Only admins can change usernames.

This commit is contained in:
simplefl 2015-06-27 14:23:37 +02:00
parent 748fbdb151
commit 7cb5142e27
3 changed files with 7 additions and 0 deletions

View file

@ -63,6 +63,7 @@ class UsersController < ApplicationController
def update
raise AccessError unless @user.can_update? cuser
params[:user].delete(:username) unless @user.can_change_name? cuser
if @user.update_attributes params[:user]
flash[:notice] = t(:users_update)
redirect_to_back

View file

@ -271,6 +271,10 @@ class User < ActiveRecord::Base
cuser and (self == cuser or cuser.admin?)
end
def can_change_name? cuser
cuser and cuser.admin?
end
def can_destroy? cuser
cuser and cuser.admin?
end

View file

@ -15,10 +15,12 @@
<div class="tabbed-contents">
<div class="tab" id="account">
<% if cuser and @user.can_change_name? cuser %>
<div class="fields horizontal">
<%= f.label :username, 'Username', class: 'required' %>
<%= f.text_field :username %>
</div>
<% end %>
<div class="fields horizontal">
<%= f.label :raw_password, "Password" %>
<%= f.password_field :raw_password %>