fixes #2470: Neutral records to keep track of permissions

2015-10-26 14:27:03 -07:00
parent 34aa777aad
commit 3a81f1ee8e
3 changed files with 49 additions and 16 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -50,6 +50,7 @@ class UsersController < ApplicationController
    @user = User.find(params[:id])
    check_privilege(@user)
    sanitize_params!
+    handle_promotion!
    @user.update_attributes(params[:user].except(:name), :as => CurrentUser.role)
    cookies.delete(:favorite_tags)
    cookies.delete(:favorite_tags_with_categories)
@@ -76,6 +77,12 @@ private
    end
  end

+  def handle_promotion!
+    if params[:user] && params[:user][:level]
+      UserPromotion.new(@user, CurrentUser.user, params[:user].delete(:level)).promote!
+    end
+  end
+
  def check_privilege(user)
    raise User::PrivilegeError unless (user.id == CurrentUser.id || CurrentUser.is_admin?)
  end
--- a/app/logical/user_promotion.rb
+++ b/app/logical/user_promotion.rb
@@ -23,6 +23,22 @@ class UserPromotion
    user.save
  end

+  def create_user_feedback
+    if user.level > user.level_was
+      body_prefix = "Promoted"
+    elsif user.level < user.level_was
+      body_prefix = "Demoted"
+    else
+      body_prefix = "Updated"
+    end
+
+    user.feedback.create(
+      :category => "neutral",
+      :body => "#{body_prefix} from #{user.level_string_was} to #{user.level_string}",
+      :disable_dmail_notification => true
+    )
+  end
+
 private
  
  def validate
@@ -40,22 +56,6 @@ private
    TransactionLogItem.record_account_upgrade(user)
  end

-  def create_user_feedback
-    if user.level > user.level_was
-      body_prefix = "Promoted"
-    elsif user.level < user.level_was
-      body_prefix = "Demoted"
-    else
-      body_prefix = "Updated"
-    end
-
-    user.feedback.create(
-      :category => "neutral",
-      :body => "#{body_prefix} from #{user.level_string_was} to #{user.level_string}",
-      :disable_dmail_notification => true
-    )
-  end
-
  def create_dmail
    if user.level >= user.level_was || user.bit_prefs_changed?
      create_promotion_dmail
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -70,6 +70,32 @@ class UsersControllerTest < ActionController::TestCase
        @user.reload
        assert_equal("xyz", @user.favorite_tags)
      end
+
+      context "changing the level" do
+        setup do
+          @cuser = FactoryGirl.create(:user)
+        end
+
+        should "not work if the current user is not an admin" do
+          post :update, {:id => @user.id, :user => {:level => 40}}, {:user_id => @cuser.id}
+          @user.reload
+          assert_equal(20, @user.level)
+        end
+
+        context "where the current user is an admin" do
+          setup do
+            @admin = FactoryGirl.create(:admin_user)
+          end
+
+          should "create a user feedback" do
+            assert_difference("UserFeedback.count") do
+              post :update, {:id => @user.id, :user => {:level => 40}}, {:user_id => @admin.id}
+            end
+            @user.reload
+            assert_equal(40, @user.level)
+          end
+        end
+      end
    end
  end
 end