Only admins can change usernames.

This commit is contained in:
simplefl 2015-06-27 14:23:37 +02:00
parent 02d416bcf0
commit b78056e17a
3 changed files with 7 additions and 0 deletions

View file

@ -63,6 +63,7 @@ class UsersController < ApplicationController
def update def update
raise AccessError unless @user.can_update? cuser raise AccessError unless @user.can_update? cuser
params[:user].delete(:username) unless @user.can_change_name? cuser
if @user.update_attributes params[:user] if @user.update_attributes params[:user]
flash[:notice] = t(:users_update) flash[:notice] = t(:users_update)
redirect_to_back redirect_to_back

View file

@ -271,6 +271,10 @@ class User < ActiveRecord::Base
cuser and (self == cuser or cuser.admin?) cuser and (self == cuser or cuser.admin?)
end end
def can_change_name? cuser
cuser and cuser.admin?
end
def can_destroy? cuser def can_destroy? cuser
cuser and cuser.admin? cuser and cuser.admin?
end end

View file

@ -15,10 +15,12 @@
<div class="tabbed-contents"> <div class="tabbed-contents">
<div class="tab" id="account"> <div class="tab" id="account">
<% if cuser and @user.can_change_name? cuser %>
<div class="fields horizontal"> <div class="fields horizontal">
<%= f.label :username, 'Username', class: 'required' %> <%= f.label :username, 'Username', class: 'required' %>
<%= f.text_field :username %> <%= f.text_field :username %>
</div> </div>
<% end %>
<div class="fields horizontal"> <div class="fields horizontal">
<%= f.label :raw_password, "Password" %> <%= f.label :raw_password, "Password" %>
<%= f.password_field :raw_password %> <%= f.password_field :raw_password %>