diff --git a/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars b/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars index 5eefb97e2a3..216ea07a705 100644 --- a/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars +++ b/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars @@ -25,7 +25,11 @@
- {{textField value=newNameInput classNames="input-xxlarge"}} + {{#if can_edit_name}} + {{textField value=newNameInput classNames="input-xxlarge"}} + {{else}} + {{name}} + {{/if}}
{{i18n user.name.instructions}} @@ -73,7 +77,7 @@ {{/if}}
- + {{#if Discourse.SiteSettings.allow_profile_backgrounds}}
diff --git a/lib/guardian/user_guardian.rb b/lib/guardian/user_guardian.rb index 7f810faf82e..3e2bafd3be5 100644 --- a/lib/guardian/user_guardian.rb +++ b/lib/guardian/user_guardian.rb @@ -19,6 +19,13 @@ module UserGuardian can_edit?(user) end + def can_edit_name?(user) + return false if not(SiteSetting.enable_names?) + return false if (SiteSetting.sso_overrides_name? && SiteSetting.enable_sso?) + return true if is_staff? + can_edit?(user) + end + def can_block_user?(user) user && is_staff? && not(user.staff?) end @@ -37,4 +44,4 @@ module UserGuardian end end -end \ No newline at end of file +end diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 0f2ae761e95..08b0457f403 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -1448,5 +1448,68 @@ describe Guardian do end end end + + describe 'can_edit_name?' do + it 'is false without a logged in user' do + Guardian.new(nil).can_edit_name?(build(:user, created_at: 1.minute.ago)).should be_false + end + + it "is false for regular users to edit another user's name" do + Guardian.new(build(:user)).can_edit_name?(build(:user, created_at: 1.minute.ago)).should be_false + end + + context 'for a new user' do + let(:target_user) { build(:user, created_at: 1.minute.ago) } + + it 'is true for the user to change their own name' do + Guardian.new(target_user).can_edit_name?(target_user).should be_true + end + + it 'is true for moderators' do + Guardian.new(moderator).can_edit_name?(user).should be_true + end + + it 'is true for admins' do + Guardian.new(admin).can_edit_name?(user).should be_true + end + end + + context 'when name is disabled in preferences' do + before do + SiteSetting.stubs(:enable_names).returns(false) + end + + it 'is false for the user to change their own name' do + Guardian.new(user).can_edit_name?(user).should be_false + end + + it 'is false for moderators' do + Guardian.new(moderator).can_edit_name?(user).should be_false + end + + it 'is false for admins' do + Guardian.new(admin).can_edit_name?(user).should be_false + end + end + + context 'when SSO name override is active' do + before do + SiteSetting.stubs(:enable_sso).returns(true) + SiteSetting.stubs(:sso_overrides_name).returns(true) + end + + it 'is false for admins' do + Guardian.new(admin).can_edit_name?(admin).should be_false + end + + it 'is false for moderators' do + Guardian.new(moderator).can_edit_name?(moderator).should be_false + end + + it 'is false for users' do + Guardian.new(user).can_edit_name?(user).should be_false + end + end + end end