users: add new owner level.

Add a new Owner user level for the site owner. Highly sensitive operations like manually changing the passwords of other users will be restricted to the site owner.
2020-12-13 14:55:49 -06:00
parent 35134abe8f
commit b3ad13e6e3
7 changed files with 33 additions and 3 deletions
--- a/app/javascript/src/styles/common/user_styles.scss
+++ b/app/javascript/src/styles/common/user_styles.scss
@@ -1,4 +1,8 @@
 body[data-current-user-style-usernames="true"] {
+  a.user-owner {
+    color: var(--user-admin-color);
+  }
+
  a.user-admin {
    color: var(--user-admin-color);
  }
--- a/app/javascript/src/styles/specific/user_tooltips.scss
+++ b/app/javascript/src/styles/specific/user_tooltips.scss
@@ -27,6 +27,7 @@
        margin-right: 0.25em;
        border-radius: 3px;

+        &.user-tooltip-badge-owner { background-color: var(--user-admin-color); }
        &.user-tooltip-badge-admin { background-color: var(--user-admin-color); }
        &.user-tooltip-badge-moderator { background-color: var(--user-moderator-color); }
        &.user-tooltip-badge-approver { background-color: var(--user-builder-color); }
--- a/app/logical/user_deletion.rb
+++ b/app/logical/user_deletion.rb
@@ -64,7 +64,7 @@ class UserDeletion
      errors.add(:base, "Password is incorrect")
    end

-    if user.level >= User::Levels::ADMIN
+    if user.is_admin?
      errors.add(:base, "Admins cannot delete their account")
    end
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -12,6 +12,7 @@ class User < ApplicationRecord
    BUILDER = 32
    MODERATOR = 40
    ADMIN = 50
+    OWNER = 60
  end

  # Used for `before_action :<role>_only`. Must have a corresponding `is_<role>?` method.
@@ -191,6 +192,10 @@ class User < ApplicationRecord
    extend ActiveSupport::Concern

    module ClassMethods
+      def owner
+        User.find_by!(level: Levels::ADMIN)
+      end
+
      def system
        User.find_by!(name: Danbooru.config.system_user)
      end
@@ -208,7 +213,8 @@ class User < ApplicationRecord
          "Platinum" => Levels::PLATINUM,
          "Builder" => Levels::BUILDER,
          "Moderator" => Levels::MODERATOR,
-          "Admin" => Levels::ADMIN
+          "Admin" => Levels::ADMIN,
+          "Owner" => Levels::OWNER
        }
      end

@@ -235,6 +241,9 @@ class User < ApplicationRecord
        when Levels::ADMIN
          "Admin"

+        when Levels::OWNER
+          "Owner"
+
        else
          ""
        end
@@ -299,6 +308,10 @@ class User < ApplicationRecord
      level >= Levels::ADMIN
    end

+    def is_owner?
+      level >= Levels::OWNER
+    end
+
    def is_approver?
      can_approve_posts?
    end
--- a/test/factories/user.rb
+++ b/test/factories/user.rb
@@ -56,6 +56,11 @@ FactoryBot.define do
      can_approve_posts {true}
    end

+    factory(:owner_user) do
+      level { User::Levels::OWNER }
+      can_approve_posts {true}
+    end
+
    factory(:uploader) do
      created_at { 2.weeks.ago }
    end
--- a/test/mailers/previews/user_mailer_preview.rb
+++ b/test/mailers/previews/user_mailer_preview.rb
@@ -1,6 +1,6 @@
 class UserMailerPreview < ActionMailer::Preview
  def dmail_notice
-    dmail = User.admins.first.dmails.first
+    dmail = User.system.dmails.first
    UserMailer.dmail_notice(dmail)
  end

--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -45,7 +45,14 @@ class UserTest < ActiveSupport::TestCase
    end

    should "normalize its level" do
+      user = FactoryBot.create(:user, :level => User::Levels::OWNER)
+      assert(user.is_owner?)
+      assert(user.is_admin?)
+      assert(user.is_moderator?)
+      assert(user.is_gold?)
+
      user = FactoryBot.create(:user, :level => User::Levels::ADMIN)
+      assert(!user.is_owner?)
      assert(user.is_moderator?)
      assert(user.is_gold?)