discourse/app/controllers/admin/users_controller.rb

require_dependency 'user_destroyer'

class Admin::UsersController < Admin::AdminController

  def index
    # Sort order
    if params[:query] == "active"
      @users = User.order("COALESCE(last_seen_at, to_date('1970-01-01', 'YYYY-MM-DD')) DESC, username")
    else
      @users = User.order("created_at DESC, username")
    end

    if ['newuser', 'basic', 'regular', 'leader', 'elder'].include?(params[:query])
      @users = @users.where('trust_level = ?', TrustLevel.levels[params[:query].to_sym])
    end

    @users = @users.where('admin = ?', true)      if params[:query] == 'admins'
    @users = @users.where('moderator = ?', true)  if params[:query] == 'moderators'
    @users = @users.where('approved = false')     if params[:query] == 'pending'
    @users = @users.where('username_lower like :filter or email like :filter', filter: "%#{params[:filter]}%") if params[:filter].present?
    @users = @users.take(100)
    render_serialized(@users, AdminUserSerializer)
  end

  def show
    @user = User.where(username_lower: params[:id]).first
    raise Discourse::NotFound.new unless @user
    render_serialized(@user, AdminDetailedUserSerializer, root: false)
  end

  def delete_all_posts
    @user = User.where(id: params[:user_id]).first
    @user.delete_all_posts!(guardian)
    render nothing: true
  end

  def ban
    @user = User.where(id: params[:user_id]).first
    guardian.ensure_can_ban!(@user)
    @user.banned_till = params[:duration].to_i.days.from_now
    @user.banned_at = DateTime.now
    @user.save!
    # TODO logging
    render nothing: true
  end

  def unban
    @user = User.where(id: params[:user_id]).first
    guardian.ensure_can_ban!(@user)
    @user.banned_till = nil
    @user.banned_at = nil
    @user.save!
    # TODO logging
    render nothing: true
  end

  def refresh_browsers
    @user = User.where(id: params[:user_id]).first
    MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]
    render nothing: true
  end

  def revoke_admin
    @admin = User.where(id: params[:user_id]).first
    guardian.ensure_can_revoke_admin!(@admin)
    @admin.update_column(:admin, false)
    render nothing: true
  end

  def grant_admin
    @user = User.where(id: params[:user_id]).first
    guardian.ensure_can_grant_admin!(@user)
    @user.update_column(:admin, true)
    render_serialized(@user, AdminUserSerializer)
  end

  def revoke_moderation
    @moderator = User.where(id: params[:user_id]).first
    guardian.ensure_can_revoke_moderation!(@moderator)
    @moderator.moderator = false
    @moderator.save
    render nothing: true
  end

  def grant_moderation
    @user = User.where(id: params[:user_id]).first
    guardian.ensure_can_grant_moderation!(@user)
    @user.moderator = true
    @user.save
    render_serialized(@user, AdminUserSerializer)
  end

  def approve
    @user = User.where(id: params[:user_id]).first
    guardian.ensure_can_approve!(@user)
    @user.approve(current_user)
    render nothing: true
  end

  def approve_bulk
    User.where(id: params[:users]).each do |u|
      u.approve(current_user) if guardian.can_approve?(u)
    end
    render nothing: true
  end

  def destroy
    user = User.where(id: params[:id]).first
    guardian.ensure_can_delete_user!(user)
    if UserDestroyer.new(current_user).destroy(user)
      render json: {deleted: true}
    else
      render json: {deleted: false, user: AdminDetailedUserSerializer.new(user, root: false).as_json}
    end
  end

end