TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60208 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: 4ba1a0f340
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4ba1a0f340'
${ noResults }
openproject/app/controllers/users_controller.rb

345 lines
10 KiB
Raw Normal View History Unescape

Set source encoding to UTF-8
13 years ago
#-- encoding: UTF-8
safe automatic fixes by rubocop (#8994)
4 years ago
[#197] Upgrade the copyright in the code files
14 years ago
#-- copyright
Update copyright notice
5 years ago
# OpenProject is an open source project management software.
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2012-2021 the OpenProject GmbH
[#436] Remove trailing whitespace
14 years ago
#
[#197] Upgrade the copyright in the code files
14 years ago
# This program is free software; you can redistribute it and/or
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update
12 years ago
# modify it under the terms of the GNU General Public License version 3.
[#436] Remove trailing whitespace
14 years ago
#
new copyright header #1903
11 years ago
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2006-2013 Jean-Philippe Lang
new copyright header #1903
11 years ago
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
Move license and copyright docs to root, fix names and references
3 years ago
# See COPYRIGHT and LICENSE files for more details.
[#197] Upgrade the copyright in the code files
14 years ago
#++
added svn:eol-style native property on /app files git-svn-id: http://redmine.rubyforge.org/svn/trunk@333 e93f8b46-1217-0410-a6f0-8f06a7374b81
18 years ago
class UsersController < ApplicationController
Adds an admin layout that displays the admin menu in the sidebar. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3176 e93f8b46-1217-0410-a6f0-8f06a7374b81
15 years ago
layout 'admin'
[#436] Remove trailing whitespace
14 years ago
AngularJS in 'mail-notifications.html.erb' replaced by Angular component (#6338) * AngularJS in 'mail-notifications.html.erb' replaced by new Angular component 'show-section-dropdown.component.ts'
7 years ago
helper_method :gon
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
before_action :authorize_global, except: %i[show deletion_info destroy]
before_action :find_user, only: %i[show
safe automatic fixes by rubocop (#8994)
4 years ago
edit
update
change_status_info
change_status
destroy
deletion_info
resend_invitation]
Code style enhancements to fight against bad scoring
9 years ago
# should also contain destroy but post data can not be redirected
Rename before_filter to before_action
8 years ago
before_action :require_login, only: [:deletion_info]
before_action :authorize_for_user, only: [:destroy]
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
before_action :check_if_deletion_allowed, only: %i[deletion_info
safe automatic fixes by rubocop (#8994)
4 years ago
destroy]
forbid user creation if password login is disabled
10 years ago
[3926] Use password confirmation for deletion (#6086) [ci skip]
7 years ago
# Password confirmation helpers and actions
rename and inflect according to zeitwerk
5 years ago
include PasswordConfirmation
[3926] Use password confirmation for deletion (#6086) [ci skip]
7 years ago
before_action :check_password_confirmation, only: [:destroy]
rename and inflect according to zeitwerk
5 years ago
include Accounts::UserLimits
don't warn twice
6 years ago
before_action :enforce_user_limit, only: [:create]
before_action -> { enforce_user_limit flash_now: true }, only: [:new]
user limits for enterprise edition
7 years ago
added svn:eol-style native property on /app files git-svn-id: http://redmine.rubyforge.org/svn/trunk@333 e93f8b46-1217-0410-a6f0-8f06a7374b81
18 years ago
include SortHelper
[#436] Remove trailing whitespace
14 years ago
include CustomFieldsHelper
uses will_paginate for users pagination
12 years ago
include PaginationHelper
v0.2.0 git-svn-id: http://redmine.rubyforge.org/svn/trunk@7 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
def index
enhanced member screen; members and user table refactoring using cells
8 years ago
@groups = Group.all.sort
final rubocop remarks
8 years ago
@status = Users::UserFilterCell.status_param params
fixes filtering members by group (#5800) additionally fixes: * with "all" selected, all members are shown, not only those being active, invited or registered * with "locked" selected, locked users are now displayed. * the Project#members_principals associations lacked the `references` method which lead to the users table being undefined in the resulting query. In order to achive the bug fixes, the member filtering is now based on the query engine also used for users, queries, work_packages, ... As a lot of the members filters are very similar to user filters (in fact, a lot of the members filter work on the users model), those filters are shared via modules. [ci skip]
7 years ago
@users = Users::UserFilterCell.filter params
added svn:eol-style native property on /app files git-svn-id: http://redmine.rubyforge.org/svn/trunk@333 e93f8b46-1217-0410-a6f0-8f06a7374b81
18 years ago
Indentation. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5154 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
respond_to do |format|
Prefer do…end for controller respond_to blocks `rubocop -a` does not currently normalise formatting consistently (see ec1bb39f). Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
format.html do
Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
render layout: !request.xhr?
Prefer do…end for controller respond_to blocks `rubocop -a` does not currently normalise formatting consistently (see ec1bb39f). Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
end
[#436] Remove trailing whitespace
14 years ago
end
v0.2.0 git-svn-id: http://redmine.rubyforge.org/svn/trunk@7 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
end
[#436] Remove trailing whitespace
14 years ago
AccountController#show (/account/show/:id) moved to UsersController#show (/users/:id). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2988 e93f8b46-1217-0410-a6f0-8f06a7374b81
15 years ago
def show
Show projects depending on their visibility in user's profile. #6100 git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3935 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
# show projects based on current user visibility
adapt to newly introduced query
8 years ago
@memberships = @user.memberships
Do not include global roles in memberships list (#8931) With a user and a global role set, the users/show method will fail as it tries to render a project for every membership.
4 years ago
.where.not(project_id: nil)
adapt to newly introduced query
8 years ago
.visible(current_user)
[#436] Remove trailing whitespace
14 years ago
Feature/aggregated activities (#8221) * use cte for aggregated journal * Revert "use cte for aggregated journal" This reverts commit 5fedefefdd8339c3a054a3f0f0c5085a72471758. * add another subselect that could later on be provided from the outside * allow passing a nukleous sql to aggregated journals * wip - using aggregated journal for activity * new sql for aggregated journals * start implementing new aggregated query * additional documentation * consolidate activity functionality * simplify by turing into instance methods * move activity fetcher out of redmine * remove verb verification made obsolete Without catchall routes, the dispatching handles it * remove duplicate authorize check * refactor activities controller * refactory activity fetcher * cache avatar file * sort choosable events * remove legacy spec covered by contemporary * speed up aggregated journals via CTE * instance var might never have been set * ensure the event_types are always transmitted * correctly reset the avatar cache * fix avatar fetcher expectation regarding wiki pages * adapt spec [ci skip]
5 years ago
events = Activities::Fetcher.new(User.current, author: @user).events(nil, nil, limit: 10)
Fix syntax (w/Rubocop) in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
@events_by_day = events.group_by { |e| e.event_datetime.to_date }
[#436] Remove trailing whitespace
14 years ago
Allow deletion of placeholder users when permission of :manage_placeholder_user give (#9018) * Refactoring: Rename permission :add_user and :add_placholder_user to :manage_user and :manage_placeholder_user * Add deletion to :manage_placeholder_user permission label * WIP: Check :manage_placeholder_user permission before deletion Specs still missing * In controller rely on authorize_global for deleting placeholder users * Add deletion_info for placeholder users * Extend specs * Set placeholder users to locked when deleting * Review feedback Co-authored-by: Oliver Günther <mail@oliverguenther.de>
4 years ago
if !current_user.allowed_to_globally?(:manage_user) &&
rewrite acts as journalized to create journals in sql
5 years ago
(!(@user.active? ||
@user.registered?) ||
(@user != User.current && @memberships.empty? && events.empty?))
render_404
else
respond_to do |format|
format.html { render layout: 'no_menu' }
Let administrators see locked user profiles. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3493 e93f8b46-1217-0410-a6f0-8f06a7374b81
15 years ago
end
AccountController#show (/account/show/:id) moved to UsersController#show (/users/:id). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2988 e93f8b46-1217-0410-a6f0-8f06a7374b81
15 years ago
end
end
Initial commit git-svn-id: http://redmine.rubyforge.org/svn/trunk@4 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
Refactor: rename UsersController#add to #new git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4229 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
def new
[26688] In-app notifications (#9399) * Add bell icon to icon font * Add in app notification in top menu * Add fullscreen modal * Add notification modal and items * Style items * Toggle details of item * Mark all read * Add no results box * wip specification for event api * Add events table, query and index * Send out events from WP notification mailer job There we have the recipients present * Add cleanup job for older events with a setting * Hide bell notification when not logged * Add specs for events API index/show * Fix setting yml key * remove pry in event creation * Fix before hook in events API to after_validation * Fix polymorphic association raising exception for aggregated journals * Fix typo in read_ian * Fix yml entry for mentioned * Add read/unread post actions to event API and add specs * Wire up API to frontend * Fix order on events * Switch to unread in notification * Add event query * rename WPEventService * route wp mail sending over events * rename spec methods * author becomes watcher * correct message call signature * rename events to notifications * renname parameter to reflect notification nature * create author watcher for existing work packages * Merge unreadCount from store * Take a stab at polymorphic representers * Fix link generation in polymorphic resources For journals, no title is being generated however * Fix frontend model for context * Use timer for polling * add notification_setting data layer * Fix show resource spec * Fix duplicate class in notification bell item * Add minimal feature spec for notification * API for notification settings * Persist notifications * adapt work package notification creation to notification settings * extract notified_on_all * consolidate wp#recipients * concentrate wp notification in journal service * simplify methods * Remove unused patch endpoint * Add specs for rendering and parsing notification settings * Contract spec * Update service spec * adapt specs * Angular notifications frontend commit e29dced64699eb5f2443b9307c78343c9a58d1ee Author: Wieland Lindenthal <w.lindenthal@forkmerge.com> Date: Mon Jun 21 17:34:50 2021 +0200 Create Akita store and query for notification settings commit 1a45c26c1a0c147d15393e49d2625aca4851a64d Author: Wieland Lindenthal <w.lindenthal@forkmerge.com> Date: Mon Jun 21 11:09:25 2021 +0200 Remove tabs from notificaition settings page commit 0ea21e90c13a197f8bf2cfba1b60ddcff4e5e827 Author: Oliver Günther <mail@oliverguenther.de> Date: Sun Jun 20 21:55:48 2021 +0200 WIP in app settings * migrate notification data * add project visible filter to project query * Add inline-create and table display grouped by project * Add notifications under admin/users * Remove notifications partial * Rename notififcations store to user preferences store * Add setting for self_notified and hook that up to the backend * Add aria-label to table checkboxes * Restyle table and toolbar * replace remains of mail_notifications attribute * initialize notification settings for new user * adapt my_preferences references * reenable no self notified for documents * adapt specs * Avoid has_many :notifcation_settings Rails magically autosaves the user's preferences when the user gets saved, which somehow also tries to save the notfifications even when unchanged. This breaks some specs such as the avatar upload spec. As we can't update the assocation through rails anyway, just delegate to the user for reading instead. * Restore update method of notification settings * Restore update spec * fix spec syntax * lint scss * linting * Fix content_tag for bell icon * Add feature specs for notification settings * Disable ContentTag cop * use visible filter to get projects for notification The visible filter will reduce the project list down to the set of projects visible to the user provided as a parameter. This includes public projects. * test for actual mail sending * adapt me resource path this.apiV3Service.users.me changed its type in 0d6c0b6bc7620de94e00e72b36d6cbc1ec4c8db4 * Implement changed migration * Linting * Add actor to notification representer * Fix factory creating a duplicate WP journal * Add work packages loading and journal details to notification entry component * IAN basic facets, keep and expanded states. * Fix notification bell spec * Render body separately and add auto updating relative time * Add fixedTime title * Add actor to notification entry * Fix clicking links on work package and project * Tiny styling changes on entry row * Disable count in notification if larger than 99 (wont fit) * Introduce virtual scrolling to entry table * allow delaying & prevent mail sending if ain read Introduces a setting to delay mail sending after a journal aggregation time has expired. That way, users can confirm a notification in app. If they do before the delay expires, no mail is sent out additionally for that user. * consolidate notifications (in&out) into shared admin menu Co-authored-by: ulferts <jens.ulferts@googlemail.com> Co-authored-by: Wieland Lindenthal <w.lindenthal@forkmerge.com>
3 years ago
@user = User.new(language: Setting.default_language)
Refactor: split UsersController#add into #add and #create git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4215 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
end
[#436] Remove trailing whitespace
14 years ago
Refactor: split UsersController#add into #add and #create git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4215 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
def create
use service to have notification settings created The `Users::CreateService` correctly creates the notification settings. It is now used in the users controller
3 years ago
call = Users::CreateService
.new(user: current_user)
.call(create_params)
User: Move auth_source_id filtering to PermittedParams
11 years ago
use service to have notification settings created The `Users::CreateService` correctly creates the notification settings. It is now used in the users controller
3 years ago
@user = call.result
if call.success?
flash[:notice] = I18n.t(:notice_successful_create)
redirect_to(params[:continue] ? new_user_path : edit_user_path(@user))
v0.2.0 git-svn-id: http://redmine.rubyforge.org/svn/trunk@7 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
else
use service to have notification settings created The `Users::CreateService` correctly creates the notification settings. It is now used in the users controller
3 years ago
@errors = call.errors
render action: 'new'
added svn:eol-style native property on /app files git-svn-id: http://redmine.rubyforge.org/svn/trunk@333 e93f8b46-1217-0410-a6f0-8f06a7374b81
18 years ago
end
v0.2.0 git-svn-id: http://redmine.rubyforge.org/svn/trunk@7 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
end
Initial commit git-svn-id: http://redmine.rubyforge.org/svn/trunk@4 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
v0.2.0 git-svn-id: http://redmine.rubyforge.org/svn/trunk@7 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
def edit
added svn:eol-style native property on /app files git-svn-id: http://redmine.rubyforge.org/svn/trunk@333 e93f8b46-1217-0410-a6f0-8f06a7374b81
18 years ago
@membership ||= Member.new
Placeholder user services and administration (#8944) * Adding placeholder user contracts * Adding create, update, and delete services for placeholder users * WIP: Adding Placeholder User contract specs [ci skip] * Extract contract validation into common helper * Add common validation in BaseContract + common example for admin checks * Introduce common ModelContract shared context for validations * WIP: PlaceholderUser controller, i18n, and routes [ci skip] * Placeholder users index page and query - moved all group related scopes from User to Principal to make them also available in PlaceholderUser. * end * Create PlaceholderUser * Feature spec for editing a placeholder user * Manage PlaceholderUser memberships The managment of memberships is pretty similar for User and PlaceholderUser. This commit extacts the similarities and uses them for both. * General partial and show view for PlaceholderUser * Delete obosolete partial * Allow RequireAdminGuard to be used as a module function * Fix I18n for confirmation text * Smaller code improvements * Fix: Syntax for accessing status enums was wrong. * Use UpdateService for updating a placeholder user * Add spec for PlaceholderUsersController * First code improvements after code review. - more improvements to come. * Further code improvements after review ... still more to come * Correct namespace of delete service * Fix: Make placeholder user contract validate * Remove :type attribute from base contract of User and PlaceholerUser ...and add it to the CreateContracts. Also add type validations. Further extract shared examples for placeholder user attribute validation * Refactor: Extract membership hook calls to helper * Fix redirect paths for membership controllers * Specs already present in shared exampels. * Fix duplicates routes for users and placeholder users * Fix user path * Add attribute name and lastname We don't need a writeable check as both are equally writable * Replace more references to tab_edit_user_path * Skip specs for PlaceholderUsers::DeletionService We will tackle that service in a separate PR. * Fix module usage of RequireAdminGuard * Fix group filter for placeholder users * Fix invalid reference to expect_valid * Fix: Fix tabbed edit path for placeholder users * Fix status filtering on users * Linting * Improve generalisation of individual principal filter cell - Check for presence of groups and statuses in order to toggle visibility of their UI element. - Remove groups from placeholder user controller and cell initialization and options * Fix selector on groups assign * Remove using_shared_fixtures Co-authored-by: Oliver Günther <mail@oliverguenther.de>
4 years ago
@individual_principal = @user
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
end
[#436] Remove trailing whitespace
14 years ago
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
def update
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
update_params = build_user_update_params
call = ::Users::UpdateService.new(model: @user, user: current_user).call(update_params)
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
if call.success?
[36746] Unset plain password accessor after saving (#9157) * [36746] Unset plain password accessor after saving Otherwise, this password remains and is validated again due to "user.register!" which then fails with an exception https://community.openproject.org/wp/36746 * Don't try to use user.password after saving it now gets cleared * Remove user.password usage in specs The user password attribute is an accessor that now gets deleted after saving so tests can no longer depend on it being present after created from a Factory * Also retain user password in mail handler
4 years ago
if update_params[:password].present? && @user.change_password_allowed?
fixed self registration; manual activation of invited users
9 years ago
send_information = params[:send_information]
if @user.invited?
# setting a password for an invited user activates them implicitly
user limits for enterprise edition
7 years ago
if OpenProject::Enterprise.user_limit_reached?
@user.register!
show_user_limit_warning!
else
@user.activate!
end
fixed self registration; manual activation of invited users
9 years ago
send_information = true
end
if @user.active? && send_information
[36746] Unset plain password accessor after saving (#9157) * [36746] Unset plain password accessor after saving Otherwise, this password remains and is validated again due to "user.register!" which then fails with an exception https://community.openproject.org/wp/36746 * Don't try to use user.password after saving it now gets cleared * Remove user.password usage in specs The user password attribute is an accessor that now gets deleted after saving so tests can no longer depend on it being present after created from a Factory * Also retain user password in mail handler
4 years ago
UserMailer.account_information(@user, update_params[:password]).deliver_later
fixed self registration; manual activation of invited users
9 years ago
end
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
end
[#436] Remove trailing whitespace
14 years ago
Add responders to UsersController. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4451 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
respond_to do |format|
Prefer do…end for controller respond_to blocks `rubocop -a` does not currently normalise formatting consistently (see ec1bb39f). Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
format.html do
Fix/replace custom i18n function (#8681) * replace custom i18n function calls * remove custom i18n method
4 years ago
flash[:notice] = I18n.t(:notice_successful_update)
Fix/replace deprecations (#5533) * replace alias_method_chain * remove deprecation silencing * bump controller-testing * introduce permitted params for settings * replace various deprecations in controllers * remove deprecation silencing for legacy_specs * remove `puts` from spec * replace deprecated access to errors * remove unnecessary AR::Parameters usage in spec * specify error to expect * replace deprecations * replace deprecated action calls in legacy function specs * replace deprecations in functional controller tests * replace deprecations in controllers/controller_specs * remove params parser which does not seem to be in effect It is registered for the content type :exclude which makes no sense as it should deal with :json. The desired behaviour of the api dealing with parsing errors is working with or without the code. * replace deprecations in unit specs * replace alias_method_chain [ci skip]
7 years ago
redirect_back(fallback_location: edit_user_path(@user))
Prefer do…end for controller respond_to blocks `rubocop -a` does not currently normalise formatting consistently (see ec1bb39f). Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
end
Add responders to UsersController. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4451 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
end
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
else
@membership ||= Member.new
Moves password param to user hash param so that it can be set using the User API. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4493 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
# Clear password input
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
@user = call.result
@errors = call.errors
Moves password param to user hash param so that it can be set using the User API. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4493 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
@user.password = @user.password_confirmation = nil
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
Add responders to UsersController. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4451 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
respond_to do |format|
Fix/replace deprecations (#5533) * replace alias_method_chain * remove deprecation silencing * bump controller-testing * introduce permitted params for settings * replace various deprecations in controllers * remove deprecation silencing for legacy_specs * remove `puts` from spec * replace deprecated access to errors * remove unnecessary AR::Parameters usage in spec * specify error to expect * replace deprecations * replace deprecated action calls in legacy function specs * replace deprecations in functional controller tests * replace deprecations in controllers/controller_specs * remove params parser which does not seem to be in effect It is registered for the content type :exclude which makes no sense as it should deal with :json. The desired behaviour of the api dealing with parsing errors is working with or without the code. * replace deprecations in unit specs * replace alias_method_chain [ci skip]
7 years ago
format.html do
render action: :edit
end
Add responders to UsersController. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4451 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
end
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
end
added svn:eol-style native property on /app files git-svn-id: http://redmine.rubyforge.org/svn/trunk@333 e93f8b46-1217-0410-a6f0-8f06a7374b81
18 years ago
end
Refactor: split UsersController#edit into #edit and #update git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4230 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
[25880] Allow locking of registered users without prior activation (#5898) Adds helpers to the activation mail to activate and / or lock the user. If the instance allows deletion, it also shows this action. A new route is introduced to confirm the status change of the new user. https://community.openproject.com/wp/25880 [ci skip]
7 years ago
def change_status_info
@status_change = params[:change_action].to_sym
return render_400 unless %i(activate lock unlock).include? @status_change
end
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
def change_status
Prevent users from changing their own status
11 years ago
if @user.id == current_user.id
# user is not allowed to change own status
Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
redirect_back_or_default(action: 'edit', id: @user)
Prevent users from changing their own status
11 years ago
return
end
user limits for enterprise edition
7 years ago
if (params[:unlock] || params[:activate]) && user_limit_reached?
show_user_limit_error!
return redirect_back_or_default(action: 'edit', id: @user)
end
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
if params[:unlock]
@user.failed_login_count = 0
@user.activate
elsif params[:lock]
@user.lock
elsif params[:activate]
@user.activate
end
# Was the account activated? (do it before User#save clears the change)
Placeholder user project members (#8961) * remove intermediate placeholder scope Doing so, placeholder users will begin to show up in the system * remove scope without value * extract scope * use enum for status * allow placeholder users to become project members * display placeholder user member on members widget * remove now superfluous method The status name can simply be queried via #status now * replace possible_assignees/responsibles on project This also leads to placeholder users becoming eligible as assignees and responsibles. * fix aggregated scope on bulk edit * linting * remove IssueHelper
4 years ago
was_activated = (@user.status_change == %w[registered active])
switch to user invitation by default this changes quite many flows. With this user self registration is a separate flow to what happens when an admin creates a user. Users created by admins are 'invited' instead of 'registered'.
9 years ago
polish considering remarks through review and houndci
9 years ago
if params[:activate] && @user.missing_authentication_method?
switch to user invitation by default this changes quite many flows. With this user self registration is a separate flow to what happens when an admin creates a user. Users created by admins are 'invited' instead of 'registered'.
9 years ago
flash[:error] = I18n.t(:error_status_change_failed,
polish considering remarks through review and houndci
9 years ago
errors: I18n.t(:notice_user_missing_authentication_method),
switch to user invitation by default this changes quite many flows. With this user self registration is a separate flow to what happens when an admin creates a user. Users created by admins are 'invited' instead of 'registered'.
9 years ago
scope: :user)
elsif @user.save
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
flash[:notice] = I18n.t(:notice_successful_update)
if was_activated
Allow `deliver_later` using a custom ApplicationJob We're getting more and more reports on synchronous Timeouts and SMTP errors causing internal errors for users when trying to send mail in the request of the browser. With rails 5.2, we can assign a custom job that handles the `deliver_later` delayed sending. We can hook this into the ApplicationJob with delayed_job. Since rails now also has GlobalID serialization of ActiveRecord, we don't even need to do the serialization ourselves!
5 years ago
UserMailer.account_activated(@user).deliver_later
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
end
else
flash[:error] = I18n.t(:error_status_change_failed,
Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
errors: @user.errors.full_messages.join(', '),
scope: :user)
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
end
Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
redirect_back_or_default(action: 'edit', id: @user)
User/edit: Add buttons for changing user status incl. unblocking Conflicts: app/controllers/users_controller.rb features/step_definitions/user_steps.rb
12 years ago
end
resend invitation feature
9 years ago
def resend_invitation
Placeholder user project members (#8961) * remove intermediate placeholder scope Doing so, placeholder users will begin to show up in the system * remove scope without value * extract scope * use enum for status * allow placeholder users to become project members * display placeholder user member on members widget * remove now superfluous method The status name can simply be queried via #status now * replace possible_assignees/responsibles on project This also leads to placeholder users becoming eligible as assignees and responsibles. * fix aggregated scope on bulk edit * linting * remove IssueHelper
4 years ago
status = Principal.statuses[:invited]
allow changing user's authentication method
8 years ago
@user.update status: status if @user.status != status
show proper error on failure instead of 500
9 years ago
token = UserInvitation.reinvite_user @user.id
resend invitation feature
9 years ago
show proper error on failure instead of 500
9 years ago
if token.persisted?
flash[:notice] = I18n.t(:notice_user_invitation_resent, email: @user.mail)
else
logger.error "could not re-invite #{@user.mail}: #{token.errors.full_messages.join(' ')}"
flash[:error] = I18n.t(:notice_internal_server_error, app_title: Setting.app_title)
end
resend invitation feature
9 years ago
redirect_to edit_user_path(@user)
end
adding a delete account link to the "my account" menu * before the deletion, the user is presented a view with the consequences of deleting his account * deleted users are logged out
13 years ago
def destroy
refactor the user destroy method. make the case where the user deletes him/herself more clear with a separate variable.
11 years ago
# true if the user deletes him/herself
self_delete = (@user == User.current)
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
Users::DeleteService.new(model: @user, user: User.current).call
refactor the user destroy method. make the case where the user deletes him/herself more clear with a separate variable.
11 years ago
Fix/replace custom i18n function (#8681) * replace custom i18n function calls * remove custom i18n method
4 years ago
flash[:notice] = I18n.t('account.deleted')
refactor the user destroy method. make the case where the user deletes him/herself more clear with a separate variable.
11 years ago
makes User#destroy part of the api
12 years ago
respond_to do |format|
format.html do
refactor the user destroy method. make the case where the user deletes him/herself more clear with a separate variable.
11 years ago
redirect_to self_delete ? signin_path : users_path
makes User#destroy part of the api
12 years ago
end
enable admins to delete other users
13 years ago
end
adding a delete account link to the "my account" menu * before the deletion, the user is presented a view with the consequences of deleting his account * deleted users are logged out
13 years ago
end
def deletion_info
Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
render action: 'deletion_info', layout: my_or_admin_layout
adding a delete account link to the "my account" menu * before the deletion, the user is presented a view with the consequences of deleting his account * deleted users are logged out
13 years ago
end
Adds support for requesting information about current user using /users/current (#7141). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4544 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
private
[#436] Remove trailing whitespace
14 years ago
Adds support for requesting information about current user using /users/current (#7141). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4544 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
def find_user
enable admins to delete other users
13 years ago
if params[:id] == 'current' || params['id'].nil?
Adds support for requesting information about current user using /users/current (#7141). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4544 e93f8b46-1217-0410-a6f0-8f06a7374b81
14 years ago
require_login || return
@user = User.current
else
@user = User.find(params[:id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
adding a delete account link to the "my account" menu * before the deletion, the user is presented a view with the consequences of deleting his account * deleted users are logged out
13 years ago
def authorize_for_user
enable admins to delete other users
13 years ago
if (User.current != @user ||
User.current == User.anonymous) &&
!User.current.admin?
adding a delete account link to the "my account" menu * before the deletion, the user is presented a view with the consequences of deleting his account * deleted users are logged out
13 years ago
makes User#destroy part of the api
12 years ago
respond_to do |format|
[27828] Feature: Query menu in sidenav (#6429) * in main menu add gantt as extra work package child item * Satisfy spec and code climate * Add gantt chart icon behin default gantt query name. * WIP Query menu in left sidebar * Shift query dropdown in left sidenav * Reload menu or load query on click from every project location * WIP set correct label for default queries * Query menu listens on all changes of queries (delete, create, rename, toggle starred) and updates immediatly * WIP: Inline edit, field validation * Inline Edit validation and comfirm * Inline edit: validation of duplicate name * Set default columns and sorting for static queries * Codeclimate issues fixed * WIP Inline edit validation not working perfectly in all error states * Inline edit working * Autocompleter hover disabled and hovering over categories fixed * Category hover and toggle fixed; tested in Chrome, Firefox and Opera * Placeholder cut off fixed and text wrap added * English and german wording adjusted * Styles of inline edit and menu adjusted; matching wiki page styles * prevent menus to be displayed to often * application menu only displayed on work package * specify using no_menu layout more often * adapt tests to altered production implementation * Hamburger icon only in project; on global wp page: default queries shown correctly and summary removed * searching for undefined leads to error * Accessible click fixed (listen on escape) * Gantt in top menu deleted (gantt chart is part of default queries on wp page) * load menu on wp summary page * reduce times queries are loaded * lowercase on second word * remove menu from search and home * Styles fixed (category toggle and correct highlighting) * reflect static query in url * fix autocomplete handling in specs * Open all global menus on default and hide hamburger icon on global pages; Rebuild changes that have been ovrwritten after merge" * Correct highlighting of default queries after reload * Replace summary cuke with spec * WIP * Clear up selectors * Avoid actively setting promises and instead use $state.go to load links [ci skip] * Make editable title component a little simpler We can reuse the component I built for the wiki, that wasn't present in the frontend beforehand. * Fix moving through the menu and selecting items [ci skip] * Add save button to query title when query changed * Improve static names lookup by comparing query_props * Adapt and fix specs * Allow inner scrolling of wp query results Also, style the webkit scrollbar to make it pretty where supported * Allow renaming the query through setting menu, but simply focus on field [ci skip]
6 years ago
format.html { render_403 }
format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="OpenProject API"' }
format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="OpenProject API"' }
format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="OpenProject API"' }
makes User#destroy part of the api
12 years ago
end
adding a delete account link to the "my account" menu * before the deletion, the user is presented a view with the consequences of deleting his account * deleted users are logged out
13 years ago
false
end
end
enable admins to delete other users
13 years ago
adding settings to control user deletion * slit up into admin allowed to delete user accounts and users allowed delete their own account
13 years ago
def check_if_deletion_allowed
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
render_404 unless Users::DeleteContract.deletion_allowed? @user, User.current
adding settings to control user deletion * slit up into admin allowed to delete user accounts and users allowed delete their own account
13 years ago
end
enable admins to delete other users
13 years ago
def my_or_admin_layout
# TODO: how can this be done better:
# check if the route used to call the action is in the 'my' namespace
if url_for(:delete_my_account_info) == request.url
'my'
else
'admin'
end
end
forbid user creation if password login is disabled
10 years ago
disable password choice config
10 years ago
def set_password?(params)
params[:user][:password].present? && !OpenProject::Configuration.disable_password_choice?
end
Add links to beadcrumb
8 years ago
protected
def default_breadcrumb
if action_name == 'index'
t('label_user_plural')
else
ActionController::Base.helpers.link_to(t('label_user_plural'), users_path)
end
end
Hide breadcrub per default and show in admin, my, wikHide breadcrub per default and show in admin, my, wiki
8 years ago
def show_local_breadcrumb
[35508] Add global permission to manage placeholder users (#9000) * Add global permission to manage (but not delete) placeholders https://community.openproject.com/work_packages/35508 * Restore breadcrumbs for non-show routes * Remove permissions to memberships for add_placeholder_user permission * Allow non-admins with global permission to access membership * Remove permissions to memberships for add_placeholder_user permission * Rename shared_examples for admin contract validations Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
action_name != 'show'
Hide breadcrub per default and show in admin, my, wikHide breadcrub per default and show in admin, my, wiki
8 years ago
end
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
def build_user_update_params
pref_params = permitted_params.pref.to_h
update_params = permitted_params
.user_create_as_admin(@user.uses_external_authentication?, @user.change_password_allowed?)
.to_h
.merge(pref: pref_params)
return update_params unless @user.change_password_allowed?
if params[:user][:assign_random_password]
password = OpenProject::Passwords::Generator.random_password
update_params.merge!(
password: password,
password_confirmation: password,
force_password_change: true
)
elsif set_password? params
update_params.merge!(
password: params[:user][:password],
password_confirmation: params[:user][:password_confirmation]
)
end
update_params
end
use service to have notification settings created The `Users::CreateService` correctly creates the notification settings. It is now used in the users controller
3 years ago
def create_params
permitted_params
.user_create_as_admin(false, false)
.merge(admin: params[:user][:admin] || false,
login: params[:user][:login] || params[:user][:mail],
status: User.statuses[:invited])
end
Initial commit git-svn-id: http://redmine.rubyforge.org/svn/trunk@4 e93f8b46-1217-0410-a6f0-8f06a7374b81
19 years ago
end