Add user status update

app/assets/stylesheets/application.css

@@ -32,13 +32,17 @@ body {
   margin: 0 0.5rem;
 }
 
-input {
+/* blue - target for interaction with pointer */
+/* gray - target for interaction with keyboard */
+input,
+select {
   background-color: white;
   border: 1px solid;
   border-radius: 0.2rem;
   border-color: #cccccc;
 }
-input:not([type=checkbox]) {
+input:not([type=checkbox]),
+select {
   font-size: 0.9rem;
   padding: 0.2rem 0.4rem;
 }
@@ -51,8 +55,17 @@ input[type=checkbox] {
   width: 1.1rem;
   -webkit-appearance: none;
 }
+input:hover,
+select:hover {
+  border-color: #009ade;
+  outline: #009ade solid 1px;
+}
+select:hover {
+  cursor: pointer;
+}
 input:focus-visible,
-input:hover {
+select:focus-within,
+select:focus-visible {
   accent-color: #006c9b;
   background-color: #f3f3f3;
 }
@@ -313,7 +326,12 @@ table.items button {
   margin-right: 0.25rem;
   padding: 0.25rem;
 }
+table.items select:not(:hover),
 table.items button:not(:hover) {
   border-color: #dddddd;
   color: #909090;
 }
+table.items select:focus-within,
+table.items select:focus-visible {
+  color: black;
+}

app/controllers/users_controller.rb

@@ -1,7 +1,7 @@
 class UsersController < ApplicationController
   helper_method :allow_disguise?
 
-  before_action :find_user, only: [:show, :disguise]
+  before_action :find_user, only: [:show, :update, :disguise]
   before_action except: :revert do
     raise AccessForbidden unless current_user.at_least(:admin)
   end
@@ -16,8 +16,12 @@ class UsersController < ApplicationController
   def show
   end
 
+  def update
+    @user.update!(params.require(:user).permit(:status))
+  end
+
   def disguise
-    raise ActionController::BadRequest unless allow_disguise?(@user)
+    raise ArgumentError unless allow_disguise?(@user)
     session[:revert_to_id] = current_user.id
     bypass_sign_in(@user)
     redirect_to root_url
@@ -29,8 +33,6 @@ class UsersController < ApplicationController
     redirect_to users_url
   end
 
-  # TODO: add #update to change user status
-
   # NOTE: limited actions availabe to :admin by design. Users are meant to
   # manage their accounts by themselves through registrations. In future :admin
   # may be allowed to sing-in as user and make changes there.

app/views/users/index.html.erb

@@ -12,7 +12,15 @@
     <% @users.each do |user| %>
       <tr>
         <td><%= link_to user.email, user_path(user) %></td>
-        <td><%= user.status %></td>
+        <td>
+          <% if user == current_user %>
+            <%= user.status %>
+          <% else %>
+            <%= form_for user do |u| %>
+              <%= u.select :status, User.statuses.keys, {}, onchange: "this.form.submit();" %>
+            <% end %>
+          <% end %>
+        </td>
       <td class="svg">
         <%= svg_tag "pictograms/checkbox-marked-outline" if user.confirmed_at.present? %>
       </td>

config/application.rb.dist

@@ -32,6 +32,7 @@ module FixinMe
     # config.eager_load_paths << Rails.root.join("extras")
 
     config.action_dispatch.rescue_responses['ApplicationController::AccessForbidden'] = :forbidden
+    config.action_dispatch.rescue_responses['ArgumentError'] = :bad_request
 
     # SETUP: Below settings need to be updated on a per-installation basis.
     #

config/routes.rb

@@ -2,7 +2,7 @@ Rails.application.routes.draw do
   devise_for :users, path: '', path_names: {registration: 'profile'},
     controllers: {registrations: :registrations}
 
-  resources :users, only: [:index, :show] do
+  resources :users, only: [:index, :show, :update] do
     member do
       post :disguise
     end