fixes #2470: Neutral records to keep track of permissions

2015-10-26 14:27:03 -07:00
parent 34aa777aad
commit 3a81f1ee8e
3 changed files with 49 additions and 16 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -50,6 +50,7 @@ class UsersController < ApplicationController
    @user = User.find(params[:id])
    check_privilege(@user)
    sanitize_params!
+    handle_promotion!
    @user.update_attributes(params[:user].except(:name), :as => CurrentUser.role)
    cookies.delete(:favorite_tags)
    cookies.delete(:favorite_tags_with_categories)
@@ -76,6 +77,12 @@ private
    end
  end

+  def handle_promotion!
+    if params[:user] && params[:user][:level]
+      UserPromotion.new(@user, CurrentUser.user, params[:user].delete(:level)).promote!
+    end
+  end
+
  def check_privilege(user)
    raise User::PrivilegeError unless (user.id == CurrentUser.id || CurrentUser.is_admin?)
  end