FIX: Don't show "resend email" option when user approval is on

2017-05-25 15:28:39 -04:00 · 2017-05-25 15:28:39 -04:00 · b584264d82
parent 29fac1ac18
commit b584264d82
4 changed files with 30 additions and 7 deletions
--- a/app/assets/javascripts/discourse/templates/account-created/index.hbs
+++ b/app/assets/javascripts/discourse/templates/account-created/index.hbs
@ -1,7 +1,7 @@
 <div class='ac-message'>
  {{{accountCreated.message}}}
 </div>
-{{#if accountCreated.username}}
+{{#if accountCreated.show_controls}}
  {{activation-controls sendActivationEmail=(action "sendActivationEmail")
                        editActivationEmail=(action "editActivationEmail")}}
 {{/if}}
--- a/app/assets/javascripts/discourse/templates/components/activation-controls.hbs
+++ b/app/assets/javascripts/discourse/templates/components/activation-controls.hbs
@ -1,7 +1,10 @@
-{{d-button action=sendActivationEmail
-           label="login.resend_title"
-           icon="envelope"
-           class="btn-primary resend"}}
+{{#unless siteSettings.must_approve_users}}
+  {{d-button action=sendActivationEmail
+             label="login.resend_title"
+             icon="envelope"
+             class="btn-primary resend"}}
+{{/unless}}
+
 {{d-button action=editActivationEmail
           label="login.change_email"
           icon="pencil"
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -537,12 +537,16 @@ class UsersController < ApplicationController

    @custom_body_class = "static-account-created"
    @message = session['user_created_message'] || I18n.t('activation.missing_session')
-    @account_created = { message: @message }
+    @account_created = {
+      message: @message,
+      show_controls: false
+    }

    if session_user_id = session[SessionController::ACTIVATE_USER_KEY]
      if user = User.where(id: session_user_id.to_i).first
        @account_created[:username] = user.username
        @account_created[:email] = user.email
+        @account_created[:show_controls] = true
      end
    end

@ -618,6 +622,8 @@ class UsersController < ApplicationController
      RateLimiter.new(nil, "activate-min-#{request.remote_ip}", 6, 1.minute).performed!
    end

+    raise Discourse::InvalidAccess.new if SiteSetting.must_approve_users?
+
    if params[:username].present?
      @user = User.find_by_username_or_email(params[:username].to_s)
    end
@ -626,7 +632,7 @@ class UsersController < ApplicationController
    if !current_user&.staff? &&
        @user.id != session[SessionController::ACTIVATE_USER_KEY]

-      raise Discourse::InvalidAccess
+      raise Discourse::InvalidAccess.new
    end

    session.delete(SessionController::ACTIVATE_USER_KEY)
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -1461,6 +1461,20 @@ describe UsersController do
        end
      end

+      context "approval is enabled" do
+        before do
+          SiteSetting.must_approve_users = true
+        end
+
+        it "should raise an error" do
+          unconfirmed_email_user = Fabricate(:user, active: true)
+          unconfirmed_email_user.email_tokens.create(email: unconfirmed_email_user.email)
+          session[SessionController::ACTIVATE_USER_KEY] = unconfirmed_email_user.id
+          xhr :post, :send_activation_email, username: unconfirmed_email_user.username
+          expect(response.status).to eq(403)
+        end
+      end
+
      describe 'when user does not have a valid session' do
        it 'should not be valid' do
          user = Fabricate(:user)