From 44b2ee3485ba0845e5910cefcb4b1e2f84f34470 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 5 Jul 2022 02:41:40 +0200
Subject: Add customizable user roles (#18641)

* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
---
 app/controllers/admin/users/roles_controller.rb    | 33 ++++++++++++++++++++++
 .../users/two_factor_authentications_controller.rb | 21 ++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 app/controllers/admin/users/roles_controller.rb
 create mode 100644 app/controllers/admin/users/two_factor_authentications_controller.rb

(limited to 'app/controllers/admin/users')

diff --git a/app/controllers/admin/users/roles_controller.rb b/app/controllers/admin/users/roles_controller.rb
new file mode 100644
index 000000000..0db50cee9
--- /dev/null
+++ b/app/controllers/admin/users/roles_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Admin
+  class Users::RolesController < BaseController
+    before_action :set_user
+
+    def show
+      authorize @user, :change_role?
+    end
+
+    def update
+      authorize @user, :change_role?
+
+      @user.current_account = current_account
+
+      if @user.update(resource_params)
+        redirect_to admin_account_path(@user.account_id), notice: I18n.t('admin.accounts.change_role.changed_msg')
+      else
+        render :show
+      end
+    end
+
+    private
+
+    def set_user
+      @user = User.find(params[:user_id])
+    end
+
+    def resource_params
+      params.require(:user).permit(:role_id)
+    end
+  end
+end
diff --git a/app/controllers/admin/users/two_factor_authentications_controller.rb b/app/controllers/admin/users/two_factor_authentications_controller.rb
new file mode 100644
index 000000000..5e3fb2b3c
--- /dev/null
+++ b/app/controllers/admin/users/two_factor_authentications_controller.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Admin
+  class Users::TwoFactorAuthenticationsController < BaseController
+    before_action :set_target_user
+
+    def destroy
+      authorize @user, :disable_2fa?
+      @user.disable_two_factor!
+      log_action :disable_2fa, @user
+      UserMailer.two_factor_disabled(@user).deliver_later!
+      redirect_to admin_account_path(@user.account_id)
+    end
+
+    private
+
+    def set_target_user
+      @user = User.find(params[:user_id])
+    end
+  end
+end
-- 
cgit