Redstoner/redstoner.com
Archived
0
Fork 0
Code Issues Pull Requests 2 Wiki Activity

Made having a confirmed email required to edit other user profile pages.

Browse Source
This commit is contained in:
Logan Fick
2017-11-10 14:33:14 -05:00
parent ac583b7351
commit 5a534a4dda
2 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/users_controller.rb
View File

@@ -135,7 +135,7 @@ class UsersController < ApplicationController
end
def resend_mail
if (@user.is?(current_user) || mod?) && !@user.confirmed?
if (@user.is?(current_user) || (mod? && current_user.confirmed?)) && !@user.confirmed?
RedstonerMailer.register_mail(@user, false).deliver_now
flash[:notice] = "Check your inbox for the confirmation mail."
else
@@ -145,7 +145,7 @@ class UsersController < ApplicationController
end
def update
if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
if (mod? && current_user.role >= @user.role && current_user.confirmed?) || (@user.is?(current_user) && confirmed?)
if mod?
userdata = user_params([:name, :skype, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
else
@@ -188,7 +188,7 @@ class UsersController < ApplicationController
end
def ban
if mod? && current_user.role >= @user.role
if mod? && current_user.role >= @user.role && current_user.confirmed?
@user.role = Role.get :banned
flash[:notice] = "'#{@user.name}' has been banned!"
else
@@ -198,7 +198,7 @@ class UsersController < ApplicationController
end
def unban
if mod? && current_user.role >= @user.role
if mod? && current_user.role >= @user.role && current_user.confirmed?
@user.role = Role.get :normal
flash[:notice] = "\"#{@user.name}\" has been unbanned!"
else
@@ -208,7 +208,7 @@ class UsersController < ApplicationController
end
def destroy
if superadmin?
if superadmin? && current_user.confirmed?
if @user.destroy
flash[:notice] = "User deleted forever."
redirect_to users_url
@@ -223,28 +223,28 @@ class UsersController < ApplicationController
end
def edit_notifications
unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
flash[:alert] = "You are not allowed to edit this user's notification settings!"
redirect_to @user
end
end
def edit_login
unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
flash[:alert] = "You are not allowed to edit this user's login details!"
redirect_to @user
end
end
def edit_website_settings
unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
flash[:alert] = "You are not allowed to edit this user's website settings!"
redirect_to @user
end
end
def update_login
if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
if @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password])
if params[:user][:password].present?
@user.password = params[:user][:password]

14
app/views/users/edit.html.erb
View File

@@ -2,7 +2,7 @@
<%
def can_edit?
(@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role)
(@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?)
end
%>
@@ -23,7 +23,7 @@
<td>Role</td>
<td>
<% if current_user.role >= @user.role %>
<%= f.select :role, Role.all_to(current_user.role) %>
<%= f.select :role, Role.all_to(current_user.role), {}, { disabled: !can_edit? } %>
<% end %>
</td>
</tr>
@@ -31,7 +31,7 @@
<td>Badge</td>
<td>
<% if current_user.role >= Role.get(:mod) %>
<%= f.select :badge, Badge.all %>
<%= f.select :badge, Badge.all, {}, { disabled: !can_edit? } %>
<% end %>
</td>
</tr>
@@ -57,7 +57,7 @@
<tr>
<td>Twitter username</td>
<td>
<%= f.text_field :twitter, placeholder: "Twitter username", disabled: !(@user.is?(current_user) && confirmed? || (mod? && current_user.role >= @user.role)) %>
<%= f.text_field :twitter, placeholder: "Twitter username", disabled: !can_edit? %>
</td>
</tr>
<tr>
@@ -69,7 +69,7 @@
</tbody>
</table>
<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %></p>
<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: !can_edit? %></p>
<p>
<%= link_to "Edit login details", edit_login_user_path(@user), class: "btn variable-size right" %>
<%= link_to "Notification settings", edit_notifications_user_path(@user), class: "btn variable-size right" %>
@@ -77,7 +77,9 @@
</p>
<div class="clear"></div>
<% if !@user.confirmed? %>
<% if !@user.is?(current_user) && !current_user.confirmed? %>
<span class='red-alert'>You must confirm your own email before you can edit other profiles.</span>
<% elsif !@user.confirmed? %>
<% if @user.is?(current_user) %>
<span class='red-alert'>Please confirm your email address first!</span>
<% else %>