Adding capabilities to users, login/password/etc.

This commit is contained in:
echarp 2019-05-10 15:33:19 +02:00
parent 194dd6a64e
commit bf5ed5f261
21 changed files with 60 additions and 277 deletions

View File

@ -1,14 +1,35 @@
ActiveAdmin.register User do ActiveAdmin.register User do
permit_params :login, :password, :email, :lastname, :firstname index do
column :login
column :email
column :firstname
column :lastname
column :current_sign_in_at
column :last_sign_in_at
column :sign_in_count
actions
end
filter :login
filter :email
filter :firstname
filter :lastname
form do |f| form do |f|
f.inputs do f.inputs 'Admin Details' do
f.input :login f.input :login
f.input :lastname
f.input :firstname
f.input :email f.input :email
f.input :firstname
f.input :lastname
f.input :password f.input :password
f.input :password_confirmation
end end
f.actions f.actions
end end
controller do
def permitted_params
params.permit admin_user: %i[login email firstname lastname password
password_confirmation]
end
end
end end

View File

@ -1,3 +0,0 @@
# Place all the behaviors and hooks related to the matching controller here.
# All this logic will automatically be available in application.js.
# You can use CoffeeScript in this file: http://coffeescript.org/

View File

@ -1,5 +0,0 @@
.sessions form
margin: 6em auto
.logout
margin: 2em auto

View File

@ -1,3 +0,0 @@
// Place all the styles related to the users controller here.
// They will automatically be included in application.css.
// You can use Sass (SCSS) here: http://sass-lang.com/

View File

@ -1,6 +1,7 @@
# The top level controller, where can be centralised almost everything # The top level controller, where can be centralised almost everything
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
before_action :set_paper_trail_whodunnit, :set_locale, :discard before_action :set_paper_trail_whodunnit, :set_locale, :discard
before_action :set_mailer_host, if: :devise_controller?
# Prevent CSRF attacks by raising an exception. # Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery prepend: true, with: :exception protect_from_forgery prepend: true, with: :exception

View File

@ -76,11 +76,6 @@ class ModerationsController < ApplicationController
:locality, :url, :contact, :submitter, :tag_list, :reason :locality, :url, :contact, :submitter, :tag_list, :reason
end end
# Useful to manage absolute url in mails
def set_mailer_host
ActionMailer::Base.default_url_options[:host] = request.host_with_port
end
def locked def locked
redirect_to edit_moderation_url(@moderation), alert: t('staleObjectError') redirect_to edit_moderation_url(@moderation), alert: t('staleObjectError')
end end

View File

@ -38,11 +38,6 @@ class NotesController < ApplicationController
params.require(:note).permit :contents params.require(:note).permit :contents
end end
# Useful to manage absolute url in mails
def set_mailer_host
ActionMailer::Base.default_url_options[:host] = request.host_with_port
end
def send_mails def send_mails
if params[:envoiParMail] == 'oui' if params[:envoiParMail] == 'oui'
# Send an update mail to its author # Send an update mail to its author

View File

@ -1,74 +0,0 @@
# Moderators life cycle
class UsersController < ApplicationController
before_action :authenticate_user!
before_action :set_user, only: %i[show edit update destroy]
# GET /users
# GET /users.json
def index
@users = User.all
end
# GET /users/new
def new
@user = User.new
end
# POST /users
# POST /users.json
def create
@user = User.new(user_params)
respond_to do |format|
if @user.save
format.html { redirect_to @user, notice: 'User successfully created' }
format.json { render action: 'show', status: :created, location: @user }
else
format.html { render action: 'new' }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
def show; end
def edit; end
# PATCH/PUT /users/1
# PATCH/PUT /users/1.json
def update
respond_to do |format|
if @user.update(user_params)
format.html { redirect_to @user, notice: 'User successfully updated' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.json
def destroy
@user.destroy
respond_to do |format|
format.html { redirect_to users_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
@user = User.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list
# through.
def user_params
params.require(:user).permit :login, :email, :lastname, :firstname,
:password
end
end

View File

@ -5,8 +5,9 @@ require 'digest/md5'
class User < ApplicationRecord class User < ApplicationRecord
# Include default devise modules. Others available are: # Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable # :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, authentication_keys: [:login] devise :database_authenticatable,
# :registerable, :validatable :recoverable, :rememberable, :trackable, :validatable,
authentication_keys: [:login]
validates :login, presence: true validates :login, presence: true
@ -24,7 +25,7 @@ class User < ApplicationRecord
if login.present? if login.present?
where(conditions).find_by login: login where(conditions).find_by login: login
else else
find_first(conditions) where(conditions).limit(1).to_a[0]
end end
end end

View File

@ -10,8 +10,8 @@
= f.password_field :password, autocomplete: 'current-password' = f.password_field :password, autocomplete: 'current-password'
- if devise_mapping.rememberable? - if devise_mapping.rememberable?
.field .field
= f.check_box :remember_me
= f.label :remember_me = f.label :remember_me
= f.check_box :remember_me
.actions .actions
= f.submit t('.sign_in') = f.submit t('.sign_in')

View File

@ -1,22 +0,0 @@
= form_for @user do |f|
- if @user.errors.any?
#error_explanation
%h2= "#{pluralize(@user.errors.count, "error")} prohibited this user from being saved:"
%ul
- @user.errors.full_messages.each do |msg|
%li= msg
.field
= f.label :login
= f.text_field :login
.field
= f.label :email
= f.text_field :email
.field
= f.label :firstname
= f.text_field :firstname
.field
= f.label :lastname
= f.text_field :lastname
.actions
= f.submit 'Save'

View File

@ -1,7 +0,0 @@
%h1 Editing user
= render 'form'
= link_to 'Show', @user
\|
= link_to 'Back', users_path

View File

@ -1,24 +0,0 @@
%h1= User.model_name.human.pluralize
%table.list
%tr
%th= User.human_attribute_name :login
%th= User.human_attribute_name :email
%th= User.human_attribute_name :firstname
%th= User.human_attribute_name :lastname
%th
- @users.each do |user|
%tr{ class: cycle('odd', 'even') }
%td= user.login
%td= user.email
%td= user.firstname
%td= user.lastname
%td
= link_to user, class: 'view_link' do
%em.fa.fa-eye
= link_to t('edit'), edit_user_path(user), class: 'edit_link'
= link_to t('destroy'), user, method: :delete,
data: { confirm: 'Are you sure?' }, class: 'delete_link'
.actions= link_to 'New User', new_user_path

View File

@ -1,4 +0,0 @@
json.array!(@users) do |user|
json.extract! user, :login, :email, :lastname, :firstname
json.url user_url(user, format: :json)
end

View File

@ -1,5 +0,0 @@
%h1 New user
= render 'form'
= link_to 'Back', users_path

View File

@ -1,19 +0,0 @@
%h1= User.model_name.human
%fieldset
%p
%b Login:
= @user.login
%p
%b Email:
= @user.email
%p
%b Firstname:
= @user.firstname
%p
%b Lastname:
= @user.lastname
.actions
= link_to 'Edit', edit_user_path(@user)
\|
= link_to 'Back', users_path

View File

@ -1,2 +0,0 @@
json.extract! @user, :login, :email, :lastname, :firstname, :created_at,
:updated_at

View File

@ -2,7 +2,6 @@ Rails.application.routes.draw do
get 'stats', to: 'stats#index' get 'stats', to: 'stats#index'
get 'versions', to: 'versions#index' get 'versions', to: 'versions#index'
resources :users
resources :events do resources :events do
get :cancel, on: :member get :cancel, on: :member
post :preview, on: :collection, to: 'events#preview_create' post :preview, on: :collection, to: 'events#preview_create'
@ -42,8 +41,7 @@ Rails.application.routes.draw do
get '(:format).php', get '(:format).php',
to: redirect { |_, r| "events.#{r.format.to_sym}?#{r.query_string}" } to: redirect { |_, r| "events.#{r.format.to_sym}?#{r.query_string}" }
devise_for :users, devise_for :users
path: '', path_names: { sign_in: 'login', sign_out: 'logout' }
devise_for :admin_users, ActiveAdmin::Devise.config devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self) ActiveAdmin.routes(self)

View File

@ -0,0 +1,18 @@
# Add some capacities to users, to facilitate their mgmt
class AddAbilitiesToDevise < ActiveRecord::Migration[5.2]
def change
## Recoverable
add_column :users, :reset_password_token, :string
add_column :users, :reset_password_sent_at, :datetime
## Rememberable
add_column :users, :remember_created_at, :datetime
## Trackable
add_column :users, :sign_in_count, :integer, default: 0, null: false
add_column :users, :current_sign_in_at, :datetime
add_column :users, :last_sign_in_at, :datetime
add_column :users, :current_sign_in_ip, :string
add_column :users, :last_sign_in_ip, :string
end
end

View File

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20180408212139) do ActiveRecord::Schema.define(version: 2019_05_09_170714) do
create_table "active_admin_comments", force: :cascade do |t| create_table "active_admin_comments", force: :cascade do |t|
t.string "namespace" t.string "namespace"
@ -66,7 +66,7 @@ ActiveRecord::Schema.define(version: 20180408212139) do
t.string "contact", limit: 255, default: "" t.string "contact", limit: 255, default: ""
t.string "submitter", limit: 255, default: "", null: false t.string "submitter", limit: 255, default: "", null: false
t.integer "moderated", limit: 4, default: 0, null: false t.integer "moderated", limit: 4, default: 0, null: false
t.text "tags", limit: 255, null: true t.text "tags", limit: 255, default: ""
t.string "secret", limit: 255, default: "", null: false t.string "secret", limit: 255, default: "", null: false
t.datetime "decision_time" t.datetime "decision_time"
t.datetime "submission_time" t.datetime "submission_time"
@ -119,7 +119,7 @@ ActiveRecord::Schema.define(version: 20180408212139) do
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.text "tag" t.text "tag"
t.text "tags", null: true t.text "tags", default: ""
t.text "diaspora" t.text "diaspora"
t.text "object_changes" t.text "object_changes"
t.text "place_name" t.text "place_name"
@ -174,11 +174,14 @@ ActiveRecord::Schema.define(version: 20180408212139) do
t.string "email", limit: 255, default: "", null: false t.string "email", limit: 255, default: "", null: false
t.string "lastname", limit: 255, default: "", null: false t.string "lastname", limit: 255, default: "", null: false
t.string "firstname", limit: 255, default: "", null: false t.string "firstname", limit: 255, default: "", null: false
t.string "confirmation_token" t.string "reset_password_token"
t.datetime "confirmed_at" t.datetime "reset_password_sent_at"
t.datetime "confirmation_sent_at"
t.datetime "remember_created_at" t.datetime "remember_created_at"
t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.integer "sign_in_count", default: 0, null: false
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
end end
create_table "versions", force: :cascade do |t| create_table "versions", force: :cascade do |t|

View File

@ -1,81 +0,0 @@
require 'test_helper'
# Test moderator management controller
class UsersControllerTest < ActionDispatch::IntegrationTest
include Devise::Test::IntegrationHelpers
setup do
@user = users(:one)
sign_in users(:one)
end
test 'should get index' do
get users_url
assert_response :success
assert_not_nil assigns(:users)
end
test 'should get new' do
get new_user_url
assert_response :success
end
test 'should create user' do
assert_difference('User.count') do
post users_url, params: {
user: {
email: 'original@example.com',
firstname: @user.firstname,
lastname: @user.lastname,
login: @user.login,
password: 'abcdefghijklmnopqrstuvwxyz'
}
}
end
assert_redirected_to user_path(assigns(:user))
end
test 'should not create user' do
assert_no_difference('User.count') do
post users_url, params: { user: { login: nil } }
end
end
test 'should show user' do
get user_url(@user)
assert_response :success
end
test 'should get edit' do
get edit_user_url(@user)
assert_response :success
end
test 'should update user' do
patch user_url(@user), params: {
user: {
email: @user.email,
firstname: @user.firstname,
lastname: @user.lastname,
login: @user.login
}
}
assert_redirected_to user_path(assigns(:user))
end
test 'should not update user' do
patch user_url(@user), params: { user: { login: nil } }
assert_not_empty assigns(:user).errors
end
test 'should destroy user' do
assert_difference('User.count', -1) do
delete user_url(@user)
end
assert_redirected_to users_path
end
end