users: allow mods to change the names of other users.

Allow moderators to forcibly change the username of other users. This is so mods can change abusive or invalid usernames. * A mod can only change the username of Builder-level users and below. * The user can't change their own name again until one week has passed. * A modaction is logged when a mod changes a user's name. * A dmail is sent to the user notifying them of the change. * The dmail does not send the user an email notification. This is so we don't spam users if their name is changed after they're banned, or if they haven't visited the site in a long time. The rename button is on the user's profile page, and when you hover over the user's name and open the "..." menu.
2022-10-01 23:13:21 -05:00
parent 775326dc37
commit 99846b7e3d
16 changed files with 107 additions and 30 deletions
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -95,7 +95,7 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
        @user.update_columns(name: "foo__bar")

        get_auth posts_path, @user
-        assert_redirected_to new_user_name_change_request_path
+        assert_redirected_to change_name_user_path(@user)
      end
    end

--- a/test/functional/user_name_change_requests_controller_test.rb
+++ b/test/functional/user_name_change_requests_controller_test.rb
@@ -9,33 +9,70 @@ class UserNameChangeRequestsControllerTest < ActionDispatch::IntegrationTest

    context "new action" do
      should "render" do
-        get_auth new_user_name_change_request_path, @user
+        get_auth change_name_user_path(@user), @user
        assert_response :success
      end

      should "render when the current user's name is invalid" do
        @user.update_columns(name: "foo__bar")
-        get_auth new_user_name_change_request_path, @user
+        get_auth change_name_user_path(@user), @user

        assert_response :success
      end
    end

    context "create action" do
-      should "work" do
-        post_auth user_name_change_requests_path, @user, params: { user_name_change_request: { desired_name: "zun" }}
+      should "work for a user changing their own name" do
+        post_auth user_name_change_requests_path, @user, params: { user_name_change_request: { user_id: @user.id, desired_name: "zun" }}

-        assert_redirected_to profile_path
+        assert_redirected_to @user
        assert_equal("zun", @user.reload.name)
+
+        assert_equal(0, ModAction.user_name_change.count)
+        assert_equal(0, @user.dmails.received.count)
+      end
+
+      should "work for a moderator changing a regular user's name" do
+        @user = create(:user, name: "bkub")
+        @mod = create(:moderator_user)
+        post_auth user_name_change_requests_path, @mod, params: { user_name_change_request: { user_id: @user.id, desired_name: "zun" }}
+
+        assert_redirected_to @user
+        assert_equal("zun", @user.reload.name)
+
+        assert_equal("user_name_change", ModAction.last.category)
+        assert_equal(@mod, ModAction.last.creator)
+        assert_equal(@user, ModAction.last.subject)
+        assert_equal("changed user ##{@user.id}'s name from bkub to zun", ModAction.last.description)
+
+        assert_equal(1, @user.dmails.received.count)
+        assert_equal("Your username has been changed", @user.dmails.received.last.title)
+        assert_no_enqueued_emails
      end

      should "fail if the new name is invalid" do
        assert_no_changes(-> { @user.reload.name }) do
-          post_auth user_name_change_requests_path, @user, params: { user_name_change_request: { desired_name: "foo__bar" }}
+          post_auth user_name_change_requests_path, @user, params: { user_name_change_request: { user_id: @user.id, desired_name: "foo__bar" }}

          assert_response :success
        end
      end
+
+      should "fail for a regular user trying to change another user's name" do
+        @user = create(:user, name: "bkub")
+        post_auth user_name_change_requests_path, create(:builder_user), params: { user_name_change_request: { user_id: @user.id, desired_name: "zun" }}
+
+        assert_response 403
+        assert_equal("bkub", @user.reload.name)
+      end
+
+      should "fail for a moderator trying to change the name of someone above Builder level" do
+        @user = create(:moderator_user, name: "mod")
+        post_auth user_name_change_requests_path, create(:moderator_user), params: { user_name_change_request: { user_id: @user.id, desired_name: "zun" }}
+
+        assert_response 403
+        assert_equal("mod", @user.reload.name)
+      end
    end

    context "show action" do