fixes #2470: Neutral records to keep track of permissions

app/controllers/users_controller.rb

@@ -50,6 +50,7 @@ class UsersController < ApplicationController
     @user = User.find(params[:id])
     check_privilege(@user)
     sanitize_params!
+    handle_promotion!
     @user.update_attributes(params[:user].except(:name), :as => CurrentUser.role)
     cookies.delete(:favorite_tags)
     cookies.delete(:favorite_tags_with_categories)
@@ -76,6 +77,12 @@ private
     end
   end
 
+  def handle_promotion!
+    if params[:user] && params[:user][:level]
+      UserPromotion.new(@user, CurrentUser.user, params[:user].delete(:level)).promote!
+    end
+  end
+
   def check_privilege(user)
     raise User::PrivilegeError unless (user.id == CurrentUser.id || CurrentUser.is_admin?)
   end

app/logical/user_promotion.rb

@@ -23,6 +23,22 @@ class UserPromotion
     user.save
   end
 
+  def create_user_feedback
+    if user.level > user.level_was
+      body_prefix = "Promoted"
+    elsif user.level < user.level_was
+      body_prefix = "Demoted"
+    else
+      body_prefix = "Updated"
+    end
+
+    user.feedback.create(
+      :category => "neutral",
+      :body => "#{body_prefix} from #{user.level_string_was} to #{user.level_string}",
+      :disable_dmail_notification => true
+    )
+  end
+
 private
   
   def validate
@@ -40,22 +56,6 @@ private
     TransactionLogItem.record_account_upgrade(user)
   end
 
-  def create_user_feedback
-    if user.level > user.level_was
-      body_prefix = "Promoted"
-    elsif user.level < user.level_was
-      body_prefix = "Demoted"
-    else
-      body_prefix = "Updated"
-    end
-
-    user.feedback.create(
-      :category => "neutral",
-      :body => "#{body_prefix} from #{user.level_string_was} to #{user.level_string}",
-      :disable_dmail_notification => true
-    )
-  end
-
   def create_dmail
     if user.level >= user.level_was || user.bit_prefs_changed?
       create_promotion_dmail