GRN2-309: Allows admins to edit a non-local users name and email (#2389)

* Allows admins to edit a non-local users name and email

* Fixed edge case

app/controllers/application_controller.rb

@@ -194,6 +194,14 @@ class ApplicationController < ActionController::Base
   end
   helper_method :allowed_file_types
 
+  # Allows admins to edit a user's details
+  def can_edit_user?(user_to_edit, editting_user)
+    return user_to_edit.greenlight_account? if user_to_edit == editting_user
+
+    editting_user.admin_of?(user_to_edit, "can_manage_users")
+  end
+  helper_method :can_edit_user?
+
   # Returns the page that the logo redirects to when clicked on
   def home_page
     return admins_path if current_user.has_role? :super_admin

app/controllers/users_controller.rb

@@ -92,7 +92,7 @@ class UsersController < ApplicationController
 
     redirect_path = current_user.admin_of?(@user, "can_manage_users") ? path : edit_user_path(@user)
 
-    unless @user.greenlight_account?
+    unless can_edit_user?(@user, current_user)
       params[:user][:name] = @user.name
       params[:user][:email] = @user.email
     end

app/views/users/components/_account.html.erb

@@ -13,6 +13,8 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
 
+<% readonly = !can_edit_user?(@user, current_user) %>
+
 <%= form_for @user, url: update_user_path, method: :post do |f|  %>
   <%= hidden_field_tag :setting, "account" %>
   <div class="form-group">
@@ -20,14 +22,14 @@
       <div class="col-sm-6 mb-4">
         <%= f.label :name, t("settings.account.fullname"), class: "form-label" %>
         <div class="input-icon">
-          <%= f.text_field :name, class: "form-control #{form_is_invalid?(@user, :name)}", placeholder: t("settings.account.fullname"), readonly: !@user.greenlight_account? %>
+          <%= f.text_field :name, class: "form-control #{form_is_invalid?(@user, :name)}", placeholder: t("settings.account.fullname"), readonly: readonly %>
         </div>
       </div>
 
       <div class="col-sm-6 mb-4">
         <%= f.label :email, t("email"), class: "form-label" %>
         <div class="input-icon">
-          <%= f.email_field :email, class: "form-control #{form_is_invalid?(@user, :email)}", placeholder: t("email"), readonly: !@user.greenlight_account? %>
+          <%= f.email_field :email, class: "form-control #{form_is_invalid?(@user, :email)}", placeholder: t("email"), readonly: readonly %>
         </div>
       </div>
     </div>

spec/controllers/users_controller_spec.rb

@@ -329,7 +329,7 @@ describe UsersController, type: :controller do
   end
 
   describe "POST #update" do
-    it "properly updates user attributes" do
+    it "properly updates usser attributes" do
       user = create(:user)
       @request.session[:user_id] = user.id
 
@@ -358,6 +358,22 @@ describe UsersController, type: :controller do
       expect(response).to redirect_to(edit_user_path(user))
     end
 
+    it "allows admins to update a non local accounts name/email" do
+      allow_any_instance_of(User).to receive(:greenlight_account?).and_return(false)
+      user = create(:user)
+      admin = create(:user).set_role :admin
+      @request.session[:user_id] = admin.id
+
+      params = random_valid_user_params
+      post :update, params: params.merge!(user_uid: user)
+      user.reload
+
+      expect(user.name).to eql(params[:user][:name])
+      expect(user.email).to eql(params[:user][:email])
+      expect(flash[:success]).to be_present
+      expect(response).to redirect_to(admins_path)
+    end
+
     it "renders #edit on unsuccessful save" do
       @user = create(:user)
       @request.session[:user_id] = @user.id