From a106b1b6a7f78f53d21019442cab9c8607ee626f Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Sat, 12 Apr 2025 20:30:47 +0200 Subject: [PATCH] Join the two users controllers but split out role setting --- .../roles_controller.rb} | 17 ++++---------- app/controllers/users_controller.rb | 16 +++++++++++++- .../{accounts => }/users/_invite.html.erb | 0 app/views/{accounts => }/users/_user.html.erb | 6 ++--- app/views/{accounts => }/users/index.html.erb | 4 ++-- config/routes.rb | 4 +++- .../users/roles_controller_test.rb | 22 +++++++++++++++++++ .../{accounts => }/users_controller_test.rb | 15 ++----------- 8 files changed, 51 insertions(+), 33 deletions(-) rename app/controllers/{accounts/users_controller.rb => users/roles_controller.rb} (50%) rename app/views/{accounts => }/users/_invite.html.erb (100%) rename app/views/{accounts => }/users/_user.html.erb (78%) rename app/views/{accounts => }/users/index.html.erb (86%) create mode 100644 test/controllers/users/roles_controller_test.rb rename test/controllers/{accounts => }/users_controller_test.rb (55%) diff --git a/app/controllers/accounts/users_controller.rb b/app/controllers/users/roles_controller.rb similarity index 50% rename from app/controllers/accounts/users_controller.rb rename to app/controllers/users/roles_controller.rb index 1ee4a15c6..8cffa232b 100644 --- a/app/controllers/accounts/users_controller.rb +++ b/app/controllers/users/roles_controller.rb @@ -1,24 +1,15 @@ -class Accounts::UsersController < ApplicationController - before_action :set_user, only: %i[ update destroy ] - before_action :ensure_permission_to_administer_user, only: %i[ update destroy ] - - def index - @users = User.active - end +class Users::RolesController < ApplicationController + before_action :set_user + before_action :ensure_permission_to_administer_user def update @user.update(role_params) redirect_to users_path end - def destroy - @user.deactivate - redirect_to users_path - end - private def set_user - @user = User.active.find(params[:id]) + @user = User.active.find(params[:user_id]) end def ensure_permission_to_administer_user diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index f460b4d5c..4069e5aaa 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,8 +1,13 @@ class UsersController < ApplicationController require_unauthenticated_access only: %i[ new create ] - before_action :set_user, only: %i[ show edit update ] + before_action :set_user, only: %i[ show edit update destroy ] before_action :set_account_from_join_code, only: %i[ new create ] + before_action :ensure_permission_to_administer_user, only: %i[ update destroy ] + + def index + @users = User.active + end def new @user = User.new @@ -25,6 +30,11 @@ class UsersController < ApplicationController redirect_to @user end + def destroy + @user.deactivate + redirect_to users_path + end + private def set_account_from_join_code @account = Account.find_by_join_code!(params[:join_code]) @@ -34,6 +44,10 @@ class UsersController < ApplicationController @user = User.active.find(params[:id]) end + def ensure_permission_to_administer_user + head :forbidden unless Current.user.can_administer?(@user) + end + def user_params params.expect(user: [ :name, :email_address, :password, :avatar ]) end diff --git a/app/views/accounts/users/_invite.html.erb b/app/views/users/_invite.html.erb similarity index 100% rename from app/views/accounts/users/_invite.html.erb rename to app/views/users/_invite.html.erb diff --git a/app/views/accounts/users/_user.html.erb b/app/views/users/_user.html.erb similarity index 78% rename from app/views/accounts/users/_user.html.erb rename to app/views/users/_user.html.erb index ae9326c48..950df8ccc 100644 --- a/app/views/accounts/users/_user.html.erb +++ b/app/views/users/_user.html.erb @@ -2,12 +2,12 @@ <%= avatar_tag user, class: "flex-item-no-shrink" %> - <%= link_to user.name, user_path(user), class: "txt-ink btn btn--plain" %> + <%= link_to user.name, user, class: "txt-ink btn btn--plain" %> - <%= form_with model: user, url: account_user_path(user), data: { controller: "form" }, method: :patch do | form | %> + <%= form_with model: user, url: user_role_path(user), data: { controller: "form" }, method: :patch do | form | %>