diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index b7ec77d..5c1be13 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -1,6 +1,6 @@ class Admin::UsersController < ApplicationController + before_action :set_user, only: [ :show, :update ] before_action :authorize! - before_action :set_user, only: [ :show, :edit ] def index @users = User.all.order(:lastname, :firstname) @@ -20,6 +20,14 @@ class Admin::UsersController < ApplicationController end def update + authorize! @user + if @user.update(user_params) + respond_to do |format| + format.html { redirect_to admin_users_path } + end + else + render :index, status: :unprocessable_entity + end end private @@ -27,4 +35,8 @@ class Admin::UsersController < ApplicationController def set_user @user = User.find(params[:id]) end + + def user_params + params.require(:user).permit(:role) + end end diff --git a/app/models/user.rb b/app/models/user.rb index cd72292..d67f9a1 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -23,6 +23,8 @@ class User < ApplicationRecord normalizes :email, with: -> { _1.strip.downcase } + AVAILABLE_ROLES = [ :user, :operator, :admin ] + enum :role, { user: "user", operator: "operator", diff --git a/app/policies/admin/user_policy.rb b/app/policies/admin/user_policy.rb index 81ad910..e9727b4 100644 --- a/app/policies/admin/user_policy.rb +++ b/app/policies/admin/user_policy.rb @@ -1,2 +1,7 @@ class Admin::UserPolicy < ApplicationPolicy + skip_pre_check :allow_admins, only: :change_role? + + def change_role? + user.admin? and user != record + end end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index 216b0f0..dac52d1 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -1,6 +1,6 @@ # Base class for application policies class ApplicationPolicy < ActionPolicy::Base - pre_check :allow_admins, :only_verified_users + pre_check :allow_admins, :deny_verified_users # admin is good! :) def allow_admins @@ -8,7 +8,7 @@ class ApplicationPolicy < ActionPolicy::Base end # no email verification no rights - def only_verified_users + def deny_verified_users deny! unless user.verified? end diff --git a/app/views/admin/users/_user_tr.html.erb b/app/views/admin/users/_user_tr.html.erb index cc6a077..a50e0da 100644 --- a/app/views/admin/users/_user_tr.html.erb +++ b/app/views/admin/users/_user_tr.html.erb @@ -25,15 +25,17 @@ - <%= link_to do %> - User - <% end unless user.user? %> - <%= link_to do %> - Operator - <% end unless user.operator? %> - <%= link_to do %> - Admin - <% end unless user.admin? %> + <% User::AVAILABLE_ROLES.each do |role| %> + <% if allowed_to? :change_role?, user %> + <%= button_to admin_user_path(user), method: :patch, params: { user: { role: role }} do %> + <%= role %> + <% end unless user.role == role.to_s %> + <% else %> + <% unless user.role == role.to_s %> + <%= role %> + <% end %> + <% end %> + <% end %> <% end %> diff --git a/config/routes.rb b/config/routes.rb index 324b229..b8ed49f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -18,9 +18,8 @@ Rails.application.routes.draw do end resource :profile, only: [ :show, :edit, :destroy ] namespace :admin do - resource :jobs, only: [ :index ] - resources :users, only: [ :index, :show ] - resources :jobs + resources :users, only: [ :index, :show, :update ] + resources :jobs, only: [ :index ] resource :dashboard, only: [ :show ] end namespace :operator do