diff options
Diffstat (limited to 'users')
-rw-r--r-- | users/app/controllers/users_controller.rb | 16 | ||||
-rw-r--r-- | users/app/models/user.rb | 2 | ||||
-rw-r--r-- | users/app/views/users/_deactivate_account.html.haml | 6 | ||||
-rw-r--r-- | users/app/views/users/_edit.html.haml | 5 | ||||
-rw-r--r-- | users/app/views/users/_enable_account.html.haml | 6 | ||||
-rw-r--r-- | users/app/views/users/edit.html.haml | 2 | ||||
-rw-r--r-- | users/app/views/users/show.html.haml | 2 | ||||
-rw-r--r-- | users/config/locales/en.yml | 5 | ||||
-rw-r--r-- | users/config/routes.rb | 2 | ||||
-rw-r--r-- | users/test/functional/users_controller_test.rb | 18 |
10 files changed, 60 insertions, 4 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 4ce970b..f66277d 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -5,8 +5,8 @@ class UsersController < UsersBaseController before_filter :authorize, :only => [:show, :edit, :update, :destroy] - before_filter :fetch_user, :only => [:show, :edit, :update, :destroy] - before_filter :authorize_admin, :only => [:index] + before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] + before_filter :authorize_admin, :only => [:index, :deactivate, :enable] respond_to :html @@ -34,6 +34,18 @@ class UsersController < UsersBaseController def edit end + def deactivate + @user.enabled = false + @user.save + respond_with @user + end + + def enable + @user.enabled = true + @user.save + respond_with @user + end + def destroy @user.destroy redirect_to admin? ? users_url : root_url diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 3459520..413b4ac 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -11,6 +11,8 @@ class User < CouchRest::Model::Base property :public_key, :accessible => true + property :enabled, TrueClass, :default => true + validates :login, :password_salt, :password_verifier, :presence => true diff --git a/users/app/views/users/_deactivate_account.html.haml b/users/app/views/users/_deactivate_account.html.haml new file mode 100644 index 0000000..fec0afa --- /dev/null +++ b/users/app/views/users/_deactivate_account.html.haml @@ -0,0 +1,6 @@ +%legend + =t :deactivate_account + %small=t :deactivate_description += link_to deactivate_user_path(@user), :method => :post, :class => "btn" do + %i.icon-remove.icon-white + =t :deactivate_account
\ No newline at end of file diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml index adee8a4..41a68fd 100644 --- a/users/app/views/users/_edit.html.haml +++ b/users/app/views/users/_edit.html.haml @@ -35,3 +35,8 @@ = link_to user_path(@user), :method => :delete, :confirm => t(:are_you_sure), :class => "btn btn-danger" do %i.icon-remove.icon-white = t(:destroy_my_account) + +- # TODO: should show enabled field if admin is viewing another account. +- # TODO: admins should be able to deactivate/enable regular accounts, as appropriate. before had: +- # = render 'deactivate_account' if @user != current_user and @user.enabled? +- # = render 'enable_account' if @user != current_user and !@user.enabled?
\ No newline at end of file diff --git a/users/app/views/users/_enable_account.html.haml b/users/app/views/users/_enable_account.html.haml new file mode 100644 index 0000000..5ecca48 --- /dev/null +++ b/users/app/views/users/_enable_account.html.haml @@ -0,0 +1,6 @@ +%legend + =t :enable_account + %small=t :enable_description += link_to enable_user_path(@user), :method => :post, :class => "btn" do + %i.icon-remove.icon-white + =t :enable_account
\ No newline at end of file diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index 08e9dc3..434c025 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1 +1 @@ -= render 'edit'
\ No newline at end of file += render 'edit' diff --git a/users/app/views/users/show.html.haml b/users/app/views/users/show.html.haml index 08e9dc3..434c025 100644 --- a/users/app/views/users/show.html.haml +++ b/users/app/views/users/show.html.haml @@ -1 +1 @@ -= render 'edit'
\ No newline at end of file += render 'edit' diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml index b880887..f4d3171 100644 --- a/users/config/locales/en.yml +++ b/users/config/locales/en.yml @@ -30,6 +30,11 @@ en: not_authorized: "Sorry, but you are not authorized to perform that action." not_authorized_login: "Please log in to perform that action." search: "Search" + cookie_disabled_warning: "You have cookies disabled. You will not be able to login until you enable cookies." + js_required: "We are sorry, but this doesn't work without javascript enabled. This is for security reasons." + enable_description: "This will restore the account to full functionality" + deactivate_description: "This will temporarily deactivate some account functionality." #todo detail exact functionality. can receive email but not send or renew client certificate? + # # overview diff --git a/users/config/routes.rb b/users/config/routes.rb index b6d583e..4fa185f 100644 --- a/users/config/routes.rb +++ b/users/config/routes.rb @@ -17,6 +17,8 @@ Rails.application.routes.draw do resource :overview, :only => [:show] resource :email_settings, :only => [:edit, :update] resources :email_aliases, :only => [:destroy], :id => /.*/ + post 'deactivate', on: :member + post 'enable', on: :member end get "/.well-known/host-meta" => 'webfinger#host_meta' diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb index 92a5f6c..0ce5cc2 100644 --- a/users/test/functional/users_controller_test.rb +++ b/users/test/functional/users_controller_test.rb @@ -142,4 +142,22 @@ class UsersControllerTest < ActionController::TestCase assert assigns(:users) end + test "user cannot enable own account" do + user = find_record :user + login + post :enable, :id => user.id + assert_access_denied + end + + test "admin can deactivate user" do + user = find_record :user + assert user.enabled? + user.expects(:save).returns(true) + + login :is_admin? => true + + post :deactivate, :id => user.id + assert !assigns(:user).enabled? + end + end |