Merge remote-tracking branch 'upstream/pull/5510'

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 5223920c9c8a37cc89b9162fb0ea813b4ec4bba8..e31e3e930cc8ed60368b85c94fc73318756491a7 100644 (file)
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -67,7 +67,8 @@ class Ability
           can [:hide, :unhide], [DiaryEntry, DiaryComment]
           can [:read, :resolve, :ignore, :reopen], Issue
           can :create, IssueComment
-          can [:set_status, :destroy], User
+
+          can [:update], :user_status
           can [:read, :update], :users_list
           can [:create, :destroy], UserRole
         end

diff --git a/app/controllers/users/statuses_controller.rb b/app/controllers/users/statuses_controller.rb
new file mode 100644 (file)
index 0000000..a66782e
--- /dev/null
+++ b/app/controllers/users/statuses_controller.rb
@@ -0,0 +1,36 @@
+module Users
+  class StatusesController < ApplicationController
+    layout "site"
+
+    before_action :authorize_web
+    before_action :set_locale
+    before_action :check_database_readable
+
+    authorize_resource :class => :user_status
+
+    before_action :lookup_user_by_name
+
+    ##
+    # sets a user's status
+    def update
+      @user.activate! if params[:event] == "activate"
+      @user.confirm! if params[:event] == "confirm"
+      @user.unconfirm! if params[:event] == "unconfirm"
+      @user.hide! if params[:event] == "hide"
+      @user.unhide! if params[:event] == "unhide"
+      @user.unsuspend! if params[:event] == "unsuspend"
+      @user.soft_destroy! if params[:event] == "soft_destroy" # destroy a user, marking them as deleted and removing personal data
+      redirect_to user_path(params[:user_display_name])
+    end
+
+    private
+
+    ##
+    # ensure that there is a "user" instance variable
+    def lookup_user_by_name
+      @user = User.find_by!(:display_name => params[:user_display_name])
+    rescue ActiveRecord::RecordNotFound
+      redirect_to user_path(params[:user_display_name]) unless @user
+    end
+  end
+end

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 904b960a28e157ec9c7484179debcd4efa3d637e..a0be87bdc11fa6417601b6e278030fc673825515 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -14,7 +14,6 @@ class UsersController < ApplicationController
 
   before_action :check_database_writable, :only => [:new, :go_public]
   before_action :require_cookies, :only => [:new]
-  before_action :lookup_user_by_name, :only => [:set_status, :destroy]
 
   allow_thirdparty_images :only => :show
   allow_social_login :only => :new
@@ -98,13 +97,6 @@ class UsersController < ApplicationController
     end
   end
 
-  ##
-  # destroy a user, marking them as deleted and removing personal data
-  def destroy
-    @user.soft_destroy!
-    redirect_to user_path(:display_name => params[:display_name])
-  end
-
   def go_public
     current_user.data_public = true
     current_user.save
@@ -112,18 +104,6 @@ class UsersController < ApplicationController
     redirect_to edit_account_path
   end
 
-  ##
-  # sets a user's status
-  def set_status
-    @user.activate! if params[:event] == "activate"
-    @user.confirm! if params[:event] == "confirm"
-    @user.unconfirm! if params[:event] == "unconfirm"
-    @user.hide! if params[:event] == "hide"
-    @user.unhide! if params[:event] == "unhide"
-    @user.unsuspend! if params[:event] == "unsuspend"
-    redirect_to user_path(:display_name => params[:display_name])
-  end
-
   ##
   # omniauth success callback
   def auth_success
@@ -237,14 +217,6 @@ class UsersController < ApplicationController
     end
   end
 
-  ##
-  # ensure that there is a "user" instance variable
-  def lookup_user_by_name
-    @user = User.find_by(:display_name => params[:display_name])
-  rescue ActiveRecord::RecordNotFound
-    redirect_to :action => "view", :display_name => params[:display_name] unless @user
-  end
-
   ##
   # return permitted user parameters
   def user_params

diff --git a/app/views/dashboards/_contact.html.erb b/app/views/dashboards/_contact.html.erb
index 0b3b42fb507e11e2318d6f44f5c391f0c488f04e..4547a2d7514f086a06fe95317d61caf92ebfbdc4 100644 (file)
--- a/app/views/dashboards/_contact.html.erb
+++ b/app/views/dashboards/_contact.html.erb
@@ -38,7 +38,7 @@
           <% if current_user.friends_with?(contact) %>
             <%= link_to t("users.show.unfollow"), follow_path(:display_name => contact.display_name, :referer => request.fullpath), :method => :delete %>
           <% else %>
-            <%= link_to t("users.follow"), follow_path(:display_name => contact.display_name, :referer => request.fullpath), :method => :post %>
+            <%= link_to t("users.show.follow"), follow_path(:display_name => contact.display_name, :referer => request.fullpath), :method => :post %>
           <% end %>
         </li>
       </ul>

diff --git a/app/views/follows/show.html.erb b/app/views/follows/show.html.erb
index 3b9ef8dc34cb477c6f4c5f28f41f2f069c5961e3..3b82f4b5b4dea92a7fd96e75a0ec98d4825c8d47 100644 (file)
--- a/app/views/follows/show.html.erb
+++ b/app/views/follows/show.html.erb
@@ -2,7 +2,9 @@
   <h1><%= t(@already_follows ? ".unfollow.heading" : ".follow.heading", :user => @friend.display_name) %></h1>
 <% end %>
 
-<%= link_to t(@already_follows ? ".unfollow.button" : ".follow.button"),
-            follow_path(:display_name => @friend.display_name, :referer => params[:referer]),
-            :method => (@already_follows ? :delete : :post),
-            :class => "btn btn-sm btn-primary" %>
+<%= bootstrap_form_tag :method => (@already_follows ? :delete : :post) do |f| %>
+  <% if params[:referer] -%>
+  <%= f.hidden_field :referer, :value => params[:referer] %>
+  <% end -%>
+  <%= f.primary @already_follows ? t(".unfollow.button") : t(".follow.button") %>
+<% end %>

diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 5a8c116c17f733ea77f0d737c79e782c11ac40be..76bedf60e61af3c4bef491c03601dca0387b4318 100644 (file)
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -161,50 +161,48 @@
         </small>
       </div>
 
-      <% if can?(:set_status, User) || can?(:destroy, User) %>
+      <% if can?(:update, :user_status) %>
         <nav class='secondary-actions'>
           <ul class='clearfix'>
-            <% if can? :set_status, User %>
-              <% if @user.may_activate? %>
-                <li>
-                  <%= link_to t(".activate_user"), set_status_user_path(:event => "activate", :display_name => @user.display_name), :method => :post, :data => { :confirm => t(".confirm") } %>
-                </li>
-              <% end %>
-
-              <% if @user.may_unsuspend? %>
-                <li>
-                  <%= link_to t(".unsuspend_user"), set_status_user_path(:event => "unsuspend", :display_name => @user.display_name), :method => :post, :data => { :confirm => t(".confirm") } %>
-                </li>
-              <% end %>
-
-              <% if @user.may_confirm? %>
-                <li>
-                  <%= link_to t(".confirm_user"), set_status_user_path(:event => "confirm", :display_name => @user.display_name), :method => :post, :data => { :confirm => t(".confirm") } %>
-                </li>
-              <% end %>
-
-              <% if @user.may_unconfirm? %>
-                <li>
-                  <%= link_to t(".unconfirm_user"), set_status_user_path(:event => "unconfirm", :display_name => @user.display_name), :method => :post, :data => { :confirm => t(".confirm") } %>
-                </li>
-              <% end %>
-
-              <% if @user.may_hide? %>
-                <li>
-                  <%= link_to t(".hide_user"), set_status_user_path(:event => "hide", :display_name => @user.display_name), :method => :post, :data => { :confirm => t(".confirm") } %>
-                </li>
-              <% end %>
-
-              <% if @user.may_unhide? %>
-                <li>
-                  <%= link_to t(".unhide_user"), set_status_user_path(:event => "unhide", :display_name => @user.display_name), :method => :post, :data => { :confirm => t(".confirm") } %>
-                </li>
-              <% end %>
-            <% end %>
-
-            <% if can?(:destroy, User) && @user.may_soft_destroy? %>
-              <li>
-                <%= link_to t(".delete_user"), user_path(:display_name => @user.display_name), :method => :delete, :data => { :confirm => t(".confirm") } %>
+            <% if @user.may_activate? %>
+              <li>
+                <%= link_to t(".activate_user"), user_status_path(@user, :event => "activate"), :method => :put, :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+
+            <% if @user.may_unsuspend? %>
+              <li>
+                <%= link_to t(".unsuspend_user"), user_status_path(@user, :event => "unsuspend"), :method => :put, :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+
+            <% if @user.may_confirm? %>
+              <li>
+                <%= link_to t(".confirm_user"), user_status_path(@user, :event => "confirm"), :method => :put, :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+
+            <% if @user.may_unconfirm? %>
+              <li>
+                <%= link_to t(".unconfirm_user"), user_status_path(@user, :event => "unconfirm"), :method => :put, :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+
+            <% if @user.may_hide? %>
+              <li>
+                <%= link_to t(".hide_user"), user_status_path(@user, :event => "hide"), :method => :put, :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+
+            <% if @user.may_unhide? %>
+              <li>
+                <%= link_to t(".unhide_user"), user_status_path(@user, :event => "unhide"), :method => :put, :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+
+            <% if @user.may_soft_destroy? %>
+              <li>
+                <%= link_to t(".delete_user"), user_status_path(@user, :event => "soft_destroy"), :method => :put, :data => { :confirm => t(".confirm") } %>
               </li>
             <% end %>
           </ul>

diff --git a/config/routes.rb b/config/routes.rb
index 39dd35f31d10f6d52bf2a6677454968e15f30498..9e82a037dafea8d95c3c25a6ee4597ea1e6a888d 100644 (file)
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -266,15 +266,15 @@ OpenStreetMap::Application.routes.draw do
 
   # user pages
   get "/user/terms", :to => redirect(:path => "/account/terms")
-  resources :users, :path => "user", :param => :display_name, :only => [:new, :create, :show, :destroy] do
+  resources :users, :path => "user", :param => :display_name, :only => [:new, :create, :show] do
     resource :role, :controller => "user_roles", :path => "roles/:role", :only => [:create, :destroy]
     scope :module => :users do
       resource :issued_blocks, :path => "blocks_by", :only => :show
       resource :received_blocks, :path => "blocks", :only => [:show, :edit, :destroy]
+      resource :status, :only => :update
     end
   end
   get "/user/:display_name/account", :to => redirect(:path => "/account/edit")
-  post "/user/:display_name/set_status" => "users#set_status", :as => :set_status_user
 
   resource :account, :only => [:edit, :update, :destroy] do
     scope :module => :accounts do

diff --git a/test/controllers/users/statuses_controller_test.rb b/test/controllers/users/statuses_controller_test.rb
new file mode 100644 (file)
index 0000000..9cdcfc8
--- /dev/null
+++ b/test/controllers/users/statuses_controller_test.rb
@@ -0,0 +1,64 @@
+require "test_helper"
+
+module Users
+  class StatusesControllerTest < ActionDispatch::IntegrationTest
+    ##
+    # test all routes which lead to this controller
+    def test_routes
+      assert_routing(
+        { :path => "/user/username/status", :method => :put },
+        { :controller => "users/statuses", :action => "update", :user_display_name => "username" }
+      )
+    end
+
+    def test_update
+      user = create(:user)
+
+      # Try without logging in
+      put user_status_path(user, :event => "confirm")
+      assert_response :forbidden
+
+      # Now try as a normal user
+      session_for(user)
+      put user_status_path(user, :event => "confirm")
+      assert_redirected_to :controller => "/errors", :action => :forbidden
+
+      # Finally try as an administrator
+      session_for(create(:administrator_user))
+      put user_status_path(user, :event => "confirm")
+      assert_redirected_to user_path(user)
+      assert_equal "confirmed", User.find(user.id).status
+    end
+
+    def test_destroy
+      user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
+
+      # Try without logging in
+      put user_status_path(user, :event => "soft_destroy")
+      assert_response :forbidden
+
+      # Now try as a normal user
+      session_for(user)
+      put user_status_path(user, :event => "soft_destroy")
+      assert_redirected_to :controller => "/errors", :action => :forbidden
+
+      # Finally try as an administrator
+      session_for(create(:administrator_user))
+      put user_status_path(user, :event => "soft_destroy")
+      assert_redirected_to user_path(user)
+
+      # Check that the user was deleted properly
+      user.reload
+      assert_equal "user_#{user.id}", user.display_name
+      assert_equal "", user.description
+      assert_nil user.home_lat
+      assert_nil user.home_lon
+      assert_not user.avatar.attached?
+      assert_not user.email_valid
+      assert_nil user.new_email
+      assert_nil user.auth_provider
+      assert_nil user.auth_uid
+      assert_equal "deleted", user.status
+    end
+  end
+end

diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index 9ffa6695d97ab80dc5327f3105cfeef4dac7a6e7..c5378ce50756ac90313fa42e86b0eb3839c73aca 100644 (file)
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -28,15 +28,6 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
       { :path => "/user/username", :method => :get },
       { :controller => "users", :action => "show", :display_name => "username" }
     )
-
-    assert_routing(
-      { :path => "/user/username/set_status", :method => :post },
-      { :controller => "users", :action => "set_status", :display_name => "username" }
-    )
-    assert_routing(
-      { :path => "/user/username", :method => :delete },
-      { :controller => "users", :action => "destroy", :display_name => "username" }
-    )
   end
 
   # The user creation page loads
@@ -332,56 +323,6 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     end
   end
 
-  def test_set_status
-    user = create(:user)
-
-    # Try without logging in
-    post set_status_user_path(user), :params => { :event => "confirm" }
-    assert_response :forbidden
-
-    # Now try as a normal user
-    session_for(user)
-    post set_status_user_path(user), :params => { :event => "confirm" }
-    assert_redirected_to :controller => :errors, :action => :forbidden
-
-    # Finally try as an administrator
-    session_for(create(:administrator_user))
-    post set_status_user_path(user), :params => { :event => "confirm" }
-    assert_redirected_to :action => :show, :display_name => user.display_name
-    assert_equal "confirmed", User.find(user.id).status
-  end
-
-  def test_destroy
-    user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
-
-    # Try without logging in
-    delete user_path(user)
-    assert_response :forbidden
-
-    # Now try as a normal user
-    session_for(user)
-    delete user_path(user)
-    assert_redirected_to :controller => :errors, :action => :forbidden
-
-    # Finally try as an administrator
-    session_for(create(:administrator_user))
-    delete user_path(user)
-    assert_redirected_to :action => :show, :display_name => user.display_name
-
-    # Check that the user was deleted properly
-    user.reload
-    assert_equal "user_#{user.id}", user.display_name
-    assert_equal "", user.description
-    assert_nil user.home_lat
-    assert_nil user.home_lon
-    assert_not user.avatar.attached?
-    assert_not user.email_valid
-    assert_nil user.new_email
-    assert_nil user.auth_provider
-    assert_nil user.auth_uid
-    assert_equal "deleted", user.status
-  end
-
   def test_auth_failure_callback
     get auth_failure_path
     assert_redirected_to login_path

diff --git a/test/system/dashboard_test.rb b/test/system/dashboard_test.rb
index 2ab4db5fa21c7222216673f21f4df31074fd4124..12d9609383104d22402dce2c07279703f3219b7c 100644 (file)
--- a/test/system/dashboard_test.rb
+++ b/test/system/dashboard_test.rb
@@ -24,4 +24,29 @@ class DashboardSystemTest < ApplicationSystemTestCase
 
     assert_link friend_user.display_name, :below => friends_heading, :above => others_heading
   end
+
+  test "show nearby users with ability to follow" do
+    user = create(:user, :home_lon => 1.1, :home_lat => 1.1)
+    nearby_user = create(:user, :home_lon => 1.2, :home_lat => 1.2)
+    sign_in_as(user)
+
+    visit dashboard_path
+
+    within_content_body do
+      others_nearby_heading = find :element, "h2", :text => "Other nearby users"
+
+      assert_no_text "There are no other users who admit to mapping nearby yet"
+      assert_link nearby_user.display_name, :below => others_nearby_heading
+      assert_link "Follow", :below => others_nearby_heading
+
+      click_on "Follow"
+
+      followings_heading = find :element, "h2", :text => "Followings"
+      others_nearby_heading = find :element, "h2", :text => "Other nearby users"
+
+      assert_text "There are no other users who admit to mapping nearby yet"
+      assert_link nearby_user.display_name, :below => followings_heading, :above => others_nearby_heading
+      assert_link "Unfollow", :below => followings_heading, :above => others_nearby_heading
+    end
+  end
 end