mirror of
https://github.com/ENSL/ensl.org.git
synced 2024-12-28 13:31:06 +00:00
Only admins can change usernames.
This commit is contained in:
parent
02d416bcf0
commit
b78056e17a
3 changed files with 7 additions and 0 deletions
|
@ -63,6 +63,7 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
def update
|
def update
|
||||||
raise AccessError unless @user.can_update? cuser
|
raise AccessError unless @user.can_update? cuser
|
||||||
|
params[:user].delete(:username) unless @user.can_change_name? cuser
|
||||||
if @user.update_attributes params[:user]
|
if @user.update_attributes params[:user]
|
||||||
flash[:notice] = t(:users_update)
|
flash[:notice] = t(:users_update)
|
||||||
redirect_to_back
|
redirect_to_back
|
||||||
|
|
|
@ -271,6 +271,10 @@ class User < ActiveRecord::Base
|
||||||
cuser and (self == cuser or cuser.admin?)
|
cuser and (self == cuser or cuser.admin?)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def can_change_name? cuser
|
||||||
|
cuser and cuser.admin?
|
||||||
|
end
|
||||||
|
|
||||||
def can_destroy? cuser
|
def can_destroy? cuser
|
||||||
cuser and cuser.admin?
|
cuser and cuser.admin?
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,10 +15,12 @@
|
||||||
|
|
||||||
<div class="tabbed-contents">
|
<div class="tabbed-contents">
|
||||||
<div class="tab" id="account">
|
<div class="tab" id="account">
|
||||||
|
<% if cuser and @user.can_change_name? cuser %>
|
||||||
<div class="fields horizontal">
|
<div class="fields horizontal">
|
||||||
<%= f.label :username, 'Username', class: 'required' %>
|
<%= f.label :username, 'Username', class: 'required' %>
|
||||||
<%= f.text_field :username %>
|
<%= f.text_field :username %>
|
||||||
</div>
|
</div>
|
||||||
|
<% end %>
|
||||||
<div class="fields horizontal">
|
<div class="fields horizontal">
|
||||||
<%= f.label :raw_password, "Password" %>
|
<%= f.label :raw_password, "Password" %>
|
||||||
<%= f.password_field :raw_password %>
|
<%= f.password_field :raw_password %>
|
||||||
|
|
Loading…
Reference in a new issue