From bf5ed5f2616660f3cfbaaa2ff89324b9b2cb326b Mon Sep 17 00:00:00 2001 From: echarp Date: Fri, 10 May 2019 15:33:19 +0200 Subject: [PATCH] Adding capabilities to users, login/password/etc. --- app/admin/user.rb | 29 ++++++- app/assets/javascripts/users.js.coffee | 3 - app/assets/stylesheets/sessions.sass | 5 -- app/assets/stylesheets/users.sass | 3 - app/controllers/application_controller.rb | 1 + app/controllers/moderations_controller.rb | 5 -- app/controllers/notes_controller.rb | 5 -- app/controllers/users_controller.rb | 74 ----------------- app/models/user.rb | 7 +- app/views/devise/sessions/new.html.haml | 2 +- app/views/users/_form.html.haml | 22 ----- app/views/users/edit.html.haml | 7 -- app/views/users/index.html.haml | 24 ------ app/views/users/index.json.jbuilder | 4 - app/views/users/new.html.haml | 5 -- app/views/users/show.html.haml | 19 ----- app/views/users/show.json.jbuilder | 2 - config/routes.rb | 4 +- .../20190509170714_add_abilities_to_devise.rb | 18 +++++ db/schema.rb | 17 ++-- test/controllers/users_controller_test.rb | 81 ------------------- 21 files changed, 60 insertions(+), 277 deletions(-) delete mode 100644 app/assets/javascripts/users.js.coffee delete mode 100644 app/assets/stylesheets/users.sass delete mode 100644 app/controllers/users_controller.rb delete mode 100644 app/views/users/_form.html.haml delete mode 100644 app/views/users/edit.html.haml delete mode 100644 app/views/users/index.html.haml delete mode 100644 app/views/users/index.json.jbuilder delete mode 100644 app/views/users/new.html.haml delete mode 100644 app/views/users/show.html.haml delete mode 100644 app/views/users/show.json.jbuilder create mode 100644 db/migrate/20190509170714_add_abilities_to_devise.rb delete mode 100644 test/controllers/users_controller_test.rb diff --git a/app/admin/user.rb b/app/admin/user.rb index 532e5188..dacf86b1 100644 --- a/app/admin/user.rb +++ b/app/admin/user.rb @@ -1,14 +1,35 @@ ActiveAdmin.register User do - permit_params :login, :password, :email, :lastname, :firstname + index do + column :login + column :email + column :firstname + column :lastname + column :current_sign_in_at + column :last_sign_in_at + column :sign_in_count + actions + end + + filter :login + filter :email + filter :firstname + filter :lastname form do |f| - f.inputs do + f.inputs 'Admin Details' do f.input :login - f.input :lastname - f.input :firstname f.input :email + f.input :firstname + f.input :lastname f.input :password + f.input :password_confirmation end f.actions end + controller do + def permitted_params + params.permit admin_user: %i[login email firstname lastname password + password_confirmation] + end + end end diff --git a/app/assets/javascripts/users.js.coffee b/app/assets/javascripts/users.js.coffee deleted file mode 100644 index 24f83d18..00000000 --- a/app/assets/javascripts/users.js.coffee +++ /dev/null @@ -1,3 +0,0 @@ -# Place all the behaviors and hooks related to the matching controller here. -# All this logic will automatically be available in application.js. -# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/stylesheets/sessions.sass b/app/assets/stylesheets/sessions.sass index cfbf1472..e69de29b 100644 --- a/app/assets/stylesheets/sessions.sass +++ b/app/assets/stylesheets/sessions.sass @@ -1,5 +0,0 @@ -.sessions form - margin: 6em auto - -.logout - margin: 2em auto diff --git a/app/assets/stylesheets/users.sass b/app/assets/stylesheets/users.sass deleted file mode 100644 index 1efc835c..00000000 --- a/app/assets/stylesheets/users.sass +++ /dev/null @@ -1,3 +0,0 @@ -// Place all the styles related to the users controller here. -// They will automatically be included in application.css. -// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e49ff72d..792f58d6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,7 @@ # The top level controller, where can be centralised almost everything class ApplicationController < ActionController::Base before_action :set_paper_trail_whodunnit, :set_locale, :discard + before_action :set_mailer_host, if: :devise_controller? # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery prepend: true, with: :exception diff --git a/app/controllers/moderations_controller.rb b/app/controllers/moderations_controller.rb index c51d6031..d733d4e1 100644 --- a/app/controllers/moderations_controller.rb +++ b/app/controllers/moderations_controller.rb @@ -76,11 +76,6 @@ class ModerationsController < ApplicationController :locality, :url, :contact, :submitter, :tag_list, :reason end - # Useful to manage absolute url in mails - def set_mailer_host - ActionMailer::Base.default_url_options[:host] = request.host_with_port - end - def locked redirect_to edit_moderation_url(@moderation), alert: t('staleObjectError') end diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 89771480..de2e2852 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -38,11 +38,6 @@ class NotesController < ApplicationController params.require(:note).permit :contents end - # Useful to manage absolute url in mails - def set_mailer_host - ActionMailer::Base.default_url_options[:host] = request.host_with_port - end - def send_mails if params[:envoiParMail] == 'oui' # Send an update mail to its author diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb deleted file mode 100644 index 263a37f5..00000000 --- a/app/controllers/users_controller.rb +++ /dev/null @@ -1,74 +0,0 @@ -# Moderators life cycle -class UsersController < ApplicationController - before_action :authenticate_user! - before_action :set_user, only: %i[show edit update destroy] - - # GET /users - # GET /users.json - def index - @users = User.all - end - - # GET /users/new - def new - @user = User.new - end - - # POST /users - # POST /users.json - def create - @user = User.new(user_params) - - respond_to do |format| - if @user.save - format.html { redirect_to @user, notice: 'User successfully created' } - format.json { render action: 'show', status: :created, location: @user } - else - format.html { render action: 'new' } - format.json { render json: @user.errors, status: :unprocessable_entity } - end - end - end - - def show; end - - def edit; end - - # PATCH/PUT /users/1 - # PATCH/PUT /users/1.json - def update - respond_to do |format| - if @user.update(user_params) - format.html { redirect_to @user, notice: 'User successfully updated' } - format.json { head :no_content } - else - format.html { render action: 'edit' } - format.json { render json: @user.errors, status: :unprocessable_entity } - end - end - end - - # DELETE /users/1 - # DELETE /users/1.json - def destroy - @user.destroy - respond_to do |format| - format.html { redirect_to users_url } - format.json { head :no_content } - end - end - - private - - # Use callbacks to share common setup or constraints between actions. - def set_user - @user = User.find(params[:id]) - end - - # Never trust parameters from the scary internet, only allow the white list - # through. - def user_params - params.require(:user).permit :login, :email, :lastname, :firstname, - :password - end -end diff --git a/app/models/user.rb b/app/models/user.rb index 41fd48db..7c059500 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -5,8 +5,9 @@ require 'digest/md5' class User < ApplicationRecord # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable - devise :database_authenticatable, authentication_keys: [:login] - # :registerable, :validatable + devise :database_authenticatable, + :recoverable, :rememberable, :trackable, :validatable, + authentication_keys: [:login] validates :login, presence: true @@ -24,7 +25,7 @@ class User < ApplicationRecord if login.present? where(conditions).find_by login: login else - find_first(conditions) + where(conditions).limit(1).to_a[0] end end diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml index 57f1e1ea..9045c0d4 100644 --- a/app/views/devise/sessions/new.html.haml +++ b/app/views/devise/sessions/new.html.haml @@ -10,8 +10,8 @@ = f.password_field :password, autocomplete: 'current-password' - if devise_mapping.rememberable? .field - = f.check_box :remember_me = f.label :remember_me + = f.check_box :remember_me .actions = f.submit t('.sign_in') diff --git a/app/views/users/_form.html.haml b/app/views/users/_form.html.haml deleted file mode 100644 index 03a8fe8d..00000000 --- a/app/views/users/_form.html.haml +++ /dev/null @@ -1,22 +0,0 @@ -= form_for @user do |f| - - if @user.errors.any? - #error_explanation - %h2= "#{pluralize(@user.errors.count, "error")} prohibited this user from being saved:" - %ul - - @user.errors.full_messages.each do |msg| - %li= msg - - .field - = f.label :login - = f.text_field :login - .field - = f.label :email - = f.text_field :email - .field - = f.label :firstname - = f.text_field :firstname - .field - = f.label :lastname - = f.text_field :lastname - .actions - = f.submit 'Save' diff --git a/app/views/users/edit.html.haml b/app/views/users/edit.html.haml deleted file mode 100644 index 44f7526e..00000000 --- a/app/views/users/edit.html.haml +++ /dev/null @@ -1,7 +0,0 @@ -%h1 Editing user - -= render 'form' - -= link_to 'Show', @user -\| -= link_to 'Back', users_path diff --git a/app/views/users/index.html.haml b/app/views/users/index.html.haml deleted file mode 100644 index d93f86ff..00000000 --- a/app/views/users/index.html.haml +++ /dev/null @@ -1,24 +0,0 @@ -%h1= User.model_name.human.pluralize - -%table.list - %tr - %th= User.human_attribute_name :login - %th= User.human_attribute_name :email - %th= User.human_attribute_name :firstname - %th= User.human_attribute_name :lastname - %th - - - @users.each do |user| - %tr{ class: cycle('odd', 'even') } - %td= user.login - %td= user.email - %td= user.firstname - %td= user.lastname - %td - = link_to user, class: 'view_link' do - %em.fa.fa-eye - = link_to t('edit'), edit_user_path(user), class: 'edit_link' - = link_to t('destroy'), user, method: :delete, - data: { confirm: 'Are you sure?' }, class: 'delete_link' - -.actions= link_to 'New User', new_user_path diff --git a/app/views/users/index.json.jbuilder b/app/views/users/index.json.jbuilder deleted file mode 100644 index 8eb01474..00000000 --- a/app/views/users/index.json.jbuilder +++ /dev/null @@ -1,4 +0,0 @@ -json.array!(@users) do |user| - json.extract! user, :login, :email, :lastname, :firstname - json.url user_url(user, format: :json) -end diff --git a/app/views/users/new.html.haml b/app/views/users/new.html.haml deleted file mode 100644 index 7b9e858a..00000000 --- a/app/views/users/new.html.haml +++ /dev/null @@ -1,5 +0,0 @@ -%h1 New user - -= render 'form' - -= link_to 'Back', users_path diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml deleted file mode 100644 index 03e3a752..00000000 --- a/app/views/users/show.html.haml +++ /dev/null @@ -1,19 +0,0 @@ -%h1= User.model_name.human -%fieldset - %p - %b Login: - = @user.login - %p - %b Email: - = @user.email - %p - %b Firstname: - = @user.firstname - %p - %b Lastname: - = @user.lastname - -.actions - = link_to 'Edit', edit_user_path(@user) - \| - = link_to 'Back', users_path diff --git a/app/views/users/show.json.jbuilder b/app/views/users/show.json.jbuilder deleted file mode 100644 index cbee364a..00000000 --- a/app/views/users/show.json.jbuilder +++ /dev/null @@ -1,2 +0,0 @@ -json.extract! @user, :login, :email, :lastname, :firstname, :created_at, - :updated_at diff --git a/config/routes.rb b/config/routes.rb index f163d5a9..40b4a4cf 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,7 +2,6 @@ Rails.application.routes.draw do get 'stats', to: 'stats#index' get 'versions', to: 'versions#index' - resources :users resources :events do get :cancel, on: :member post :preview, on: :collection, to: 'events#preview_create' @@ -42,8 +41,7 @@ Rails.application.routes.draw do get '(:format).php', to: redirect { |_, r| "events.#{r.format.to_sym}?#{r.query_string}" } - devise_for :users, - path: '', path_names: { sign_in: 'login', sign_out: 'logout' } + devise_for :users devise_for :admin_users, ActiveAdmin::Devise.config ActiveAdmin.routes(self) diff --git a/db/migrate/20190509170714_add_abilities_to_devise.rb b/db/migrate/20190509170714_add_abilities_to_devise.rb new file mode 100644 index 00000000..355febbf --- /dev/null +++ b/db/migrate/20190509170714_add_abilities_to_devise.rb @@ -0,0 +1,18 @@ +# Add some capacities to users, to facilitate their mgmt +class AddAbilitiesToDevise < ActiveRecord::Migration[5.2] + def change + ## Recoverable + add_column :users, :reset_password_token, :string + add_column :users, :reset_password_sent_at, :datetime + + ## Rememberable + add_column :users, :remember_created_at, :datetime + + ## Trackable + add_column :users, :sign_in_count, :integer, default: 0, null: false + add_column :users, :current_sign_in_at, :datetime + add_column :users, :last_sign_in_at, :datetime + add_column :users, :current_sign_in_ip, :string + add_column :users, :last_sign_in_ip, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index d89b2fe7..1b9e697f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180408212139) do +ActiveRecord::Schema.define(version: 2019_05_09_170714) do create_table "active_admin_comments", force: :cascade do |t| t.string "namespace" @@ -66,7 +66,7 @@ ActiveRecord::Schema.define(version: 20180408212139) do t.string "contact", limit: 255, default: "" t.string "submitter", limit: 255, default: "", null: false t.integer "moderated", limit: 4, default: 0, null: false - t.text "tags", limit: 255, null: true + t.text "tags", limit: 255, default: "" t.string "secret", limit: 255, default: "", null: false t.datetime "decision_time" t.datetime "submission_time" @@ -119,7 +119,7 @@ ActiveRecord::Schema.define(version: 20180408212139) do t.datetime "created_at" t.datetime "updated_at" t.text "tag" - t.text "tags", null: true + t.text "tags", default: "" t.text "diaspora" t.text "object_changes" t.text "place_name" @@ -174,11 +174,14 @@ ActiveRecord::Schema.define(version: 20180408212139) do t.string "email", limit: 255, default: "", null: false t.string "lastname", limit: 255, default: "", null: false t.string "firstname", limit: 255, default: "", null: false - t.string "confirmation_token" - t.datetime "confirmed_at" - t.datetime "confirmation_sent_at" + t.string "reset_password_token" + t.datetime "reset_password_sent_at" t.datetime "remember_created_at" - t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true + t.integer "sign_in_count", default: 0, null: false + t.datetime "current_sign_in_at" + t.datetime "last_sign_in_at" + t.string "current_sign_in_ip" + t.string "last_sign_in_ip" end create_table "versions", force: :cascade do |t| diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb deleted file mode 100644 index 4530613c..00000000 --- a/test/controllers/users_controller_test.rb +++ /dev/null @@ -1,81 +0,0 @@ -require 'test_helper' - -# Test moderator management controller -class UsersControllerTest < ActionDispatch::IntegrationTest - include Devise::Test::IntegrationHelpers - - setup do - @user = users(:one) - - sign_in users(:one) - end - - test 'should get index' do - get users_url - assert_response :success - assert_not_nil assigns(:users) - end - - test 'should get new' do - get new_user_url - assert_response :success - end - - test 'should create user' do - assert_difference('User.count') do - post users_url, params: { - user: { - email: 'original@example.com', - firstname: @user.firstname, - lastname: @user.lastname, - login: @user.login, - password: 'abcdefghijklmnopqrstuvwxyz' - } - } - end - - assert_redirected_to user_path(assigns(:user)) - end - - test 'should not create user' do - assert_no_difference('User.count') do - post users_url, params: { user: { login: nil } } - end - end - - test 'should show user' do - get user_url(@user) - assert_response :success - end - - test 'should get edit' do - get edit_user_url(@user) - assert_response :success - end - - test 'should update user' do - patch user_url(@user), params: { - user: { - email: @user.email, - firstname: @user.firstname, - lastname: @user.lastname, - login: @user.login - } - } - assert_redirected_to user_path(assigns(:user)) - end - - test 'should not update user' do - patch user_url(@user), params: { user: { login: nil } } - - assert_not_empty assigns(:user).errors - end - - test 'should destroy user' do - assert_difference('User.count', -1) do - delete user_url(@user) - end - - assert_redirected_to users_path - end -end