From 2e2326d380ef1160c7d3cbfc446f96ef6eab2721 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 19 Feb 2013 14:18:25 -0800 Subject: Needs some cleanup, but this has one form where user can change username and password (they can leave either the same if they just want to change one, but we should make this clearer.) --- users/app/assets/javascripts/users.js.coffee | 4 ++-- users/app/views/users/_login_and_password_fields.html.haml | 3 +++ users/app/views/users/edit.html.haml | 3 +-- users/config/locales/en.yml | 1 + 4 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 users/app/views/users/_login_and_password_fields.html.haml diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 86bacee..a62be6d 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -37,8 +37,8 @@ $(document).ready -> $('#new_user').submit srp.signup $('#new_session').submit preventDefault $('#new_session').submit srp.login - $('.user.form.change_password').submit srp.update - $('.user.form.change_password').submit preventDefault + $('.user.form.change_login_and_password').submit srp.update + $('.user.form.change_login_and_password').submit preventDefault $('.user.typeahead').typeahead({source: pollUsers}); $('a[data-toggle="tab"]').on('shown', -> $(ClientSideValidations.selectors.forms).validate() diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml new file mode 100644 index 0000000..4d4585a --- /dev/null +++ b/users/app/views/users/_login_and_password_fields.html.haml @@ -0,0 +1,3 @@ += f.input :login, :required => true, :input_html => { :id => :srp_username } += f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } += f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index 950a3b1..0dcd474 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1,8 +1,7 @@ .span8.offset2 %h2=t :settings - content_for :account do - = user_form_with 'login_field', :legend => :change_login - = user_form_with 'password_fields', :legend => :change_password + = user_form_with 'login_and_password_fields', :legend => :change_login_and_password = render 'cancel_account' if @user == current_user - content_for :email do %legend=t :email_address diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml index 493b5db..d5f5795 100644 --- a/users/config/locales/en.yml +++ b/users/config/locales/en.yml @@ -8,6 +8,7 @@ en: wrong_password: "wrong password" user_not_found: "could not be found" change_login: "Change Login" + change_login_and_password: "Change Login and Password" change_password: "Change Password" cancel_account: "Cancel your account" set_email_address: "Set email address" -- cgit v1.2.3 From eb1cdaba1217ddd57fb801b13aadba29b356ba1e Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Feb 2013 10:35:09 -0800 Subject: Add hint that password change is optional --- users/app/views/users/_login_and_password_fields.html.haml | 4 ++-- users/config/locales/en.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml index 4d4585a..5f38a9c 100644 --- a/users/app/views/users/_login_and_password_fields.html.haml +++ b/users/app/views/users/_login_and_password_fields.html.haml @@ -1,3 +1,3 @@ -= f.input :login, :required => true, :input_html => { :id => :srp_username } += f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } -= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file += f.input :password_confirmation, :hint => t(:can_retype_old_password), :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml index d5f5795..2a5e6af 100644 --- a/users/config/locales/en.yml +++ b/users/config/locales/en.yml @@ -20,6 +20,7 @@ en: user_created_successfully: "Successfully created your account." email_alias_destroyed_successfully: "Successfully removed the alias '%{alias}'." use_ascii_key: "Use ASCII-armored PGP key" + can_retype_old_password: "Retype your old password if you would like to keep that" activemodel: models: -- cgit v1.2.3 From bace229e4d1cf593eaef80b8e8553d9d33c40c50 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Feb 2013 10:53:36 -0800 Subject: Slight refactoring of partials --- users/app/views/users/_login_and_password_fields.html.haml | 5 ++--- users/app/views/users/_password_fields.html.haml | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml index 5f38a9c..0baefc7 100644 --- a/users/app/views/users/_login_and_password_fields.html.haml +++ b/users/app/views/users/_login_and_password_fields.html.haml @@ -1,3 +1,2 @@ -= f.input :login, :input_html => { :id => :srp_username } -= f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } -= f.input :password_confirmation, :hint => t(:can_retype_old_password), :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file += render :partial => 'login_field', :locals => {:f => f} += render :partial => 'password_fields', :locals => {:f => f, :password_confirmation_hint => t(:can_retype_old_password)} \ No newline at end of file diff --git a/users/app/views/users/_password_fields.html.haml b/users/app/views/users/_password_fields.html.haml index c2e6a69..47b7b07 100644 --- a/users/app/views/users/_password_fields.html.haml +++ b/users/app/views/users/_password_fields.html.haml @@ -1,2 +1,2 @@ = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } -= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } += f.input :password_confirmation, :required => true, :hint => local_assigns[:password_confirmation_hint], :input_html => { :id => :srp_password_confirmation } -- cgit v1.2.3 From 73e9332dadde9f37a85753faf40b9b6b2d73dd88 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Feb 2013 14:02:28 -0800 Subject: Admins cannot update a user. Eventually we will want to allow admins to update some user fields. --- users/app/controllers/users_controller.rb | 8 +++++++- users/app/views/users/_cancel_account.html.haml | 9 ++++++--- users/app/views/users/edit.html.haml | 24 ++++++++++++++---------- users/config/locales/en.yml | 3 +++ users/test/functional/users_controller_test.rb | 13 +++++-------- 5 files changed, 35 insertions(+), 22 deletions(-) diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 9325bc0..dff1ed5 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,7 +1,8 @@ class UsersController < ApplicationController - before_filter :authorize, :only => [:show, :edit, :update, :destroy] + before_filter :authorize, :only => [:show, :edit, :destroy, :update] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy] + before_filter :authorize_self, :only => [:update] before_filter :set_anchor, :only => [:edit, :update] before_filter :authorize_admin, :only => [:index] @@ -57,6 +58,11 @@ class UsersController < ApplicationController access_denied unless admin? or (@user == current_user) end + def authorize_self + # have already checked that authorized + access_denied unless (@user == current_user) + end + def set_anchor @anchor = email_settings? ? :email : :account end diff --git a/users/app/views/users/_cancel_account.html.haml b/users/app/views/users/_cancel_account.html.haml index 41580b0..756170b 100644 --- a/users/app/views/users/_cancel_account.html.haml +++ b/users/app/views/users/_cancel_account.html.haml @@ -1,6 +1,9 @@ %legend - =t :cancel_account - %small You will not be able to login anymore. + - if @user == current_user + =t :cancel_account + %small You will not be able to login anymore. + - else + =t :admin_cancel_account, :username => @user.login = link_to user_path(@user), :method => :delete, :class => "btn btn-danger" do %i.icon-remove.icon-white - Remove my Account + =t :remove_account diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index 0dcd474..4de72f6 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1,13 +1,17 @@ .span8.offset2 %h2=t :settings + - tabs = [] - content_for :account do - = user_form_with 'login_and_password_fields', :legend => :change_login_and_password - = render 'cancel_account' if @user == current_user - - content_for :email do - %legend=t :email_address - The associated email address is - = render @user.email_address, :as => :span - = user_form_with 'public_key_field', :legend => :public_key - = user_form_with 'email_forward_field', :legend => :forward_email - = user_form_with 'email_aliases', :legend => :add_email_alias - = render 'tabs/tabs', :tabs => [:account, :email] + = user_form_with 'login_and_password_fields', :legend => :change_login_and_password if @user == current_user + = render 'cancel_account' + - tabs << :account + - if @user == current_user + - content_for :email do + %legend=t :email_address + =t :associated_email + = render @user.email_address, :as => :span + = user_form_with 'public_key_field', :legend => :public_key + = user_form_with 'email_forward_field', :legend => :forward_email + = user_form_with 'email_aliases', :legend => :add_email_alias + - tabs << :email + = render 'tabs/tabs', :tabs => tabs diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml index 2a5e6af..bda38fe 100644 --- a/users/config/locales/en.yml +++ b/users/config/locales/en.yml @@ -11,6 +11,8 @@ en: change_login_and_password: "Change Login and Password" change_password: "Change Password" cancel_account: "Cancel your account" + remove_account: "Remove Account" + admin_cancel_account: "Cancel the account %{username}" set_email_address: "Set email address" forward_email: "Forward email" email_aliases: "Email aliases" @@ -21,6 +23,7 @@ en: email_alias_destroyed_successfully: "Successfully removed the alias '%{alias}'." use_ascii_key: "Use ASCII-armored PGP key" can_retype_old_password: "Retype your old password if you would like to keep that" + associated_email: "The associated email address is" activemodel: models: diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb index 9fb06c9..fd8869a 100644 --- a/users/test/functional/users_controller_test.rb +++ b/users/test/functional/users_controller_test.rb @@ -130,20 +130,17 @@ class UsersControllerTest < ActionController::TestCase assert_equal " ", @response.body end - test "admin can update user" do + # Eventually, admin will be able to update some user fields + test "admin cannot update user" do user = find_record :user changed_attribs = record_attributes_for :user_with_settings - user.expects(:attributes=).with(changed_attribs.stringify_keys) - user.expects(:changed?).returns(true) - user.expects(:save).returns(true) - user.stubs(:email_aliases).returns([]) login :is_admin? => true put :update, :user => changed_attribs, :id => user.id, :format => :json - assert_equal user, assigns[:user] - assert_response 204 - assert_equal " ", @response.body + assert_response :redirect + assert_access_denied + end test "admin can destroy user" do -- cgit v1.2.3