refactor: user management

2025-12-01 05:43:04 +00:00 · 2021-07-27 16:55:20 +00:00
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  before_action :login_required
-  before_action :verified_email_required
  before_action :set_timezone

  rescue_from Authie::Session::InactiveSession, :with => :auth_session_error
@@ -23,25 +22,13 @@ class ApplicationController < ActionController::Base
  def admin_required
    if logged_in?
      unless current_user.admin?
-        render :text => "Not permitted"
+        render :plain => "Not permitted"
      end
    else
      redirect_to login_path(:return_to => request.fullpath)
    end
  end

-  def verified_email_required
-    if logged_in? && !current_user.verified?
-      redirect_to verify_path(:return_to => request.fullpath)
-    end
-  end
-
-  def require_organization_admin
-    unless organization.admin?(current_user)
-      redirect_to organization_root_path(organization), :alert => "This page can only be accessed by the organization admins"
-    end
-  end
-
  def require_organization_owner
    unless organization.owner == current_user
      redirect_to organization_root_path(organization), :alert => "This page can only be accessed by the organization's owner (#{organization.owner.name})"
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -1,7 +1,6 @@
 class OrganizationsController < ApplicationController

-  before_action :admin_required, :only => [:new, :create]
-  before_action :require_organization_admin, :only => [:edit, :update, :delete, :destroy]
+  before_action :admin_required, :only => [:new, :create, :delete, :destroy]

  def index
    if current_user.admin?
--- a/app/controllers/servers_controller.rb
+++ b/app/controllers/servers_controller.rb
@@ -2,7 +2,6 @@ class ServersController < ApplicationController

  include WithinOrganization

-  before_action :require_organization_admin, :only => [:new, :create, :delete, :destroy]
  before_action :admin_required, :only => [:advanced, :suspend, :unsuspend]
  before_action { params[:id] && @server = organization.servers.present.find_by_permalink!(params[:id]) }

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -3,7 +3,6 @@ class SessionsController < ApplicationController
  layout 'sub'

  skip_before_action :login_required, :only => [:new, :create, :create_with_token, :begin_password_reset, :finish_password_reset, :ip, :raise_error]
-  skip_before_action :verified_email_required

  def create
    login(User.authenticate(params[:email_address], params[:password]))
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -1,7 +1,6 @@
 class UserController < ApplicationController

  skip_before_action :login_required, :only => [:new, :create, :join]
-  skip_before_action :verified_email_required, :only => [:edit, :update, :verify]

  def new
    @user_invite = UserInvite.active.find_by!(:uuid => params[:invite_token])
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,63 +1,55 @@
 class UsersController < ApplicationController
-  include WithinOrganization
-  before_action :require_organization_admin
-  before_action :require_organization_owner, :only => [:make_owner]
-  before_action { params[:id] && @user = params[:invite].present? ? organization.user_invites.find_by_uuid!(params[:id]) : organization.users.find_by_uuid!(params[:id]) }
+
+  before_action :admin_required
+  before_action { params[:id] && @user = User.find_by!(uuid: params[:id]) }

  def index
-    @users = organization.organization_users.where(:user_type => 'User').includes(:user).to_a.sort_by { |u| "#{u.user.first_name}#{u.user.last_name}".upcase }
-    @pending_users = organization.organization_users.where(:user_type => "UserInvite").includes(:user).to_a.sort_by { |u| u.user.email_address.upcase }
+    @users = User.order(:first_name, :last_name).includes(:organization_users)
  end

  def new
-    @organization_user = organization.organization_users.build
+    @user = User.new(admin: true)
  end

  def create
-    @organization_user = organization.organization_users.build(params.require(:organization_user).permit(:email_address, :admin, :all_servers))
-    if @organization_user.save
-      AppMailer.user_invite(@organization_user.user, organization).deliver
-      redirect_to_with_json [organization, :users], :notice => "An invitation will be sent to #{@organization_user.user.email_address} which will allow them to access your organization."
+    @user = User.new(params.require(:user).permit(:email_address, :first_name, :last_name, :password, :password_confirmation, :admin, organization_ids: []))
+    if @user.save
+      redirect_to_with_json :users, :notice => "#{@user.name} has been created successfully."
    else
-      render_form_errors 'new', @organization_user
+      render_form_errors 'new', @user
    end
  end

  def edit
-    @organization_user = organization.user_assignment(@user)
  end

  def update
-    @organization_user = organization.user_assignment(@user)
-    if @organization_user.update(params.require(:organization_user).permit(:admin))
-      redirect_to_with_json [organization, :users], :notice => "Permissions for #{@organization_user.user.name} have been updated successfully."
+    @user.attributes = params.require(:user).permit(:email_address, :first_name, :last_name, :admin, organization_ids: [])
+
+    if @user == current_user && !@user.admin?
+      respond_to do |wants|
+        wants.html { redirect_to users_path, alert: "You cannot change your own admin status" }
+        wants.json { render :json => {:form_errors => ["You cannot change your own admin status"]}, :status => 422 }
+      end
+      return
+    end
+
+    if @user.save
+      redirect_to_with_json :users, :notice => "Permissions for #{@user.name} have been updated successfully."
    else
-      render_form_errors 'edit', @organization_user
+      render_form_errors 'edit', @user
    end
  end

  def destroy
    if @user == current_user
-      redirect_to_with_json [organization, :users], :alert => "You cannot revoke your own access."
+      redirect_to_with_json :users, :alert => "You cannot delete your own user."
      return
    end

-    if @user == organization.owner
-      redirect_to_with_json [organization, :users], :alert => "You cannot revoke the organization owner's access."
-      return
-    end
-
-    organization.organization_users.where(:user => @user).destroy_all
-    redirect_to_with_json [organization, :users], :notice => "#{@user.name} has been removed from this organization"
+    @user.destroy!
+    redirect_to_with_json :users, :notice => "#{@user.name} has been removed"
  end

-  def make_owner
-    if @user.is_a?(User)
-      organization.make_owner(@user)
-      redirect_to_with_json [organization, :users], :notice => "#{@user.name} is now the owner of this organization."
-    else
-      raise Postal::Error, "User must be a User not a UserInvite to make owner"
-    end
-  end

 end