Add user profile editing

app/assets/images/pictograms/arrow-left-bold-outline.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M13,22L3,12L13,2V8H21V16H13V22M6,12L11,17V14H19V10H11V7L6,12Z" /></svg>

app/controllers/registrations_controller.rb

@@ -1,6 +1,20 @@
 class RegistrationsController < Devise::RegistrationsController
+  before_action :authenticate_user!, only: [:edit, :update, :destroy]
+
   protected
 
+  def update_resource(resource, params)
+    # Based on update_with_password()
+    if params[:password].blank?
+      params.delete(:password)
+      params.delete(:password_confirmation) if params[:password_confirmation].blank?
+    end
+
+    result = resource.update(params)
+    resource.clean_up_passwords
+    result
+  end
+
   def after_inactive_sign_up_path_for(resource)
     new_user_session_path
   end

app/controllers/users_controller.rb

@@ -1,60 +1,21 @@
 class UsersController < ApplicationController
-  before_action :find_user, only: [:show, :edit, :update, :destroy]
+  before_action :find_user, only: [:destroy]
   before_action do
-    raise AccessForbidden unless (current_user == @user) || current_user_at_least(:admin)
+    raise AccessForbidden unless (current_user == @user) || current_user.at_least(:admin)
   end
 
   def index
     @users = User.all
   end
 
-  # GET /users/1
-  def show
-  end
-
-  # GET /users/new
-  def new
-    @user = User.new
-  end
-
-  # GET /users/1/edit
-  def edit
-  end
-
-  # POST /users
-  def create
-    @user = User.new(user_params)
-
-    if @user.save
-      redirect_to @user, notice: "User was successfully created."
-    else
-      render :new, status: :unprocessable_entity
-    end
-  end
-
-  # PATCH/PUT /users/1
-  def update
-    if @user.update(user_params)
-      redirect_to @user, notice: "User was successfully updated."
-    else
-      render :edit, status: :unprocessable_entity
-    end
-  end
-
-  # DELETE /users/1
   def destroy
     @user.destroy
-    redirect_to users_url, notice: "User was successfully destroyed."
+    redirect_to action: :index, notice: t(".success")
   end
 
   private
-    # Use callbacks to share common setup or constraints between actions.
-    def find_user
-      @user = User.find(params[:id])
-    end
 
-    # Only allow a list of trusted parameters through.
+  def find_user
-    def user_params
+    @user = User.find(params[:id])
-      params.require(:user).permit(:email, :status)
+  end
-    end
 end

app/views/layouts/application.html.erb

@@ -15,6 +15,8 @@
       <% if user_signed_in? %>
         <%= image_link_to t(:sign_out), "logout", destroy_user_session_path,
               data: { turbo: true, turbo_method: :delete } %>
+        <%= image_link_to t(:profile), "account-wrench-outline", edit_user_registration_path,
+              current: :hide %>
       <% else %>
         <%= image_link_to t(:register), "account-plus-outline", new_user_registration_path,
               current: :hide %>

app/views/users/_form.html.erb

@@ -1,27 +0,0 @@
-<%= form_with(model: user) do |form| %>
-  <% if user.errors.any? %>
-    <div style="color: red">
-      <h2><%= pluralize(user.errors.count, "error") %> prohibited this user from being saved:</h2>
-
-      <ul>
-        <% user.errors.each do |error| %>
-          <li><%= error.full_message %></li>
-        <% end %>
-      </ul>
-    </div>
-  <% end %>
-
-  <div>
-    <%= form.label :email, style: "display: block" %>
-    <%= form.text_field :email %>
-  </div>
-
-  <div>
-    <%= form.label :status, style: "display: block" %>
-    <%= form.number_field :status %>
-  </div>
-
-  <div>
-    <%= form.submit %>
-  </div>
-<% end %>

app/views/users/registrations/edit.html.erb

@@ -1,10 +1,26 @@
-<h1>Editing user</h1>
+<% content_for :navigation, flush: true do %>
+  <%= image_link_to t(:back), "arrow-left-bold-outline",
+        request.referer.present? ? :back : root_url %>
+<% end %>
 
-<%= render "form", user: @user %>
+<%= tabular_form_for resource, url: registration_path(resource), html: {method: :patch} do |f| %>
+  <%= f.select :status, User.statuses, readonly: !current_user.at_least(:admin) %>
 
-<br>
+  <% if current_user.at_least(:admin) %>
+    <%= f.text_field :created_at, readonly: true, tabindex: -1 %>
+  <% end %>
 
-<div>
+  <%= f.email_field :email, size: 30, autofocus: true, autocomplete: "off" %>
-  <%= link_to "Show this user", @user %> |
+  <% if f.object.pending_reconfirmation? %>
-  <%= link_to "Back to users", users_path %>
+    <%= f.text_field :unconfirmed_email, readonly: true, tabindex: -1,
-</div>
+      hint: t(".unconfirmed_email_hint",
+              timestamp: f.object.confirmation_sent_at.to_fs(:db_without_sec)) %>
+  <% end %>
+
+  <%= f.password_field :password, size: 30, autocomplete: "off",
+    hint: t('.blank_password_hint_html',
+            subhint: t('.minimum_length_hint_html', count: @minimum_password_length)) %>
+  <%= f.password_field :password_confirmation, size: 30, autocomplete: "off" %>
+
+  <%= f.submit t('.update') %>
+<% end %>

config/locales/en.yml

@@ -7,6 +7,7 @@ en:
         password: password
         created_at: registration
         confirmed_at: confirmed
+        unconfirmed_email: Awaiting confirmation for
   users:
     passwords:
       edit:
@@ -16,9 +17,18 @@ en:
     registrations:
       new:
         password_confirmation: Retype password
+      edit:
+        unconfirmed_email_hint: (since %{timestamp})
+        blank_password_hint_html: leave blank to keep unchanged%{subhint}
+        minimum_length_hint_html:
+          zero:
+          other: <br>(%{count} characters minimum)
+        update: Update profile
     sessions:
       new:
         remember_me: Remember me
+    destroy:
+      success: User has been successfully deleted.
   layouts:
     application:
       users: Users

config/routes.rb

@@ -1,8 +1,10 @@
 Rails.application.routes.draw do
-  devise_for :users, path: '', path_names: {registration: 'register'},
+  devise_for :users, path: '', path_names: {registration: 'profile'},
     controllers: {registrations: :registrations}
 
-  resources :users
+  resources :users, only: [:index, :destroy]
 
-  root "users#index"
+  devise_scope :user do
+    root to: "devise/sessions#new"
+  end
 end