Add customizable user roles (#18641)

* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management

2 files changed, 54 insertions, 0 deletions

diff --git a/app/controllers/admin/users/roles_controller.rb b/app/controllers/admin/users/roles_controller.rb
new file mode 100644
index 000000000..0db50cee9
--- /dev/null
+++ b/app/controllers/admin/users/roles_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Admin
+  class Users::RolesController < BaseController
+    before_action :set_user
+
+    def show
+      authorize @user, :change_role?
+    end
+
+    def update
+      authorize @user, :change_role?
+
+      @user.current_account = current_account
+
+      if @user.update(resource_params)
+        redirect_to admin_account_path(@user.account_id), notice: I18n.t('admin.accounts.change_role.changed_msg')
+      else
+        render :show
+      end
+    end
+
+    private
+
+    def set_user
+      @user = User.find(params[:user_id])
+    end
+
+    def resource_params
+      params.require(:user).permit(:role_id)
+    end
+  end
+end
diff --git a/app/controllers/admin/users/two_factor_authentications_controller.rb b/app/controllers/admin/users/two_factor_authentications_controller.rb
new file mode 100644
index 000000000..5e3fb2b3c
--- /dev/null
+++ b/app/controllers/admin/users/two_factor_authentications_controller.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Admin
+  class Users::TwoFactorAuthenticationsController < BaseController
+    before_action :set_target_user
+
+    def destroy
+      authorize @user, :disable_2fa?
+      @user.disable_two_factor!
+      log_action :disable_2fa, @user
+      UserMailer.two_factor_disabled(@user).deliver_later!
+      redirect_to admin_account_path(@user.account_id)
+    end
+
+    private
+
+    def set_target_user
+      @user = User.find(params[:user_id])
+    end
+  end
+end