From 2e2326d380ef1160c7d3cbfc446f96ef6eab2721 Mon Sep 17 00:00:00 2001
From: jessib <jessib@leap.se>
Date: Tue, 19 Feb 2013 14:18:25 -0800
Subject: Needs some cleanup, but this has one form where user can change
 username and password (they can leave either the same if they just want to
 change one, but we should make this clearer.)

---
 users/app/assets/javascripts/users.js.coffee               | 4 ++--
 users/app/views/users/_login_and_password_fields.html.haml | 3 +++
 users/app/views/users/edit.html.haml                       | 3 +--
 3 files changed, 6 insertions(+), 4 deletions(-)
 create mode 100644 users/app/views/users/_login_and_password_fields.html.haml

(limited to 'users/app')

diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee
index 86bacee..a62be6d 100644
--- a/users/app/assets/javascripts/users.js.coffee
+++ b/users/app/assets/javascripts/users.js.coffee
@@ -37,8 +37,8 @@ $(document).ready ->
   $('#new_user').submit srp.signup
   $('#new_session').submit preventDefault
   $('#new_session').submit srp.login
-  $('.user.form.change_password').submit srp.update
-  $('.user.form.change_password').submit preventDefault
+  $('.user.form.change_login_and_password').submit srp.update
+  $('.user.form.change_login_and_password').submit preventDefault
   $('.user.typeahead').typeahead({source: pollUsers});
   $('a[data-toggle="tab"]').on('shown', ->
     $(ClientSideValidations.selectors.forms).validate()
diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml
new file mode 100644
index 0000000..4d4585a
--- /dev/null
+++ b/users/app/views/users/_login_and_password_fields.html.haml
@@ -0,0 +1,3 @@
+= f.input :login, :required => true, :input_html => { :id => :srp_username }
+= f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password }
+= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation }
\ No newline at end of file
diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml
index 950a3b1..0dcd474 100644
--- a/users/app/views/users/edit.html.haml
+++ b/users/app/views/users/edit.html.haml
@@ -1,8 +1,7 @@
 .span8.offset2
   %h2=t :settings
   - content_for :account do
-    = user_form_with 'login_field', :legend => :change_login
-    = user_form_with 'password_fields', :legend => :change_password
+    = user_form_with 'login_and_password_fields', :legend => :change_login_and_password
     = render 'cancel_account' if @user == current_user
   - content_for :email do
     %legend=t :email_address
-- 
cgit v1.2.3


From eb1cdaba1217ddd57fb801b13aadba29b356ba1e Mon Sep 17 00:00:00 2001
From: jessib <jessib@leap.se>
Date: Mon, 25 Feb 2013 10:35:09 -0800
Subject: Add hint that password change is optional

---
 users/app/views/users/_login_and_password_fields.html.haml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'users/app')

diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml
index 4d4585a..5f38a9c 100644
--- a/users/app/views/users/_login_and_password_fields.html.haml
+++ b/users/app/views/users/_login_and_password_fields.html.haml
@@ -1,3 +1,3 @@
-= f.input :login, :required => true, :input_html => { :id => :srp_username }
+= f.input :login, :input_html => { :id => :srp_username }
 = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password }
-= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation }
\ No newline at end of file
+= f.input :password_confirmation, :hint => t(:can_retype_old_password), :required => true, :input_html => { :id => :srp_password_confirmation }
\ No newline at end of file
-- 
cgit v1.2.3


From bace229e4d1cf593eaef80b8e8553d9d33c40c50 Mon Sep 17 00:00:00 2001
From: jessib <jessib@leap.se>
Date: Mon, 25 Feb 2013 10:53:36 -0800
Subject: Slight refactoring of partials

---
 users/app/views/users/_login_and_password_fields.html.haml | 5 ++---
 users/app/views/users/_password_fields.html.haml           | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

(limited to 'users/app')

diff --git a/users/app/views/users/_login_and_password_fields.html.haml b/users/app/views/users/_login_and_password_fields.html.haml
index 5f38a9c..0baefc7 100644
--- a/users/app/views/users/_login_and_password_fields.html.haml
+++ b/users/app/views/users/_login_and_password_fields.html.haml
@@ -1,3 +1,2 @@
-= f.input :login, :input_html => { :id => :srp_username }
-= f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password }
-= f.input :password_confirmation, :hint => t(:can_retype_old_password), :required => true, :input_html => { :id => :srp_password_confirmation }
\ No newline at end of file
+= render :partial => 'login_field', :locals => {:f => f}
+= render :partial => 'password_fields', :locals => {:f => f, :password_confirmation_hint => t(:can_retype_old_password)}
\ No newline at end of file
diff --git a/users/app/views/users/_password_fields.html.haml b/users/app/views/users/_password_fields.html.haml
index c2e6a69..47b7b07 100644
--- a/users/app/views/users/_password_fields.html.haml
+++ b/users/app/views/users/_password_fields.html.haml
@@ -1,2 +1,2 @@
 = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password }
-= f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation }
+= f.input :password_confirmation, :required => true, :hint => local_assigns[:password_confirmation_hint], :input_html => { :id => :srp_password_confirmation }
-- 
cgit v1.2.3


From 73e9332dadde9f37a85753faf40b9b6b2d73dd88 Mon Sep 17 00:00:00 2001
From: jessib <jessib@leap.se>
Date: Mon, 25 Feb 2013 14:02:28 -0800
Subject: Admins cannot update a user. Eventually we will want to allow admins
 to update some user fields.

---
 users/app/controllers/users_controller.rb       |  8 +++++++-
 users/app/views/users/_cancel_account.html.haml |  9 ++++++---
 users/app/views/users/edit.html.haml            | 24 ++++++++++++++----------
 3 files changed, 27 insertions(+), 14 deletions(-)

(limited to 'users/app')

diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index 9325bc0..dff1ed5 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -1,7 +1,8 @@
 class UsersController < ApplicationController
 
-  before_filter :authorize, :only => [:show, :edit, :update, :destroy]
+  before_filter :authorize, :only => [:show, :edit, :destroy, :update]
   before_filter :fetch_user, :only => [:show, :edit, :update, :destroy]
+  before_filter :authorize_self, :only => [:update]
   before_filter :set_anchor, :only => [:edit, :update]
   before_filter :authorize_admin, :only => [:index]
 
@@ -57,6 +58,11 @@ class UsersController < ApplicationController
     access_denied unless admin? or (@user == current_user)
   end
 
+  def authorize_self
+    # have already checked that authorized
+    access_denied unless (@user == current_user)
+  end
+
   def set_anchor
     @anchor = email_settings? ? :email : :account
   end
diff --git a/users/app/views/users/_cancel_account.html.haml b/users/app/views/users/_cancel_account.html.haml
index 41580b0..756170b 100644
--- a/users/app/views/users/_cancel_account.html.haml
+++ b/users/app/views/users/_cancel_account.html.haml
@@ -1,6 +1,9 @@
 %legend
-  =t :cancel_account
-  %small You will not be able to login anymore.
+  - if @user == current_user
+    =t :cancel_account
+    %small You will not be able to login anymore.
+  - else
+    =t :admin_cancel_account, :username => @user.login
 = link_to user_path(@user), :method => :delete, :class => "btn btn-danger" do
   %i.icon-remove.icon-white
-  Remove my Account
+  =t :remove_account
diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml
index 0dcd474..4de72f6 100644
--- a/users/app/views/users/edit.html.haml
+++ b/users/app/views/users/edit.html.haml
@@ -1,13 +1,17 @@
 .span8.offset2
   %h2=t :settings
+  - tabs = []
   - content_for :account do
-    = user_form_with 'login_and_password_fields', :legend => :change_login_and_password
-    = render 'cancel_account' if @user == current_user
-  - content_for :email do
-    %legend=t :email_address
-    The associated email address is
-    = render @user.email_address, :as => :span
-    = user_form_with 'public_key_field', :legend => :public_key
-    = user_form_with 'email_forward_field', :legend => :forward_email
-    = user_form_with 'email_aliases', :legend => :add_email_alias
-  = render 'tabs/tabs', :tabs => [:account, :email]
+    = user_form_with 'login_and_password_fields', :legend => :change_login_and_password if @user == current_user
+    = render 'cancel_account'
+    - tabs << :account
+  - if @user == current_user
+    - content_for :email do
+      %legend=t :email_address
+      =t :associated_email
+      = render @user.email_address, :as => :span
+      = user_form_with 'public_key_field', :legend => :public_key
+      = user_form_with 'email_forward_field', :legend => :forward_email
+      = user_form_with 'email_aliases', :legend => :add_email_alias
+      - tabs << :email
+  = render 'tabs/tabs', :tabs => tabs
-- 
cgit v1.2.3