user.delete
+ redirect_to :action => "view", :display_name => params[:display_name]
+ end
+
+ ##
+ # display a list of users matching specified criteria
+ def list
+ if request.post?
+ ids = params[:user].keys.collect(&:to_i)
+
+ User.where(:id => ids).update_all(:status => "confirmed") if params[:confirm]
+ User.where(:id => ids).update_all(:status => "deleted") if params[:hide]
+
+ redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page])
+ else
+ @params = params.permit(:status, :ip)
+
+ conditions = {}
+ conditions[:status] = @params[:status] if @params[:status]
+ conditions[:creation_ip] = @params[:ip] if @params[:ip]
+
+ @user_pages, @users = paginate(:users,
+ :conditions => conditions,
+ :order => :id,
+ :per_page => 50)
+ end
+ end
+
+ ##
+ # omniauth success callback
+ def auth_success
+ auth_info = request.env["omniauth.auth"]
+
+ provider = auth_info[:provider]
+ uid = auth_info[:uid]
+ name = auth_info[:info][:name]
+ email = auth_info[:info][:email]
+
+ case provider
+ when "openid"
+ email_verified = uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
+ uid.match(%r{https://me.yahoo.com/(.*)})
+ when "google", "facebook"
+ email_verified = true
+ else
+ email_verified = false
+ end
+
+ if settings = session.delete(:new_user_settings)
+ current_user.auth_provider = provider
+ current_user.auth_uid = uid
+
+ update_user(current_user, settings)
+
+ session[:user_errors] = current_user.errors.as_json
+
+ redirect_to :action => "account", :display_name => current_user.display_name
+ elsif session[:new_user]
+ session[:new_user].auth_provider = provider
+ session[:new_user].auth_uid = uid
+
+ session[:new_user].status = "active" if email_verified && email == session[:new_user].email
+
+ redirect_to :action => "terms"
+ else
+ user = User.find_by(:auth_provider => provider, :auth_uid => uid)
+
+ if user.nil? && provider == "google"
+ openid_url = auth_info[:extra][:id_info]["openid_id"]
+ user = User.find_by(:auth_provider => "openid", :auth_uid => openid_url) if openid_url
+ user.update(:auth_provider => provider, :auth_uid => uid) if user
+ end
+
+ if user
+ case user.status
+ when "pending" then
+ unconfirmed_login(user)
+ when "active", "confirmed" then
+ successful_login(user, request.env["omniauth.params"]["referer"])
+ when "suspended" then
+ failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe
+ else
+ failed_login t("user.login.auth failure")
+ end