From a8cc053bcca66046cb4f6c9ce045119db2ae9da3 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 12 Oct 2009 08:00:59 +0000 Subject: [PATCH] Add some administrator only actions to the user page. --- app/controllers/user_controller.rb | 66 +++++++++++++++++++++++++++--- app/views/user/view.html.erb | 14 +++++++ config/locales/en.yml | 8 ++++ config/routes.rb | 5 +++ 4 files changed, 88 insertions(+), 5 deletions(-) diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 3ea7fa8fd..df6ca164c 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -11,6 +11,8 @@ class UserController < ApplicationController before_filter :require_allow_read_prefs, :only => [:api_details] before_filter :require_allow_read_gpx, :only => [:api_gpx_files] before_filter :require_cookies, :only => [:login, :confirm] + before_filter :require_administrator, :only => [:activate, :deactivate, :hide, :unhide, :delete] + before_filter :lookup_this_user, :only => [:activate, :deactivate, :hide, :unhide, :delete] filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation @@ -158,7 +160,7 @@ class UserController < ApplicationController if session[:user] # The user is logged in, if the referer param exists, redirect them to that - # unless they've also got a block on them, in which case redirect them to + # unless they've also got a block on them, in which case redirect them to # the block so they can clear it. user = User.find(session[:user]) block = user.blocked_on_view @@ -255,9 +257,10 @@ class UserController < ApplicationController end def view - @this_user = User.find_by_display_name(params[:display_name], :conditions => {:visible => true}) + @this_user = User.find_by_display_name(params[:display_name]) - if @this_user + if @this_user and + (@this_user.visible? or (@user and @user.administrator?)) @title = @this_user.display_name else @title = t 'user.no_such_user.title' @@ -267,7 +270,7 @@ class UserController < ApplicationController end def make_friend - if params[:display_name] + if params[:display_name] name = params[:display_name] new_friend = User.find_by_display_name(name, :conditions => {:visible => true}) friend = Friend.new @@ -289,7 +292,7 @@ class UserController < ApplicationController end def remove_friend - if params[:display_name] + if params[:display_name] name = params[:display_name] friend = User.find_by_display_name(name, :conditions => {:visible => true}) if @user.is_friends_with?(friend) @@ -302,4 +305,57 @@ class UserController < ApplicationController redirect_to :controller => 'user', :action => 'view' end end + + ## + # activate a user, allowing them to log in + def activate + @this_user.update_attributes(:active => true) + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + end + + ## + # deactivate a user, preventing them from logging in + def deactivate + @this_user.update_attributes(:active => false) + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + end + + ## + # hide a user, marking them as logically deleted + def hide + @this_user.update_attributes(:visible => false) + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + end + + ## + # unhide a user, clearing the logically deleted flag + def unhide + @this_user.update_attributes(:visible => true) + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + end + + ## + # delete a user, marking them as deleted and removing personal data + def delete + @this_user.delete + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + end +private + ## + # require that the user is a administrator, or fill out a helpful error message + # and return them to the user page. + def require_administrator + unless @user.administrator? + flash[:notice] = t('user.filter.not_an_administrator') + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + end + end + + ## + # ensure that there is a "this_user" instance variable + def lookup_this_user + @this_user = User.find_by_display_name(params[:display_name]) + rescue ActiveRecord::RecordNotFound + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user + end end diff --git a/app/views/user/view.html.erb b/app/views/user/view.html.erb index 107535f00..f05b26220 100644 --- a/app/views/user/view.html.erb +++ b/app/views/user/view.html.erb @@ -41,6 +41,20 @@ | <%= link_to t('user.view.create_block'), :controller => 'user_blocks', :action => 'new', :display_name => @this_user.display_name %> <% end %> <% end %> +<% if @user and @user.administrator? %> +
+<% if @this_user.active? %> +<%= link_to t('user.view.deactivate_user'), {:controller => 'user', :action => 'deactivate', :display_name => @this_user.display_name}, {:confirm => t('user.view.confirm')} %> +<% else %> +<%= link_to t('user.view.activate_user'), {:controller => 'user', :action => 'activate', :display_name => @this_user.display_name}, {:confirm => t('user.view.confirm')} %> +<% end %> +<% if @this_user.visible? %> +| <%= link_to t('user.view.hide_user'), {:controller => 'user', :action => 'hide', :display_name => @this_user.display_name}, {:confirm => t('user.view.confirm')} %> +| <%= link_to t('user.view.delete_user'), {:controller => 'user', :action => 'delete', :display_name => @this_user.display_name}, {:confirm => t('user.view.confirm')} %> +<% else %> +| <%= link_to t('user.view.unhide_user'), {:controller => 'user', :action => 'unhide', :display_name => @this_user.display_name}, {:confirm => t('user.view.confirm')} %> +<% end %> +<% end %>

<%= t 'user.view.mapper since' %> <%= l @this_user.creation_time %> <%= t 'user.view.ago', :time_in_words_ago => time_ago_in_words(@this_user.creation_time) %>

diff --git a/config/locales/en.yml b/config/locales/en.yml index f046798ae..a9e3db6fa 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -970,6 +970,12 @@ en: block_history: "view blocks received" moderator_history: "view blocks given" create_block: "block this user" + activate_user: "activate this user" + deactivate_user: "deactivate this user" + hide_user: "hide this user" + unhide_user: "unhide this user" + delete_user: "delete this user" + confirm: "Confirm" friend_map: your location: Your location nearby mapper: "Nearby mapper: [[nearby_user]]" @@ -1019,6 +1025,8 @@ en: remove_friend: success: "{{name}} was removed from your friends." not_a_friend: "{{name}} is not one of your friends." + filter: + not_an_administrator: "You need to be an administrator to perform that action." user_role: filter: not_an_administrator: "Only administrators can perform user role management, and you are not an administrator." diff --git a/config/routes.rb b/config/routes.rb index 1e59ed074..f2f27427a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -158,6 +158,11 @@ ActionController::Routing::Routes.draw do |map| map.connect '/user/:display_name/diary/:id/edit', :controller => 'diary_entry', :action => 'edit', :id => /\d+/ map.connect '/user/:display_name/account', :controller => 'user', :action => 'account' map.connect '/user/:display_name/set_home', :controller => 'user', :action => 'set_home' + map.connect '/user/:display_name/activate', :controller => 'user', :action => 'activate' + map.connect '/user/:display_name/deactivate', :controller => 'user', :action => 'deactivate' + map.connect '/user/:display_name/hide', :controller => 'user', :action => 'hide' + map.connect '/user/:display_name/unhide', :controller => 'user', :action => 'unhide' + map.connect '/user/:display_name/delete', :controller => 'user', :action => 'delete' map.connect '/diary', :controller => 'diary_entry', :action => 'list' map.connect '/diary/rss', :controller => 'diary_entry', :action => 'rss' map.connect '/diary/:language', :controller => 'diary_entry', :action => 'list' -- 2.43.2