discourse/app/controllers/admin/users_controller.rb

198 lines
5.2 KiB
Ruby
Raw Normal View History

require_dependency 'user_destroyer'
require_dependency 'admin_user_index_query'
require_dependency 'boost_trust_level'
2013-02-06 03:16:51 +08:00
class Admin::UsersController < Admin::AdminController
before_filter :fetch_user, only: [:suspend,
:unsuspend,
2013-10-23 03:53:08 +08:00
:refresh_browsers,
2014-06-06 11:02:52 +08:00
:log_out,
2013-10-23 03:53:08 +08:00
:revoke_admin,
:grant_admin,
:revoke_moderation,
:grant_moderation,
:approve,
:activate,
:deactivate,
:block,
:unblock,
:trust_level,
:primary_group,
2013-10-23 03:53:08 +08:00
:generate_api_key,
:revoke_api_key]
2013-02-06 03:16:51 +08:00
def index
query = ::AdminUserIndexQuery.new(params)
render_serialized(query.find_users, AdminUserSerializer)
2013-02-06 03:16:51 +08:00
end
def show
@user = User.find_by(username_lower: params[:id])
raise Discourse::NotFound.new unless @user
2013-02-06 03:16:51 +08:00
render_serialized(@user, AdminDetailedUserSerializer, root: false)
end
def delete_all_posts
@user = User.find_by(id: params[:user_id])
@user.delete_all_posts!(guardian)
render nothing: true
end
def suspend
guardian.ensure_can_suspend!(@user)
@user.suspended_till = params[:duration].to_i.days.from_now
@user.suspended_at = DateTime.now
2013-02-06 03:16:51 +08:00
@user.save!
StaffActionLogger.new(current_user).log_user_suspend(@user, params[:reason])
2013-02-06 03:16:51 +08:00
render nothing: true
end
def unsuspend
guardian.ensure_can_suspend!(@user)
@user.suspended_till = nil
@user.suspended_at = nil
2013-02-06 03:16:51 +08:00
@user.save!
StaffActionLogger.new(current_user).log_user_unsuspend(@user)
2013-02-06 03:16:51 +08:00
render nothing: true
end
2014-06-06 11:02:52 +08:00
def log_out
@user.auth_token = nil
@user.save!
render nothing: true
end
2013-02-06 03:16:51 +08:00
def refresh_browsers
refresh_browser @user
render nothing: true
2013-02-06 03:16:51 +08:00
end
def revoke_admin
guardian.ensure_can_revoke_admin!(@user)
@user.revoke_admin!
2013-02-06 03:16:51 +08:00
render nothing: true
end
2013-10-23 03:53:08 +08:00
def generate_api_key
api_key = @user.generate_api_key(current_user)
render_serialized(api_key, ApiKeySerializer)
end
def revoke_api_key
@user.revoke_api_key
render nothing: true
end
2013-02-06 03:16:51 +08:00
def grant_admin
guardian.ensure_can_grant_admin!(@user)
2013-05-06 12:49:56 +08:00
@user.grant_admin!
2013-02-07 23:45:24 +08:00
render_serialized(@user, AdminUserSerializer)
2013-02-06 03:16:51 +08:00
end
def revoke_moderation
guardian.ensure_can_revoke_moderation!(@user)
@user.revoke_moderation!
render nothing: true
end
def grant_moderation
guardian.ensure_can_grant_moderation!(@user)
2013-05-06 12:49:56 +08:00
@user.grant_moderation!
render_serialized(@user, AdminUserSerializer)
end
def primary_group
guardian.ensure_can_change_primary_group!(@user)
@user.primary_group_id = params[:primary_group_id]
@user.save!
render nothing: true
end
def trust_level
guardian.ensure_can_change_trust_level!(@user)
2013-07-24 05:58:26 +08:00
logger = StaffActionLogger.new(current_user)
BoostTrustLevel.new(user: @user, level: params[:level], logger: logger).save!
render_serialized(@user, AdminUserSerializer)
end
2013-02-06 03:16:51 +08:00
def approve
guardian.ensure_can_approve!(@user)
@user.approve(current_user)
render nothing: true
end
def approve_bulk
User.where(id: params[:users]).each do |u|
u.approve(current_user) if guardian.can_approve?(u)
end
render nothing: true
end
def activate
guardian.ensure_can_activate!(@user)
@user.activate
render nothing: true
end
def deactivate
guardian.ensure_can_deactivate!(@user)
@user.deactivate
refresh_browser @user
render nothing: true
end
def block
guardian.ensure_can_block_user! @user
UserBlocker.block(@user, current_user)
render nothing: true
end
def unblock
guardian.ensure_can_unblock_user! @user
UserBlocker.unblock(@user, current_user)
render nothing: true
end
def reject_bulk
d = UserDestroyer.new(current_user)
success_count = 0
User.where(id: params[:users]).each do |u|
success_count += 1 if guardian.can_delete_user?(u) and d.destroy(u, params.slice(:context)) rescue UserDestroyer::PostsExistError
end
render json: {success: success_count, failed: (params[:users].try(:size) || 0) - success_count}
end
def destroy
user = User.find_by(id: params[:id])
guardian.ensure_can_delete_user!(user)
begin
if UserDestroyer.new(current_user).destroy(user, params.slice(:delete_posts, :block_email, :block_urls, :block_ip, :context))
render json: {deleted: true}
else
render json: {deleted: false, user: AdminDetailedUserSerializer.new(user, root: false).as_json}
end
rescue UserDestroyer::PostsExistError
raise Discourse::InvalidAccess.new("User #{user.username} has #{user.post_count} posts, so can't be deleted.")
end
end
2013-02-06 03:16:51 +08:00
def badges
end
def leader_requirements
end
private
def fetch_user
@user = User.find_by(id: params[:user_id])
end
def refresh_browser(user)
MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
end
end