94e125709c
Add a Restricted user level. Restricted users are level 10, below Members. New users start out as Restricted if they sign up from a proxy or an IP recently used by another user. Restricted users can't update or edit any public content on the site until they verify their email address, at which point they're promoted to Member. Restricted users are only allowed to do personal actions like keep favorites, keep favgroups and saved searches, mark dmails as read or deleted, or mark forum posts as read. The restricted state already existed before, the only change here is that now it's an actual user level instead of a hidden state. Before it was based on two hidden flags on the user, the `requires_verification` flag (set when a user signs up from a proxy, etc), and the `is_verified` flag (set after the user verifies their email). Making it a user level means that now the Restricted status will be shown publicly. Introducing a new level below Member means that we have to change every `is_member?` check to `!is_anonymous` for every place where we used `is_member?` to check that the current user is logged in.
69 lines
2.0 KiB
Ruby
69 lines
2.0 KiB
Ruby
class EmailsController < ApplicationController
|
|
respond_to :html, :xml, :json
|
|
|
|
def index
|
|
@email_addresses = authorize EmailAddress.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
|
@email_addresses = @email_addresses.includes(:user)
|
|
respond_with(@email_addresses)
|
|
end
|
|
|
|
def show
|
|
if params[:user_id]
|
|
@email_address = authorize EmailAddress.find_by_user_id!(params[:user_id])
|
|
else
|
|
@email_address = authorize EmailAddress.find(params[:id])
|
|
end
|
|
|
|
respond_with(@email_address)
|
|
end
|
|
|
|
def edit
|
|
@user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy
|
|
respond_with(@user)
|
|
end
|
|
|
|
def update
|
|
@user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy
|
|
|
|
if @user.authenticate_password(params[:user][:password])
|
|
@user.update(email_address_attributes: { address: params[:user][:email] })
|
|
else
|
|
@user.errors.add(:base, "Password was incorrect")
|
|
end
|
|
|
|
if @user.errors.none?
|
|
flash[:notice] = "Email updated. Check your email to confirm your new address"
|
|
UserMailer.email_change_confirmation(@user).deliver_later
|
|
respond_with(@user, location: settings_url)
|
|
else
|
|
flash[:notice] = @user.errors.full_messages.join("; ")
|
|
respond_with(@user)
|
|
end
|
|
end
|
|
|
|
def verify
|
|
@user = User.find(params[:user_id])
|
|
@email_address = @user.email_address
|
|
|
|
if @email_address.blank?
|
|
redirect_to edit_user_email_path(@user)
|
|
elsif params[:email_verification_key].present?
|
|
authorize @email_address
|
|
@email_address.verify!
|
|
flash[:notice] = "Email address verified"
|
|
redirect_to @email_address.user
|
|
else
|
|
authorize @email_address
|
|
respond_with(@user)
|
|
end
|
|
end
|
|
|
|
def send_confirmation
|
|
@user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy
|
|
UserMailer.welcome_user(@user).deliver_later
|
|
|
|
flash[:notice] = "Confirmation email sent to #{@user.email_address.address}. Check your email to confirm your address"
|
|
redirect_to @user
|
|
end
|
|
end
|