diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1e2cf536..f3cb5248 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -194,6 +194,14 @@ class ApplicationController < ActionController::Base end helper_method :allowed_file_types + # Allows admins to edit a user's details + def can_edit_user?(user_to_edit, editting_user) + return user_to_edit.greenlight_account? if user_to_edit == editting_user + + editting_user.admin_of?(user_to_edit, "can_manage_users") + end + helper_method :can_edit_user? + # Returns the page that the logo redirects to when clicked on def home_page return admins_path if current_user.has_role? :super_admin diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index d1464e9d..70db2471 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -92,7 +92,7 @@ class UsersController < ApplicationController redirect_path = current_user.admin_of?(@user, "can_manage_users") ? path : edit_user_path(@user) - unless @user.greenlight_account? + unless can_edit_user?(@user, current_user) params[:user][:name] = @user.name params[:user][:email] = @user.email end diff --git a/app/views/users/components/_account.html.erb b/app/views/users/components/_account.html.erb index 72268317..30a31bfa 100644 --- a/app/views/users/components/_account.html.erb +++ b/app/views/users/components/_account.html.erb @@ -13,6 +13,8 @@ # with BigBlueButton; if not, see . %> +<% readonly = !can_edit_user?(@user, current_user) %> + <%= form_for @user, url: update_user_path, method: :post do |f| %> <%= hidden_field_tag :setting, "account" %>
@@ -20,14 +22,14 @@
<%= f.label :name, t("settings.account.fullname"), class: "form-label" %>
- <%= f.text_field :name, class: "form-control #{form_is_invalid?(@user, :name)}", placeholder: t("settings.account.fullname"), readonly: !@user.greenlight_account? %> + <%= f.text_field :name, class: "form-control #{form_is_invalid?(@user, :name)}", placeholder: t("settings.account.fullname"), readonly: readonly %>
<%= f.label :email, t("email"), class: "form-label" %>
- <%= f.email_field :email, class: "form-control #{form_is_invalid?(@user, :email)}", placeholder: t("email"), readonly: !@user.greenlight_account? %> + <%= f.email_field :email, class: "form-control #{form_is_invalid?(@user, :email)}", placeholder: t("email"), readonly: readonly %>
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 46074ebf..59cfe95c 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -329,7 +329,7 @@ describe UsersController, type: :controller do end describe "POST #update" do - it "properly updates user attributes" do + it "properly updates usser attributes" do user = create(:user) @request.session[:user_id] = user.id @@ -358,6 +358,22 @@ describe UsersController, type: :controller do expect(response).to redirect_to(edit_user_path(user)) end + it "allows admins to update a non local accounts name/email" do + allow_any_instance_of(User).to receive(:greenlight_account?).and_return(false) + user = create(:user) + admin = create(:user).set_role :admin + @request.session[:user_id] = admin.id + + params = random_valid_user_params + post :update, params: params.merge!(user_uid: user) + user.reload + + expect(user.name).to eql(params[:user][:name]) + expect(user.email).to eql(params[:user][:email]) + expect(flash[:success]).to be_present + expect(response).to redirect_to(admins_path) + end + it "renders #edit on unsuccessful save" do @user = create(:user) @request.session[:user_id] = @user.id