From 5a534a4ddace03f747688c9cfe753ea20135bdc7 Mon Sep 17 00:00:00 2001 From: Logan Fick Date: Fri, 10 Nov 2017 14:33:14 -0500 Subject: Made having a confirmed email required to edit other user profile pages. --- app/controllers/users_controller.rb | 18 +++++++++--------- app/views/users/edit.html.erb | 14 ++++++++------ 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index ed1c2a6..9c21b4a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -135,7 +135,7 @@ class UsersController < ApplicationController end def resend_mail - if (@user.is?(current_user) || mod?) && !@user.confirmed? + if (@user.is?(current_user) || (mod? && current_user.confirmed?)) && !@user.confirmed? RedstonerMailer.register_mail(@user, false).deliver_now flash[:notice] = "Check your inbox for the confirmation mail." else @@ -145,7 +145,7 @@ class UsersController < ApplicationController end def update - if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?) + if (mod? && current_user.role >= @user.role && current_user.confirmed?) || (@user.is?(current_user) && confirmed?) if mod? userdata = user_params([:name, :skype, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark]) else @@ -188,7 +188,7 @@ class UsersController < ApplicationController end def ban - if mod? && current_user.role >= @user.role + if mod? && current_user.role >= @user.role && current_user.confirmed? @user.role = Role.get :banned flash[:notice] = "'#{@user.name}' has been banned!" else @@ -198,7 +198,7 @@ class UsersController < ApplicationController end def unban - if mod? && current_user.role >= @user.role + if mod? && current_user.role >= @user.role && current_user.confirmed? @user.role = Role.get :normal flash[:notice] = "\"#{@user.name}\" has been unbanned!" else @@ -208,7 +208,7 @@ class UsersController < ApplicationController end def destroy - if superadmin? + if superadmin? && current_user.confirmed? if @user.destroy flash[:notice] = "User deleted forever." redirect_to users_url @@ -223,28 +223,28 @@ class UsersController < ApplicationController end def edit_notifications - unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) flash[:alert] = "You are not allowed to edit this user's notification settings!" redirect_to @user end end def edit_login - unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) flash[:alert] = "You are not allowed to edit this user's login details!" redirect_to @user end end def edit_website_settings - unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) flash[:alert] = "You are not allowed to edit this user's website settings!" redirect_to @user end end def update_login - if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + if @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?) authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password]) if params[:user][:password].present? @user.password = params[:user][:password] diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index abd1fa4..a186916 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -2,7 +2,7 @@ <% def can_edit? - (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role) + (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?) end %> @@ -23,7 +23,7 @@ Role <% if current_user.role >= @user.role %> - <%= f.select :role, Role.all_to(current_user.role) %> + <%= f.select :role, Role.all_to(current_user.role), {}, { disabled: !can_edit? } %> <% end %> @@ -31,7 +31,7 @@ Badge <% if current_user.role >= Role.get(:mod) %> - <%= f.select :badge, Badge.all %> + <%= f.select :badge, Badge.all, {}, { disabled: !can_edit? } %> <% end %> @@ -57,7 +57,7 @@ Twitter username - <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !(@user.is?(current_user) && confirmed? || (mod? && current_user.role >= @user.role)) %> + <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !can_edit? %> @@ -69,7 +69,7 @@ -

<%= f.submit "Save profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %>

+

<%= f.submit "Save profile", class: "btn variable-size left", disabled: !can_edit? %>

<%= link_to "Edit login details", edit_login_user_path(@user), class: "btn variable-size right" %> <%= link_to "Notification settings", edit_notifications_user_path(@user), class: "btn variable-size right" %> @@ -77,7 +77,9 @@

-<% if !@user.confirmed? %> +<% if !@user.is?(current_user) && !current_user.confirmed? %> + You must confirm your own email before you can edit other profiles. +<% elsif !@user.confirmed? %> <% if @user.is?(current_user) %> Please confirm your email address first! <% else %> -- cgit v1.2.3