From 2e2326d380ef1160c7d3cbfc446f96ef6eab2721 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 19 Feb 2013 14:18:25 -0800 Subject: Needs some cleanup, but this has one form where user can change username and password (they can leave either the same if they just want to change one, but we should make this clearer.) --- users/app/assets/javascripts/users.js.coffee | 4 ++-- users/app/views/users/_login_and_password_fields.html.haml | 3 +++ users/app/views/users/edit.html.haml | 3 +-- 3 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 users/app/views/users/_login_and_password_fields.html.haml (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 86bacee..a62be6d 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -37,8 +37,8 @@ $(document).ready -> $('#new_user').submit srp.signup $('#new_session').submit preventDefault $('#new_session').submit srp.login - $('.user.form.change_password').submit srp.update - $('.user.form.change_password').submit preventDefault + $('.user.form.change_login_and_password').submit srp.update + $('.user.form.change_login_and_password').submit preventDefault $('.user.typeahead').typeahead({source: pollUsers}); $('a[data-toggle="tab"]').on('shown', -> $(ClientSideValidations.selectors.forms).validate() diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml new file mode 100644 index 0000000..4d4585a --- /dev/null +++ b/users/app/views/users/_login_and_password_fields.html.haml @@ -0,0 +1,3 @@ += f.input :login, :required => true, :input_html => { :id => :srp_username } += f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } += f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index 950a3b1..0dcd474 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1,8 +1,7 @@ .span8.offset2 %h2=t :settings - content_for :account do - = user_form_with 'login_field', :legend => :change_login - = user_form_with 'password_fields', :legend => :change_password + = user_form_with 'login_and_password_fields', :legend => :change_login_and_password = render 'cancel_account' if @user == current_user - content_for :email do %legend=t :email_address -- cgit v1.2.3 From eb1cdaba1217ddd57fb801b13aadba29b356ba1e Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Feb 2013 10:35:09 -0800 Subject: Add hint that password change is optional --- users/app/views/users/_login_and_password_fields.html.haml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'users/app') diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml index 4d4585a..5f38a9c 100644 --- a/users/app/views/users/_login_and_password_fields.html.haml +++ b/users/app/views/users/_login_and_password_fields.html.haml @@ -1,3 +1,3 @@ -= f.input :login, :required => true, :input_html => { :id => :srp_username } += f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } -= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file += f.input :password_confirmation, :hint => t(:can_retype_old_password), :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file -- cgit v1.2.3 From bace229e4d1cf593eaef80b8e8553d9d33c40c50 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Feb 2013 10:53:36 -0800 Subject: Slight refactoring of partials --- users/app/views/users/_login_and_password_fields.html.haml | 5 ++--- users/app/views/users/_password_fields.html.haml | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'users/app') diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml index 5f38a9c..0baefc7 100644 --- a/users/app/views/users/_login_and_password_fields.html.haml +++ b/users/app/views/users/_login_and_password_fields.html.haml @@ -1,3 +1,2 @@ -= f.input :login, :input_html => { :id => :srp_username } -= f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } -= f.input :password_confirmation, :hint => t(:can_retype_old_password), :required => true, :input_html => { :id => :srp_password_confirmation } \ No newline at end of file += render :partial => 'login_field', :locals => {:f => f} += render :partial => 'password_fields', :locals => {:f => f, :password_confirmation_hint => t(:can_retype_old_password)} \ No newline at end of file diff --git a/users/app/views/users/_password_fields.html.haml b/users/app/views/users/_password_fields.html.haml index c2e6a69..47b7b07 100644 --- a/users/app/views/users/_password_fields.html.haml +++ b/users/app/views/users/_password_fields.html.haml @@ -1,2 +1,2 @@ = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } -= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } += f.input :password_confirmation, :required => true, :hint => local_assigns[:password_confirmation_hint], :input_html => { :id => :srp_password_confirmation } -- cgit v1.2.3 From 73e9332dadde9f37a85753faf40b9b6b2d73dd88 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Feb 2013 14:02:28 -0800 Subject: Admins cannot update a user. Eventually we will want to allow admins to update some user fields. --- users/app/controllers/users_controller.rb | 8 +++++++- users/app/views/users/_cancel_account.html.haml | 9 ++++++--- users/app/views/users/edit.html.haml | 24 ++++++++++++++---------- 3 files changed, 27 insertions(+), 14 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 9325bc0..dff1ed5 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,7 +1,8 @@ class UsersController < ApplicationController - before_filter :authorize, :only => [:show, :edit, :update, :destroy] + before_filter :authorize, :only => [:show, :edit, :destroy, :update] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy] + before_filter :authorize_self, :only => [:update] before_filter :set_anchor, :only => [:edit, :update] before_filter :authorize_admin, :only => [:index] @@ -57,6 +58,11 @@ class UsersController < ApplicationController access_denied unless admin? or (@user == current_user) end + def authorize_self + # have already checked that authorized + access_denied unless (@user == current_user) + end + def set_anchor @anchor = email_settings? ? :email : :account end diff --git a/users/app/views/users/_cancel_account.html.haml b/users/app/views/users/_cancel_account.html.haml index 41580b0..756170b 100644 --- a/users/app/views/users/_cancel_account.html.haml +++ b/users/app/views/users/_cancel_account.html.haml @@ -1,6 +1,9 @@ %legend - =t :cancel_account - %small You will not be able to login anymore. + - if @user == current_user + =t :cancel_account + %small You will not be able to login anymore. + - else + =t :admin_cancel_account, :username => @user.login = link_to user_path(@user), :method => :delete, :class => "btn btn-danger" do %i.icon-remove.icon-white - Remove my Account + =t :remove_account diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index 0dcd474..4de72f6 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1,13 +1,17 @@ .span8.offset2 %h2=t :settings + - tabs = [] - content_for :account do - = user_form_with 'login_and_password_fields', :legend => :change_login_and_password - = render 'cancel_account' if @user == current_user - - content_for :email do - %legend=t :email_address - The associated email address is - = render @user.email_address, :as => :span - = user_form_with 'public_key_field', :legend => :public_key - = user_form_with 'email_forward_field', :legend => :forward_email - = user_form_with 'email_aliases', :legend => :add_email_alias - = render 'tabs/tabs', :tabs => [:account, :email] + = user_form_with 'login_and_password_fields', :legend => :change_login_and_password if @user == current_user + = render 'cancel_account' + - tabs << :account + - if @user == current_user + - content_for :email do + %legend=t :email_address + =t :associated_email + = render @user.email_address, :as => :span + = user_form_with 'public_key_field', :legend => :public_key + = user_form_with 'email_forward_field', :legend => :forward_email + = user_form_with 'email_aliases', :legend => :add_email_alias + - tabs << :email + = render 'tabs/tabs', :tabs => tabs -- cgit v1.2.3