mirror of
https://github.com/ENSL/ensl.org.git
synced 2024-11-15 01:11:23 +00:00
Only admins can change usernames.
This commit is contained in:
parent
7b9bb64b8b
commit
b742be7982
3 changed files with 7 additions and 0 deletions
|
@ -63,6 +63,7 @@ class UsersController < ApplicationController
|
|||
|
||||
def update
|
||||
raise AccessError unless @user.can_update? cuser
|
||||
params[:user].delete(:username) unless @user.can_change_name? cuser
|
||||
if @user.update_attributes params[:user]
|
||||
flash[:notice] = t(:users_update)
|
||||
redirect_to_back
|
||||
|
|
|
@ -271,6 +271,10 @@ class User < ActiveRecord::Base
|
|||
cuser and (self == cuser or cuser.admin?)
|
||||
end
|
||||
|
||||
def can_change_name? cuser
|
||||
cuser and cuser.admin?
|
||||
end
|
||||
|
||||
def can_destroy? cuser
|
||||
cuser and cuser.admin?
|
||||
end
|
||||
|
|
|
@ -15,10 +15,12 @@
|
|||
|
||||
<div class="tabbed-contents">
|
||||
<div class="tab" id="account">
|
||||
<% if cuser and @user.can_change_name? cuser %>
|
||||
<div class="fields horizontal">
|
||||
<%= f.label :username, 'Username', class: 'required' %>
|
||||
<%= f.text_field :username %>
|
||||
</div>
|
||||
<% end %>
|
||||
<div class="fields horizontal">
|
||||
<%= f.label :raw_password, "Password" %>
|
||||
<%= f.password_field :raw_password %>
|
||||
|
|
Loading…
Reference in a new issue