summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2016-07-05 08:54:43 +0200
committerAzul <azul@riseup.net>2016-07-05 08:54:43 +0200
commit798c1240b59403b8d8de9559776718266b2ecba5 (patch)
tree74b53a8762710a76c4ca5d270b6ef9545dfca221 /app
parentfcc8207f84249612eba719b8aa77cd7c51e5ad5a (diff)
parent30da8e6ffa1eefafb9762645efb85e0beed236c6 (diff)
Merge remote-tracking branch 'pr/222' into merge-branch
Diffstat (limited to 'app')
-rw-r--r--app/controllers/account_controller.rb17
-rw-r--r--app/controllers/api/users_controller.rb7
-rw-r--r--app/controllers/users_controller.rb28
-rw-r--r--app/models/account.rb10
-rw-r--r--app/views/account/new.html.haml (renamed from app/views/users/new.html.haml)6
-rw-r--r--app/views/sessions/_warnings.html.haml (renamed from app/views/users/_warnings.html.haml)0
-rw-r--r--app/views/sessions/new.html.haml2
-rw-r--r--app/views/users/_change_service_level.html.haml15
8 files changed, 47 insertions, 38 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
new file mode 100644
index 0000000..ee7cca4
--- /dev/null
+++ b/app/controllers/account_controller.rb
@@ -0,0 +1,17 @@
+class AccountController < ApplicationController
+
+ before_filter :require_registration_allowed
+ before_filter :redirect_if_logged_in
+
+ def new
+ @user = User.new
+ end
+
+ protected
+
+ def require_registration_allowed
+ unless APP_CONFIG[:allow_registration]
+ redirect_to home_path
+ end
+ end
+end
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
index e64d21f..c79a729 100644
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -50,8 +50,7 @@ module Api
end
def destroy
- destroy_identity = current_user.is_monitor? || params[:identities] == "destroy"
- @user.account.destroy(destroy_identity)
+ @user.account.destroy(release_handles)
if @user == current_user
logout
end
@@ -60,6 +59,10 @@ module Api
private
+ def release_handles
+ current_user.is_monitor? || params[:identities] == "destroy"
+ end
+
# tester auth can only create test users.
def create_test_account
if User::is_test?(params[:user][:login])
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1404b0e..4d198b9 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -5,11 +5,9 @@
class UsersController < ApplicationController
include ControllerExtension::FetchUser
- before_filter :require_login, :except => [:new]
- before_filter :redirect_if_logged_in, :only => [:new]
+ before_filter :require_login
before_filter :require_admin, :only => [:index, :deactivate, :enable]
- before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
- before_filter :require_registration_allowed, only: :new
+ before_filter :fetch_user, :only => [:show, :edit, :destroy, :deactivate, :enable]
respond_to :html
@@ -27,25 +25,12 @@ class UsersController < ApplicationController
@users = @users.limit(100)
end
- def new
- @user = User.new
- end
-
def show
end
def edit
end
- ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
- def update
- @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level])
- if @user.valid?
- flash[:notice] = I18n.t(:changes_saved)
- end
- respond_with @user, :location => edit_user_path(@user)
- end
-
def deactivate
@user.account.disable
flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
@@ -73,10 +58,11 @@ class UsersController < ApplicationController
protected
- def require_registration_allowed
- unless APP_CONFIG[:allow_registration]
- redirect_to home_path
+ def user_params
+ if admin?
+ params.require(:user).permit(:effective_service_level)
+ else
+ params.require(:user).permit(:password, :password_confirmation)
end
end
-
end
diff --git a/app/models/account.rb b/app/models/account.rb
index 7310250..d722caa 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -69,15 +69,13 @@ class Account
@user.refresh_identity
end
- def destroy(destroy_identity=false)
+ def destroy(release_handles=false)
return unless @user
if !@user.is_tmp?
- if destroy_identity == false
- @user.identities.each do |id|
+ @user.identities.each do |id|
+ if release_handles == false
id.orphan!
- end
- else
- @user.identities.each do |id|
+ else
id.destroy
end
end
diff --git a/app/views/users/new.html.haml b/app/views/account/new.html.haml
index 1b257d9..d40259e 100644
--- a/app/views/users/new.html.haml
+++ b/app/views/account/new.html.haml
@@ -1,8 +1,8 @@
-#
-# This form is handled entirely by javascript
-# Please take care when changing element ids.
--#
--# The form is hidden when no js is available
+-#
+-# The form is hidden when no js is available
-# to prevent submission in the clear.
-#
@@ -12,7 +12,7 @@
.col-md-9
%h2=t :signup
.lead=t :signup_info
- = render :partial => 'warnings'
+ = render "sessions/warnings"
= simple_form_for(@user, form_options) do |f|
= f.input :login, :label => t(:username), :required => false, :input_html => { :id => :srp_username }
= f.input :password, :label => t(:password), :required => false, :validate => true, :input_html => { :id => :srp_password }
diff --git a/app/views/users/_warnings.html.haml b/app/views/sessions/_warnings.html.haml
index baf80a4..baf80a4 100644
--- a/app/views/users/_warnings.html.haml
+++ b/app/views/sessions/_warnings.html.haml
diff --git a/app/views/sessions/new.html.haml b/app/views/sessions/new.html.haml
index 942c485..6695123 100644
--- a/app/views/sessions/new.html.haml
+++ b/app/views/sessions/new.html.haml
@@ -2,7 +2,7 @@
.col-md-9
%h2=t :login
.lead=t :login_info
- = render :partial => 'users/warnings'
+ = render 'warnings'
= simple_form_for [:api, @session], validate: true, html: { id: :new_session, class: 'form-horizontal hidden js-show', style: "display:none;" } do |f|
= f.input :login, :required => false, :label => t(:username), :input_html => { :id => :srp_username }
= f.input :password, :required => false, :input_html => { :id => :srp_password }
diff --git a/app/views/users/_change_service_level.html.haml b/app/views/users/_change_service_level.html.haml
index a2e9956..32ea8c0 100644
--- a/app/views/users/_change_service_level.html.haml
+++ b/app/views/users/_change_service_level.html.haml
@@ -1,8 +1,13 @@
--# TODO: probably won't want here, but here for now. Also, we will need way to ensure payment if they pick a non-free plan.
--#
--# SERVICE LEVEL
--#
-- if APP_CONFIG[:service_levels]
+:ruby
+ # DISABLED! this form points to a route that does not exist.
+ # It's a draft for implementing service levels.
+ # TODO: probably won't want here, but here for now.
+ # We will need way to ensure payment for a non-free plan.
+ #
+ # SERVICE LEVEL
+ #
+ #
+- if APP_CONFIG[:service_levels] && false
- form_options = {:html => {:class => user_form_class('form-horizontal'), :id => 'update_service_level', :data => {token: session[:token]}}, :validate => true}
= simple_form_for @user, form_options do |f|
%legend= t(:service_level)