github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-22 13:43:17 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Adds grant and revoke moderation buttons so admins can make users moderators

Browse Source
This commit is contained in:
Ismael Abreu 2013-02-12 22:58:08 +00:00
parent 51473a95b4
commit 80bec6efc9
10 changed files with 163 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/assets/javascripts/admin/models/admin_user.js.coffee
View File

@ -17,6 +17,19 @@ window.Discourse.AdminUser = Discourse.Model.extend
@set('can_revoke_admin',true) @set('can_revoke_admin',true)
$.ajax "/admin/users/#{@get('id')}/grant_admin", type: 'PUT' $.ajax "/admin/users/#{@get('id')}/grant_admin", type: 'PUT'
# Revoke the user's moderation access
revokeModeration: ->
@set('moderator',false)
@set('can_grant_moderation',true)
@set('can_revoke_moderation',false)
$.ajax "/admin/users/#{@get('id')}/revoke_moderation", type: 'PUT'
grantModeration: ->
@set('moderator',true)
@set('can_grant_moderation',false)
@set('can_revoke_moderation',true)
$.ajax "/admin/users/#{@get('id')}/grant_moderation", type: 'PUT'
refreshBrowsers: -> refreshBrowsers: ->
$.ajax "/admin/users/#{@get('id')}/refresh_browsers", $.ajax "/admin/users/#{@get('id')}/refresh_browsers",
type: 'POST' type: 'POST'

15
app/assets/javascripts/admin/templates/user.js.handlebars
View File

@ -84,6 +84,21 @@
<div class='display-row'> <div class='display-row'>
<div class='field'>{{i18n admin.user.moderator}}</div> <div class='field'>{{i18n admin.user.moderator}}</div>
<div class='value'>{{content.moderator}}</div> <div class='value'>{{content.moderator}}</div>
<div class='controls'>
{{#if content.can_revoke_moderation}}
<button class='btn' {{action revokeModeration target="content"}}>
<i class='icon icon-eye-close'></i>
{{i18n admin.user.revoke_moderation}}
</button>
{{/if}}
{{#if content.can_grant_moderation}}
<button class='btn' {{action grantModeration target="content"}}>
<i class='icon icon-eye-open'></i>
{{i18n admin.user.grant_moderation}}
</button>
{{/if}}
</div>
</div> </div>
<div class='display-row'> <div class='display-row'>
<div class='field'>{{i18n trust_level}}</div> <div class='field'>{{i18n trust_level}}</div>

16
app/controllers/admin/users_controller.rb
View File

@ -63,6 +63,22 @@ class Admin::UsersController < Admin::AdminController
render_serialized(@user, AdminUserSerializer) render_serialized(@user, AdminUserSerializer)
end end
def revoke_moderation
@moderator = User.where(id: params[:user_id]).first
guardian.ensure_can_revoke_moderation!(@moderator)
@moderator.change_trust_level(:advanced)
@moderator.save
render nothing: true
end
def grant_moderation
@user = User.where(id: params[:user_id]).first
guardian.ensure_can_grant_moderation!(@user)
@user.change_trust_level(:moderator)
@user.save
render_serialized(@user, AdminUserSerializer)
end
def approve def approve
@user = User.where(id: params[:user_id]).first @user = User.where(id: params[:user_id]).first
guardian.ensure_can_approve!(@user) guardian.ensure_can_approve!(@user)

5
app/models/user.rb
View File

@ -401,6 +401,11 @@ class User < ActiveRecord::Base
(self.trust_level || TrustLevel.Levels[:new]) >= TrustLevel.Levels[level] (self.trust_level || TrustLevel.Levels[:new]) >= TrustLevel.Levels[level]
end end
def change_trust_level(level)
raise "Invalid trust level #{level}" unless TrustLevel.Levels.has_key?(level)
self.trust_level = TrustLevel.Levels[level]
end
def guardian def guardian
Guardian.new(self) Guardian.new(self)
end end

12
app/serializers/admin_detailed_user_serializer.rb
View File

@ -2,8 +2,10 @@ class AdminDetailedUserSerializer < AdminUserSerializer
attributes :moderator, attributes :moderator,
:can_grant_admin, :can_grant_admin,
:can_impersonate,
:can_revoke_admin, :can_revoke_admin,
:can_grant_moderation,
:can_revoke_moderation,
:can_impersonate,
:like_count, :like_count,
:post_count, :post_count,
:flags_given_count, :flags_given_count,
@ -21,6 +23,14 @@ class AdminDetailedUserSerializer < AdminUserSerializer
scope.can_grant_admin?(object) scope.can_grant_admin?(object)
end end
def can_revoke_moderation
scope.can_revoke_moderation?(object)
end
def can_grant_moderation
scope.can_grant_moderation?(object)
end
def can_delete_all_posts def can_delete_all_posts
scope.can_delete_all_posts?(object) scope.can_delete_all_posts?(object)
end end

2
config/locales/en.yml
View File

@ -390,6 +390,8 @@ en:
impersonate: 'Impersonate' impersonate: 'Impersonate'
revoke_admin: 'Revoke Admin' revoke_admin: 'Revoke Admin'
grant_admin: 'Grant Admin' grant_admin: 'Grant Admin'
revoke_moderation: 'Revoke Moderation'
grant_moderation: 'Grant Moderation'
basics: Basics basics: Basics
reputation: Reputation reputation: Reputation
permissions: Permissions permissions: Permissions

2
config/routes.rb
View File

@ -34,6 +34,8 @@ Discourse::Application.routes.draw do
put 'unban' => 'users#unban' put 'unban' => 'users#unban'
put 'revoke_admin' => 'users#revoke_admin' put 'revoke_admin' => 'users#revoke_admin'
put 'grant_admin' => 'users#grant_admin' put 'grant_admin' => 'users#grant_admin'
put 'revoke_moderation' => 'users#revoke_moderation'
put 'grant_moderation' => 'users#grant_moderation'
put 'approve' => 'users#approve' put 'approve' => 'users#approve'
post 'refresh_browsers' => 'users#refresh_browsers' post 'refresh_browsers' => 'users#refresh_browsers'
end end

17
lib/guardian.rb
View File

@ -131,6 +131,23 @@ class Guardian
true true
end end
def can_revoke_moderation?(moderator)
return false unless @user.try(:admin?)
return false if moderator.blank?
return false if @user.id == moderator.id
return false unless moderator.trust_level == TrustLevel.Levels[:moderator]
true
end
def can_grant_moderation?(user)
return false unless @user.try(:admin?)
return false if user.blank?
return false if @user.id == user.id
return false if user.admin?
return false if user.has_trust_level?(:moderator)
true
end
# Can we see who acted on a post in a particular way? # Can we see who acted on a post in a particular way?
def can_see_post_actors?(topic, post_action_type_id) def can_see_post_actors?(topic, post_action_type_id)
return false unless topic.present? return false unless topic.present?

40
spec/components/guardian_spec.rb
View File

@ -761,6 +761,46 @@ describe Guardian do
end end
end end
context 'can_grant_moderation?' do
it "wont allow a non logged in user to grant an moderator's access" do
Guardian.new.can_grant_moderation?(user).should be_false
end
it "wont allow a regular user to revoke an modearator's access" do
Guardian.new(user).can_grant_moderation?(moderator).should be_false
end
it 'wont allow an admin to grant their own access' do
Guardian.new(admin).can_grant_moderation?(admin).should be_false
end
it 'wont allow an admin to grant it to an already moderator' do
Guardian.new(admin).can_grant_moderation?(moderator).should be_false
end
it "allows an admin to grant a regular user access" do
Guardian.new(admin).can_grant_moderation?(user).should be_true
end
end
context 'can_revoke_moderation?' do
it "wont allow a non logged in user to revoke an moderator's access" do
Guardian.new.can_revoke_moderation?(moderator).should be_false
end
it "wont allow a regular user to revoke an moderator's access" do
Guardian.new(user).can_revoke_moderation?(moderator).should be_false
end
it 'wont allow an moderator to revoke their own moderator' do
Guardian.new(moderator).can_revoke_moderation?(moderator).should be_false
end
it "allows an admin to revoke a moderator's access" do
Guardian.new(admin).can_revoke_moderation?(moderator).should be_true
end
end
context "can_see_pending_invites_from?" do context "can_see_pending_invites_from?" do
it 'is false without a logged in user' do it 'is false without a logged in user' do

45
spec/controllers/admin/users_controller_spec.rb
View File

@ -111,8 +111,47 @@ describe Admin::UsersController do
end end
end end
describe '.revoke_moderation' do
before do
@moderator = Fabricate(:moderator)
end
it 'raises an error unless the user can revoke access' do
Guardian.any_instance.expects(:can_revoke_moderation?).with(@moderator).returns(false)
xhr :put, :revoke_moderation, user_id: @moderator.id
response.should be_forbidden
end
it 'updates the moderator flag' do
xhr :put, :revoke_moderation, user_id: @moderator.id
@moderator.reload
@moderator.has_trust_level?(:moderator).should_not be_true
end
end
context '.grant_moderation' do
before do
@another_user = Fabricate(:coding_horror)
end
it "raises an error when the user doesn't have permission" do
Guardian.any_instance.expects(:can_grant_moderation?).with(@another_user).returns(false)
xhr :put, :grant_moderation, user_id: @another_user.id
response.should be_forbidden
end
it "returns a 404 if the username doesn't exist" do
xhr :put, :grant_moderation, user_id: 123123
response.should be_forbidden
end
it 'updates the moderator flag' do
xhr :put, :grant_moderation, user_id: @another_user.id
@another_user.reload
@another_user.has_trust_level?(:moderator).should be_true
end
end
end end
end
end