diff options
| author | Logan Fick <logaldeveloper@protonmail.com> | 2017-11-10 14:33:14 -0500 |
|---|---|---|
| committer | Logan Fick <logaldeveloper@protonmail.com> | 2017-11-10 14:33:14 -0500 |
| commit | 5a534a4ddace03f747688c9cfe753ea20135bdc7 (patch) | |
| tree | bc548e532123342800f631e1d7df99bbcc5e585c | |
| parent | ac583b73519cbceec6d3c1aa063125a628da2406 (diff) | |
Made having a confirmed email required to edit other user profile pages.
| -rw-r--r-- | app/controllers/users_controller.rb | 18 | ||||
| -rw-r--r-- | app/views/users/edit.html.erb | 14 |
2 files changed, 17 insertions, 15 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index ed1c2a6..9c21b4a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -135,7 +135,7 @@ class UsersController < ApplicationController end def resend_mail - if (@user.is?(current_user) || mod?) && !@user.confirmed? + if (@user.is?(current_user) || (mod? && current_user.confirmed?)) && !@user.confirmed? RedstonerMailer.register_mail(@user, false).deliver_now flash[:notice] = "Check your inbox for the confirmation mail." else @@ -145,7 +145,7 @@ class UsersController < ApplicationController end def update - if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?) + if (mod? && current_user.role >= @user.role && current_user.confirmed?) || (@user.is?(current_user) && confirmed?) if mod? userdata = user_params([:name, :skype, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark]) else @@ -188,7 +188,7 @@ class UsersController < ApplicationController end def ban - if mod? && current_user.role >= @user.role + if mod? && current_user.role >= @user.role && current_user.confirmed? @user.role = Role.get :banned flash[:notice] = "'#{@user.name}' has been banned!" else @@ -198,7 +198,7 @@ class UsersController < ApplicationController end def unban - if mod? && current_user.role >= @user.role + if mod? && current_user.role >= @user.role && current_user.confirmed? @user.role = Role.get :normal flash[:notice] = "\"#{@user.name}\" has been unbanned!" else @@ -208,7 +208,7 @@ class UsersController < ApplicationController end def destroy - if superadmin? + if superadmin? && current_user.confirmed? if @user.destroy flash[:notice] = "User deleted forever." redirect_to users_url @@ -223,28 +223,28 @@ class UsersController < ApplicationController end def edit_notifications - unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) flash[:alert] = "You are not allowed to edit this user's notification settings!" redirect_to @user end end def edit_login - unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) flash[:alert] = "You are not allowed to edit this user's login details!" redirect_to @user end end def edit_website_settings - unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) flash[:alert] = "You are not allowed to edit this user's website settings!" redirect_to @user end end def update_login - if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + if @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password]) if params[:user][:password].present? @user.password = params[:user][:password] diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index abd1fa4..a186916 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -2,7 +2,7 @@ <% def can_edit? - (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role) + (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?) end %> @@ -23,7 +23,7 @@ <td>Role</td> <td> <% if current_user.role >= @user.role %> - <%= f.select :role, Role.all_to(current_user.role) %> + <%= f.select :role, Role.all_to(current_user.role), {}, { disabled: !can_edit? } %> <% end %> </td> </tr> @@ -31,7 +31,7 @@ <td>Badge</td> <td> <% if current_user.role >= Role.get(:mod) %> - <%= f.select :badge, Badge.all %> + <%= f.select :badge, Badge.all, {}, { disabled: !can_edit? } %> <% end %> </td> </tr> @@ -57,7 +57,7 @@ <tr> <td>Twitter username</td> <td> - <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !(@user.is?(current_user) && confirmed? || (mod? && current_user.role >= @user.role)) %> + <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !can_edit? %> </td> </tr> <tr> @@ -69,7 +69,7 @@ </tbody> </table> -<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %></p> +<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: !can_edit? %></p> <p> <%= link_to "Edit login details", edit_login_user_path(@user), class: "btn variable-size right" %> <%= link_to "Notification settings", edit_notifications_user_path(@user), class: "btn variable-size right" %> @@ -77,7 +77,9 @@ </p> <div class="clear"></div> -<% if !@user.confirmed? %> +<% if !@user.is?(current_user) && !current_user.confirmed? %> + <span class='red-alert'>You must confirm your own email before you can edit other profiles.</span> +<% elsif !@user.confirmed? %> <% if @user.is?(current_user) %> <span class='red-alert'>Please confirm your email address first!</span> <% else %> |