github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Confirm new administrator accounts via email

Browse Source
This commit is contained in:
Robin Ward
2017-04-04 13:59:22 -04:00
parent a649014adf
commit 17f2974d0a
13 changed files with 293 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/admin/users_controller.rb
View File

@ -1,5 +1,6 @@
require_dependency 'user_destroyer'
require_dependency 'admin_user_index_query'
require_dependency 'admin_confirmation'
class Admin::UsersController < Admin::AdminController
@ -103,10 +104,8 @@ class Admin::UsersController < Admin::AdminController
end
def grant_admin
guardian.ensure_can_grant_admin!(@user)
@user.grant_admin!
StaffActionLogger.new(current_user).log_grant_admin(@user)
render_serialized(@user, AdminUserSerializer)
AdminConfirmation.new(@user, current_user).create_confirmation
render json: success_json
end
def revoke_moderation
@ -321,6 +320,7 @@ class Admin::UsersController < Admin::AdminController
end
def invite_admin
raise Discourse::InvalidAccess.new unless is_api?
email = params[:email]
unless user = User.find_by_email(email)