10 files changed, 60 insertions, 4 deletions

diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index 4ce970b..f66277d 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -5,8 +5,8 @@
 class UsersController < UsersBaseController
 
   before_filter :authorize, :only => [:show, :edit, :update, :destroy]
-  before_filter :fetch_user, :only => [:show, :edit, :update, :destroy]
-  before_filter :authorize_admin, :only => [:index]
+  before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
+  before_filter :authorize_admin, :only => [:index, :deactivate, :enable]
 
   respond_to :html
 
@@ -34,6 +34,18 @@ class UsersController < UsersBaseController
   def edit
   end
 
+  def deactivate
+    @user.enabled = false
+    @user.save
+    respond_with @user
+  end
+
+  def enable
+    @user.enabled = true
+    @user.save
+    respond_with @user
+  end
+
   def destroy
     @user.destroy
     redirect_to admin? ? users_url : root_url
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 3459520..413b4ac 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -11,6 +11,8 @@ class User < CouchRest::Model::Base
 
   property :public_key, :accessible => true
 
+  property :enabled, TrueClass, :default => true
+
   validates :login, :password_salt, :password_verifier,
     :presence => true
 
diff --git a/users/app/views/users/_deactivate_account.html.haml b/users/app/views/users/_deactivate_account.html.haml
new file mode 100644
index 0000000..fec0afa
--- /dev/null
+++ b/users/app/views/users/_deactivate_account.html.haml
@@ -0,0 +1,6 @@
+%legend
+  =t :deactivate_account
+  %small=t :deactivate_description
+= link_to deactivate_user_path(@user), :method => :post, :class => "btn"  do
+  %i.icon-remove.icon-white
+  =t :deactivate_account
\ No newline at end of file
diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml
index adee8a4..41a68fd 100644
--- a/users/app/views/users/_edit.html.haml
+++ b/users/app/views/users/_edit.html.haml
@@ -35,3 +35,8 @@
 = link_to user_path(@user), :method => :delete, :confirm => t(:are_you_sure), :class => "btn btn-danger" do
   %i.icon-remove.icon-white
   = t(:destroy_my_account)
+
+- # TODO: should show enabled field if admin is viewing another account.
+- # TODO: admins should be able to deactivate/enable regular accounts, as appropriate. before had:
+- # = render 'deactivate_account' if @user != current_user and @user.enabled?
+- # = render 'enable_account'  if @user != current_user and !@user.enabled?
\ No newline at end of file
diff --git a/users/app/views/users/_enable_account.html.haml b/users/app/views/users/_enable_account.html.haml
new file mode 100644
index 0000000..5ecca48
--- /dev/null
+++ b/users/app/views/users/_enable_account.html.haml
@@ -0,0 +1,6 @@
+%legend
+  =t :enable_account
+  %small=t :enable_description
+= link_to enable_user_path(@user), :method => :post, :class => "btn"  do
+  %i.icon-remove.icon-white
+  =t :enable_account
\ No newline at end of file
diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml
index 08e9dc3..434c025 100644
--- a/users/app/views/users/edit.html.haml
+++ b/users/app/views/users/edit.html.haml
@@ -1 +1 @@
-= render 'edit'
\ No newline at end of file
+= render 'edit'
diff --git a/users/app/views/users/show.html.haml b/users/app/views/users/show.html.haml
index 08e9dc3..434c025 100644
--- a/users/app/views/users/show.html.haml
+++ b/users/app/views/users/show.html.haml
@@ -1 +1 @@
-= render 'edit'
\ No newline at end of file
+= render 'edit'
diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml
index b880887..f4d3171 100644
--- a/users/config/locales/en.yml
+++ b/users/config/locales/en.yml
@@ -30,6 +30,11 @@ en:
   not_authorized: "Sorry, but you are not authorized to perform that action."
   not_authorized_login: "Please log in to perform that action."
   search: "Search"
+  cookie_disabled_warning: "You have cookies disabled. You will not be able to login until you enable cookies."
+  js_required: "We are sorry, but this doesn't work without javascript enabled. This is for security reasons."
+  enable_description: "This will restore the account to full functionality"
+  deactivate_description: "This will temporarily deactivate some account functionality." #todo detail exact functionality. can receive email but not send or renew client certificate?
+
 
   #
   # overview
diff --git a/users/config/routes.rb b/users/config/routes.rb
index b6d583e..4fa185f 100644
--- a/users/config/routes.rb
+++ b/users/config/routes.rb
@@ -17,6 +17,8 @@ Rails.application.routes.draw do
     resource :overview, :only => [:show]
     resource :email_settings, :only => [:edit, :update]
     resources :email_aliases, :only => [:destroy], :id => /.*/
+    post 'deactivate', on: :member
+    post 'enable', on: :member
   end
 
   get "/.well-known/host-meta" => 'webfinger#host_meta'
diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 92a5f6c..0ce5cc2 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -142,4 +142,22 @@ class UsersControllerTest < ActionController::TestCase
     assert assigns(:users)
   end
 
+  test "user cannot enable own account" do
+    user = find_record :user
+    login
+    post :enable, :id => user.id
+    assert_access_denied
+  end
+
+  test "admin can deactivate user" do
+    user = find_record :user
+    assert user.enabled?
+    user.expects(:save).returns(true)
+
+    login :is_admin? => true
+
+    post :deactivate, :id => user.id
+    assert !assigns(:user).enabled?
+  end
+
 end