Made having a confirmed email required to edit other user profile pages.

app/controllers/users_controller.rb

@@ -135,7 +135,7 @@ class UsersController < ApplicationController
   end
 
   def resend_mail
-    if (@user.is?(current_user) || mod?) && !@user.confirmed?
+    if (@user.is?(current_user) || (mod? && current_user.confirmed?)) && !@user.confirmed?
       RedstonerMailer.register_mail(@user, false).deliver_now
       flash[:notice] = "Check your inbox for the confirmation mail."
     else
@@ -145,7 +145,7 @@ class UsersController < ApplicationController
   end
 
   def update
-    if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
+    if (mod? && current_user.role >= @user.role && current_user.confirmed?) || (@user.is?(current_user) && confirmed?)
       if mod?
         userdata = user_params([:name, :skype, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
       else
@@ -188,7 +188,7 @@ class UsersController < ApplicationController
   end
 
   def ban
-    if mod? && current_user.role >= @user.role
+    if mod? && current_user.role >= @user.role && current_user.confirmed?
       @user.role = Role.get :banned
       flash[:notice] = "'#{@user.name}' has been banned!"
     else
@@ -198,7 +198,7 @@ class UsersController < ApplicationController
   end
 
   def unban
-    if mod? && current_user.role >= @user.role
+    if mod? && current_user.role >= @user.role && current_user.confirmed?
       @user.role = Role.get :normal
       flash[:notice] = "\"#{@user.name}\" has been unbanned!"
     else
@@ -208,7 +208,7 @@ class UsersController < ApplicationController
   end
 
   def destroy
-    if superadmin?
+    if superadmin? && current_user.confirmed?
       if @user.destroy
         flash[:notice] = "User deleted forever."
         redirect_to users_url
@@ -223,28 +223,28 @@ class UsersController < ApplicationController
   end
 
   def edit_notifications
-    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
       flash[:alert] = "You are not allowed to edit this user's notification settings!"
       redirect_to @user
     end
   end
 
   def edit_login
-    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
       flash[:alert] = "You are not allowed to edit this user's login details!"
       redirect_to @user
     end
   end
 
   def edit_website_settings
-    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    unless @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
       flash[:alert] = "You are not allowed to edit this user's website settings!"
       redirect_to @user
     end
   end
 
   def update_login
-    if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    if @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
       authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password])
       if params[:user][:password].present?
         @user.password              = params[:user][:password]

app/views/users/edit.html.erb

@@ -2,7 +2,7 @@
 
 <%
   def can_edit?
-    (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role)
+    (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?)
   end
 %>
 
@@ -23,7 +23,7 @@
           <td>Role</td>
           <td>
             <% if current_user.role >= @user.role %>
-              <%= f.select :role, Role.all_to(current_user.role) %>
+              <%= f.select :role, Role.all_to(current_user.role), {}, { disabled: !can_edit? } %>
             <% end %>
           </td>
         </tr>
@@ -31,7 +31,7 @@
           <td>Badge</td>
           <td>
             <% if current_user.role >= Role.get(:mod) %>
-              <%= f.select :badge, Badge.all %>
+              <%= f.select :badge, Badge.all, {}, { disabled: !can_edit? } %>
             <% end %>
           </td>
         </tr>
@@ -57,7 +57,7 @@
       <tr>
         <td>Twitter username</td>
         <td>
-          <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !(@user.is?(current_user) && confirmed? || (mod? && current_user.role >= @user.role)) %>
+          <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
@@ -69,7 +69,7 @@
     </tbody>
   </table>
 
-<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %></p>
+<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: !can_edit? %></p>
 <p>
   <%= link_to "Edit login details", edit_login_user_path(@user), class: "btn variable-size right" %>
   <%= link_to "Notification settings", edit_notifications_user_path(@user), class: "btn variable-size right" %>
@@ -77,7 +77,9 @@
 </p>
 <div class="clear"></div>
 
-<% if !@user.confirmed? %>
+<% if !@user.is?(current_user) && !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your own email before you can edit other profiles.</span>
+<% elsif !@user.confirmed? %>
   <% if @user.is?(current_user) %>
       <span class='red-alert'>Please confirm your email address first!</span>
     <% else %>