diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css
index 28d662b..775b941 100644
--- a/app/assets/stylesheets/application.css
+++ b/app/assets/stylesheets/application.css
@@ -90,6 +90,9 @@ input:read-only:hover {
.nav-menu .right .image-button {
float: right;
}
+.nav-menu .left .image-button {
+ float: left;
+}
.nav-menu .tab-button {
border: none;
border-radius: 0;
@@ -131,6 +134,10 @@ input[type=submit]:hover {
color: white;
fill: white;
}
+.image-button.dangerous:hover {
+ background-color: #ff1f5b;
+ border-color: #ff1f5b;
+}
.image-button:focus-visible,
.image-button.active:focus-visible,
input[type=submit]:focus-visible {
@@ -142,6 +149,10 @@ input[type=submit]:hover:focus-visible {
background-color: #006c9b;
border-color: #006c9b;
}
+.image-button.dangerous:hover:focus-visible {
+ background-color: #b21237;
+ border-color: #b21237;
+}
.flashes {
height: 2.1rem;
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 6938c94..54fd79c 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,17 +1,20 @@
class UsersController < ApplicationController
before_action :find_user, only: [:destroy]
before_action do
- raise AccessForbidden unless (current_user == @user) || current_user.at_least(:admin)
+ raise AccessForbidden unless current_user.at_least(:admin)
end
def index
@users = User.all
end
- def destroy
- @user.destroy
- redirect_to action: :index, notice: t(".success")
- end
+ # TODO: add #show and #update to change user status
+ # TODO: remove admin dependent fields from registrations#edit and move them to
+ # #show
+
+ # NOTE: limited actions availabe to :admin by design. Users are meant to
+ # manage their accounts by themselves through registrations. In future :admin
+ # may be allowed to sing-in as user and make changes there.
private
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index 58bd82e..b597ae1 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -5,21 +5,18 @@
| <%= User.human_attribute_name(:status).capitalize %> |
<%= User.human_attribute_name(:created_at).capitalize %> UTC |
<%= User.human_attribute_name(:confirmed_at).capitalize %> |
- <%= t :actions %> |
+
<% @users.each do |user| %>
- <%# TODO: add user edit link %>
+ <%# TODO: add user show link %>
| <%= user.email %> |
<%= user.status %> |
<%= user.created_at.to_fs(:db_without_sec) %> |
<%= svg_tag "pictograms/checkbox-marked-outline" if user.confirmed_at.present? %>
|
-
- <%= image_link_to t(:delete), "account-remove-outline", user_path(user),
- data: { turbo: true, turbo_method: :delete } %>
- |
+
<% end %>
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb
index 6707cea..6ce52eb 100644
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -1,6 +1,13 @@
<% content_for :navigation, flush: true do %>
- <%= image_link_to t(:back), "arrow-left-bold-outline",
- request.referer.present? ? :back : root_url %>
+
+ <%= image_link_to t(".back"), "arrow-left-bold-outline",
+ request.referer.present? ? :back : root_url %>
+
+
+ <%= image_link_to t(".delete"), "account-remove-outline", user_registration_path,
+ class: "dangerous",
+ data: { turbo: true, turbo_method: :delete, turbo_confirm: t(".confirm_delete") } %>
+
<% end %>
<%= tabular_form_for resource, url: registration_path(resource), html: {method: :patch} do |f| %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 2feca1a..21d0987 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -18,6 +18,10 @@ en:
new:
password_confirmation: Retype password
edit:
+ back: Back
+ confirm_delete: Are you sure you want to delete profile?
+ All data will be irretrievably lost.
+ delete: Delete profile
unconfirmed_email_hint: (since %{timestamp})
blank_password_hint_html: leave blank to keep unchanged%{subhint}
minimum_length_hint_html:
@@ -27,14 +31,12 @@ en:
sessions:
new:
remember_me: Remember me
- destroy:
- success: User has been successfully deleted.
layouts:
application:
users: Users
actions: Actions
- delete: Delete
or: or
+ profile: Profile
register: Register
sign_in: Sign in
sign_out: Sign out
diff --git a/config/routes.rb b/config/routes.rb
index dd5f718..5522cdd 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -2,7 +2,7 @@ Rails.application.routes.draw do
devise_for :users, path: '', path_names: {registration: 'profile'},
controllers: {registrations: :registrations}
- resources :users, only: [:index, :destroy]
+ resources :users, only: [:index]
devise_scope :user do
root to: "devise/sessions#new"
diff --git a/test/system/users_test.rb b/test/system/users_test.rb
index 9510237..3f86f5e 100644
--- a/test/system/users_test.rb
+++ b/test/system/users_test.rb
@@ -93,21 +93,30 @@ class UsersTest < ApplicationSystemTestCase
end
end
- test "delete user" do
+ test "show profile" do
sign_in user: users.select(&:admin?).select(&:confirmed?).sample
click_link t('layouts.application.users')
+ #all('tr').drop(1).sample.click_link t(:view)
+ end
+
+ test "destroy profile" do
+ sign_in user: users.select(&:confirmed?).sample
+ click_link t(:profile)
assert_difference ->{ User.count }, -1 do
- all('tr').drop(1).sample.click_link t(:delete)
+ accept_confirm { click_link t('users.registrations.edit.delete') }
end
end
- test "users index forbidden for non admin" do
+ test "index forbidden for non admin" do
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
visit users_path
assert has_no_link?t('layouts.application.users')
assert_title "Access is forbidden to this page (403)"
end
- test "update e-mail" do
+ test "update profile" do
+ end
+
+ test "update status forbidded for non admin" do
end
end