discourse/app/controllers/admin/users_controller.rb

require_dependency 'user_destroyer'

class Admin::UsersController < Admin::AdminController

  before_filter :fetch_user, only: [:ban, :unban, :refresh_browsers, :revoke_admin, :grant_admin, :revoke_moderation, :grant_moderation, :approve, :activate, :deactivate, :block, :unblock]

  def index
    # Sort order
    if params[:query] == "active"
      @users = User.order("COALESCE(last_seen_at, to_date('1970-01-01', 'YYYY-MM-DD')) DESC, username")
    else
      @users = User.order("created_at DESC, username")
    end

    if ['newuser', 'basic', 'regular', 'leader', 'elder'].include?(params[:query])
      @users = @users.where('trust_level = ?', TrustLevel.levels[params[:query].to_sym])
    end

    @users = @users.where('admin = ?', true)      if params[:query] == 'admins'
    @users = @users.where('moderator = ?', true)  if params[:query] == 'moderators'
    @users = @users.blocked                       if params[:query] == 'blocked'
    @users = @users.where('approved = false')     if params[:query] == 'pending'
    @users = @users.where('username_lower like :filter or email like :filter', filter: "%#{params[:filter].downcase}%") if params[:filter].present?
    @users = @users.take(100)
    render_serialized(@users, AdminUserSerializer)
  end

  def show
    @user = User.where(username_lower: params[:id]).first
    raise Discourse::NotFound.new unless @user
    render_serialized(@user, AdminDetailedUserSerializer, root: false)
  end

  def delete_all_posts
    @user = User.where(id: params[:user_id]).first
    @user.delete_all_posts!(guardian)
    render nothing: true
  end

  def ban
    guardian.ensure_can_ban!(@user)
    @user.banned_till = params[:duration].to_i.days.from_now
    @user.banned_at = DateTime.now
    @user.save!
    # TODO logging
    render nothing: true
  end

  def unban
    guardian.ensure_can_ban!(@user)
    @user.banned_till = nil
    @user.banned_at = nil
    @user.save!
    # TODO logging
    render nothing: true
  end

  def refresh_browsers
    MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]
    render nothing: true
  end

  def revoke_admin
    guardian.ensure_can_revoke_admin!(@user)
    @user.revoke_admin!
    render nothing: true
  end

  def grant_admin
    guardian.ensure_can_grant_admin!(@user)
    @user.grant_admin!
    render_serialized(@user, AdminUserSerializer)
  end

  def revoke_moderation
    guardian.ensure_can_revoke_moderation!(@user)
    @user.revoke_moderation!
    render nothing: true
  end

  def grant_moderation
    guardian.ensure_can_grant_moderation!(@user)
    @user.grant_moderation!
    render_serialized(@user, AdminUserSerializer)
  end

  def approve
    guardian.ensure_can_approve!(@user)
    @user.approve(current_user)
    render nothing: true
  end

  def approve_bulk
    User.where(id: params[:users]).each do |u|
      u.approve(current_user) if guardian.can_approve?(u)
    end
    render nothing: true
  end

  def activate
    guardian.ensure_can_activate!(@user)
    @user.activate
    render nothing: true
  end

  def deactivate
    guardian.ensure_can_deactivate!(@user)
    @user.deactivate
    render nothing: true
  end

  def block
    guardian.ensure_can_block_user! @user
    SpamRulesEnforcer.punish! @user
    render nothing: true
  end

  def unblock
    guardian.ensure_can_unblock_user! @user
    SpamRulesEnforcer.clear @user
    render nothing: true
  end

  def destroy
    user = User.where(id: params[:id]).first
    guardian.ensure_can_delete_user!(user)
    if UserDestroyer.new(current_user).destroy(user)
      render json: {deleted: true}
    else
      render json: {deleted: false, user: AdminDetailedUserSerializer.new(user, root: false).as_json}
    end
  end


  private

    def fetch_user
      @user = User.where(id: params[:user_id]).first
    end

end
Add ability to destroy a user with 0 posts 2013-04-12 04:04:20 +08:00			`require_dependency 'user_destroyer'`

Initial release of Discourse 2013-02-06 03:16:51 +08:00			`class Admin::UsersController < Admin::AdminController`

Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-05-31 23:41:40 +08:00			`before_filter :fetch_user, only: [:ban, :unban, :refresh_browsers, :revoke_admin, :grant_admin, :revoke_moderation, :grant_moderation, :approve, :activate, :deactivate, :block, :unblock]`

Initial release of Discourse 2013-02-06 03:16:51 +08:00			`def index`
			`# Sort order`
			`if params[:query] == "active"`
add to_date so its more explicit 2013-02-11 06:11:02 +08:00			`@users = User.order("COALESCE(last_seen_at, to_date('1970-01-01', 'YYYY-MM-DD')) DESC, username")`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`else`
			`@users = User.order("created_at DESC, username")`
Fix all the trailing whitespace 2013-02-07 23:45:24 +08:00			`end`
Initial release of Discourse 2013-02-06 03:16:51 +08:00
Admin Dashboard: click numbers in Users per Trust Level table to see a list of the users 2013-04-23 22:29:18 +08:00			`if ['newuser', 'basic', 'regular', 'leader', 'elder'].include?(params[:query])`
			`@users = @users.where('trust_level = ?', TrustLevel.levels[params[:query].to_sym])`
			`end`

Dashboard links to list of admins and moderators; Move a bunch of ember routes into one file: admin_users_list_routes.js 2013-04-24 00:07:58 +08:00			`@users = @users.where('admin = ?', true) if params[:query] == 'admins'`
			`@users = @users.where('moderator = ?', true) if params[:query] == 'moderators'`
Add a count of blocked users on the dashboard 2013-06-04 23:53:19 +08:00			`@users = @users.blocked if params[:query] == 'blocked'`
Dashboard links to list of admins and moderators; Move a bunch of ember routes into one file: admin_users_list_routes.js 2013-04-24 00:07:58 +08:00			`@users = @users.where('approved = false') if params[:query] == 'pending'`
case sensitive where it should not be 2013-06-17 13:47:18 +08:00			`@users = @users.where('username_lower like :filter or email like :filter', filter: "%#{params[:filter].downcase}%") if params[:filter].present?`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`@users = @users.take(100)`
			`render_serialized(@users, AdminUserSerializer)`
			`end`

			`def show`
			`@user = User.where(username_lower: params[:id]).first`
Raise 404 from Admin::UsersController#show if no user found [Fixes #353] 2013-03-06 06:02:23 +08:00			`raise Discourse::NotFound.new unless @user`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`render_serialized(@user, AdminDetailedUserSerializer, root: false)`
			`end`

added delete all posts button wired up the ability to enable all themes 2013-02-07 15:11:56 +08:00			`def delete_all_posts`
			`@user = User.where(id: params[:user_id]).first`
			`@user.delete_all_posts!(guardian)`
			`render nothing: true`
			`end`
Work in Progress: Content Editing in Admin Section 2013-04-05 00:59:44 +08:00
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`def ban`
			`guardian.ensure_can_ban!(@user)`
			`@user.banned_till = params[:duration].to_i.days.from_now`
			`@user.banned_at = DateTime.now`
			`@user.save!`
			`# TODO logging`
			`render nothing: true`
			`end`

			`def unban`
			`guardian.ensure_can_ban!(@user)`
			`@user.banned_till = nil`
			`@user.banned_at = nil`
			`@user.save!`
			`# TODO logging`
			`render nothing: true`
			`end`

			`def refresh_browsers`
			`MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]`
add render nothing to refresh_browsers method 2013-03-24 05:37:37 +08:00			`render nothing: true`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`end`

			`def revoke_admin`
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-05-31 23:41:40 +08:00			`guardian.ensure_can_revoke_admin!(@user)`
			`@user.revoke_admin!`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`render nothing: true`
			`end`

			`def grant_admin`
			`guardian.ensure_can_grant_admin!(@user)`
automatic group infrustructure 2013-05-06 12:49:56 +08:00			`@user.grant_admin!`
Fix all the trailing whitespace 2013-02-07 23:45:24 +08:00			`render_serialized(@user, AdminUserSerializer)`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`end`

Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-13 06:58:08 +08:00			`def revoke_moderation`
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-05-31 23:41:40 +08:00			`guardian.ensure_can_revoke_moderation!(@user)`
			`@user.revoke_moderation!`
Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-13 06:58:08 +08:00			`render nothing: true`
			`end`

			`def grant_moderation`
			`guardian.ensure_can_grant_moderation!(@user)`
automatic group infrustructure 2013-05-06 12:49:56 +08:00			`@user.grant_moderation!`
Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-13 06:58:08 +08:00			`render_serialized(@user, AdminUserSerializer)`
			`end`

Initial release of Discourse 2013-02-06 03:16:51 +08:00			`def approve`
			`guardian.ensure_can_approve!(@user)`
			`@user.approve(current_user)`
			`render nothing: true`
			`end`

			`def approve_bulk`
			`User.where(id: params[:users]).each do \|u\|`
			`u.approve(current_user) if guardian.can_approve?(u)`
			`end`
			`render nothing: true`
			`end`

Add ability for admins and mods to send another activation email to a user, to activate an account, and deactivate an account 2013-05-08 09:58:34 +08:00			`def activate`
			`guardian.ensure_can_activate!(@user)`
			`@user.activate`
			`render nothing: true`
			`end`

			`def deactivate`
			`guardian.ensure_can_deactivate!(@user)`
			`@user.deactivate`
			`render nothing: true`
			`end`

Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-05-31 23:41:40 +08:00			`def block`
			`guardian.ensure_can_block_user! @user`
			`SpamRulesEnforcer.punish! @user`
			`render nothing: true`
			`end`

			`def unblock`
			`guardian.ensure_can_unblock_user! @user`
			`SpamRulesEnforcer.clear @user`
			`render nothing: true`
			`end`

Add ability to destroy a user with 0 posts 2013-04-12 04:04:20 +08:00			`def destroy`
			`user = User.where(id: params[:id]).first`
			`guardian.ensure_can_delete_user!(user)`
			`if UserDestroyer.new(current_user).destroy(user)`
			`render json: {deleted: true}`
			`else`
			`render json: {deleted: false, user: AdminDetailedUserSerializer.new(user, root: false).as_json}`
			`end`
			`end`
Initial release of Discourse 2013-02-06 03:16:51 +08:00
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-05-31 23:41:40 +08:00
			`private`

			`def fetch_user`
			`@user = User.where(id: params[:user_id]).first`
			`end`

Add ability to destroy a user with 0 posts 2013-04-12 04:04:20 +08:00			`end`