Admin can change other users settings without user password #2646

2025-08-05 09:21:43 +02:00 · 2015-06-03 16:34:37 +03:00 · 2015-06-03 16:34:37 +03:00 · 4da89aaa87
commit 4da89aaa87
parent 13b60d39ce
9 changed files with 67 additions and 81 deletions
--- a/app/assets/stylesheets/shared/general-bootstrap.sass
+++ b/app/assets/stylesheets/shared/general-bootstrap.sass
@ -65,3 +65,6 @@
 .required:after
  content: "*"
  margin: 0 0 0 1px
+
+.not-required:after
+  content: ''
--- a/app/assets/stylesheets/shared/general.sass
+++ b/app/assets/stylesheets/shared/general.sass
@ -57,3 +57,5 @@ body > .container

 .text-grey
  color: grey
+
+
--- a/app/controllers/admin/admin_users_controller.rb
+++ b/app/controllers/admin/admin_users_controller.rb
@ -11,6 +11,10 @@ class Admin::AdminUsersController < AdminController
    @admin_user = AdminUser.new
  end

+  def show; end
+
+  def edit; end
+
  def create
    @admin_user = AdminUser.new(admin_user_params)

@ -23,12 +27,11 @@ class Admin::AdminUsersController < AdminController
    end
  end

-  def show; end
-
-  def edit; end
-
  def update
-    if @admin_user.update(admin_user_params)
+    params[:admin_user].delete(:password) if params[:admin_user][:password].blank?
+    params[:admin_user].delete(:password_confirmation) if params[:admin_user][:password_confirmation].blank?
+
+    if @admin_user.update_attributes(admin_user_params)
      flash[:notice] = I18n.t('record_updated')
      redirect_to [:admin, @admin_user]
    else
--- a/app/controllers/admin/api_users_controller.rb
+++ b/app/controllers/admin/api_users_controller.rb
@ -29,6 +29,7 @@ class Admin::ApiUsersController < AdminController
  def edit; end

  def update
+    params[:api_user].delete(:password) if params[:api_user][:password].blank?
    if @api_user.update(api_user_params)
      flash[:notice] = I18n.t('record_updated')
      redirect_to [:admin, @api_user]
--- a/app/models/admin_user.rb
+++ b/app/models/admin_user.rb
@ -1,9 +1,10 @@
 class AdminUser < User
-  validates :username, :password, :country_code, :roles, presence: true
+  validates :username, :country_code, :roles, presence: true
  validates :identity_code, uniqueness: true, allow_blank: true
  validates :identity_code, presence: true, if: -> { country_code == 'EE' }
  validates :email, presence: true 
-
+  validates :password, :password_confirmation, presence: true, if: :new_record?
+  validates :password_confirmation, presence: true, if: :encrypted_password_changed?
  validate :validate_identity_code, if: -> { country_code == 'EE' }

  ROLES = %w(user customer_service admin) # should not match to api_users roles
--- a/app/views/admin/admin_users/_form.haml
+++ b/app/views/admin/admin_users/_form.haml
@ -11,14 +11,15 @@
      - if @admin_user.new_record? || can?(:update, AdminUser)
        .form-group
          .col-md-4.control-label
-            = f.label :password
+            - not_required = @admin_user.new_record? ? '' : 'not-required'
+            = f.label :password, class: not_required
          .col-md-8
-            = f.text_field(:password, class: 'form-control')
+            = f.password_field(:password, class: 'form-control')
        .form-group
          .col-md-4.control-label
-            = f.label :password_confirmation
+            = f.label :password_confirmation, class: not_required
          .col-md-8
-            = f.text_field(:password_confirmation, class: 'form-control')
+            = f.password_field(:password_confirmation, class: 'form-control')

      %hr
      .form-group
@ -48,3 +49,8 @@
  .row
    .col-md-8.text-right
      = button_tag(t(:save), class: 'btn btn-primary')
+
+:coffee
+  $("#admin_user_password").removeAttr('required')
+  $("#admin_user_password_confirmation").removeAttr('required')
+
--- a/app/views/admin/api_users/_form.haml
+++ b/app/views/admin/api_users/_form.haml
@ -1,4 +1,5 @@
-= form_for([:admin, @api_user], multipart: true, html: {class: 'form-horizontal'}) do |f|
+= form_for([:admin, @api_user], multipart: true, 
+  html: {class: 'form-horizontal', autocomplete: 'off'}) do |f|
  = render 'shared/full_errors', object: @api_user

  .row
@ -10,9 +11,11 @@
          = f.text_field(:username, class: 'form-control')
      .form-group
        .col-md-4.control-label
-          = f.label :password
+          - not_required = @api_user.new_record? ? '' : 'not-required'
+          = f.label :password, class: not_required
        .col-md-7
-          = f.text_field(:password, class: 'form-control')
+          = f.text_field :password, class: 'form-control', autocomplete: 'off'
+
      .form-group
        .col-md-4.control-label
          = f.label :identity_code
@ -48,4 +51,5 @@
      = button_tag(t(:save), class: 'btn btn-primary')

 :coffee
-  Autocomplete.bindAdminRegistrarSearch();
+  Autocomplete.bindAdminRegistrarSearch()
+  $("#api_user_password").removeAttr('required')