New site settings to enable/disable the possibility of editing user's nickname or email address

This commit is contained in:
Matthieu Guillemot 2013-09-08 11:42:41 +09:00 committed by Matthieu Guillemot
parent 10c4dee67c
commit 3ba1f20674
8 changed files with 89 additions and 6 deletions

View File

@ -27,7 +27,9 @@
<label class="control-label">{{i18n user.email.title}}</label>
<div class="controls">
<span class='static'>{{email}}</span>
{{#linkTo "preferences.email" class="btn pad-left"}}<i class="icon-pencil"></i>{{/linkTo}}
{{#if can_edit_email}}
{{#linkTo "preferences.email" class="btn pad-left"}}<i class="icon-pencil"></i>{{/linkTo}}
{{/if}}
</div>
<div class='instructions'>
{{i18n user.email.instructions}}

View File

@ -205,7 +205,7 @@ class UsersController < ApplicationController
def change_email
params.require(:email)
user = fetch_user_from_params
guardian.ensure_can_edit!(user)
guardian.ensure_can_edit_email!(user)
lower_email = Email.downcase(params[:email]).strip
# Raise an error if the email is already in use

View File

@ -251,6 +251,7 @@ class SiteSetting < ActiveRecord::Base
setting(:delete_all_posts_max, 10)
setting(:username_change_period, 3) # days
setting(:email_editable, true)
client_setting(:allow_uploaded_avatars, true)
client_setting(:allow_animated_avatars, false)

View File

@ -10,6 +10,7 @@ class UserSerializer < BasicUserSerializer
:website,
:can_edit,
:can_edit_username,
:can_edit_email,
:stats,
:can_send_private_message_to_user,
:bio_excerpt,
@ -78,6 +79,10 @@ class UserSerializer < BasicUserSerializer
scope.can_edit_username?(object)
end
def can_edit_email
scope.can_edit_email?(object)
end
def stats
UserAction.stats(object.id, scope)
end

View File

@ -684,7 +684,8 @@ en:
relative_date_duration: "Number of days after posting where post dates will be shown as relative instead of absolute. Examples: relative date: 7d, absolute date: 20 Feb"
delete_user_max_age: "The maximum age of a user, in days, which can be deleted by an admin."
delete_all_posts_max: "The maximum number of posts that can be deleted at once with the Delete All Posts button. If a user has more than this many posts, the posts cannot all be deleted at once and the user can't be deleted."
username_change_period: "The number of days after registration that accounts can change their username."
username_change_period: "The number of days after registration that accounts can change their username (0 to disallow username change)."
email_editable: "Allow users to change their e-mail address after registration."
allow_uploaded_avatars: "Allow users to upload their custom avatars"
allow_animated_avatars: "Allow users to use animated gif for avatars. WARNING: it is highly recommended to run the avatars:regenerate rake task after changing that setting."

View File

@ -285,7 +285,15 @@ class Guardian
end
def can_edit_username?(user)
is_staff? || (is_me?(user) && (user.post_count == 0 || user.created_at > SiteSetting.username_change_period.days.ago))
return true if is_staff?
return false if SiteSetting.username_change_period <= 0
is_me?(user) && (user.post_count == 0 || user.created_at > SiteSetting.username_change_period.days.ago)
end
def can_edit_email?(user)
return true if is_staff?
return false unless SiteSetting.email_editable?
can_edit?(user)
end
# Deleting Methods

View File

@ -1195,6 +1195,72 @@ describe Guardian do
end
end
end
context 'when editing is disabled in preferences' do
before do
SiteSetting.stubs(:username_change_period).returns(0)
end
include_examples "staff can always change usernames"
it "is false for the user to change his own username" do
Guardian.new(user).can_edit_username?(user).should be_false
end
end
end
describe "can_edit_email?" do
context 'when allowed in settings' do
before do
SiteSetting.stubs(:email_editable?).returns(true)
end
it "is false when not logged in" do
Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago)).should be_false
end
it "is false for regular users to edit another user's email" do
Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago)).should be_false
end
it "is true for a regular user to edit his own email" do
Guardian.new(user).can_edit_email?(user).should be_true
end
it "is true for moderators" do
Guardian.new(moderator).can_edit_email?(user).should be_true
end
it "is true for admins" do
Guardian.new(admin).can_edit_email?(user).should be_true
end
end
context 'when not allowed in settings' do
before do
SiteSetting.stubs(:email_editable?).returns(false)
end
it "is false when not logged in" do
Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago)).should be_false
end
it "is false for regular users to edit another user's email" do
Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago)).should be_false
end
it "is false for a regular user to edit his own email" do
Guardian.new(user).can_edit_email?(user).should be_false
end
it "is true for admins" do
Guardian.new(admin).can_edit_email?(user).should be_true
end
it "is true for moderators" do
Guardian.new(moderator).can_edit_email?(user).should be_true
end
end
end
end

View File

@ -181,8 +181,8 @@ describe UsersController do
lambda { xhr :put, :change_email, username: user.username }.should raise_error(ActionController::ParameterMissing)
end
it "raises an error if you can't edit the user" do
Guardian.any_instance.expects(:can_edit?).with(user).returns(false)
it "raises an error if you can't edit the user's email" do
Guardian.any_instance.expects(:can_edit_email?).with(user).returns(false)
xhr :put, :change_email, username: user.username, email: new_email
response.should be_forbidden
end