Allow staff to change uneditable user fields

2025-05-23 22:02:42 +08:00 · 2015-03-20 15:18:43 -04:00
parent 8041342267
commit 6d38005a22
3 changed files with 57 additions and 35 deletions
--- a/app/assets/javascripts/discourse/controllers/preferences.js.es6
+++ b/app/assets/javascripts/discourse/controllers/preferences.js.es6
@ -19,12 +19,17 @@ export default ObjectController.extend(CanCheckEmails, {
  newNameInput: null,
  userFields: function() {
-    var siteUserFields = this.site.get('user_fields');
+    let siteUserFields = this.site.get('user_fields');
    if (!Ember.isEmpty(siteUserFields)) {
-      var userFields = this.get('user_fields');
+      const userFields = this.get('user_fields');
-      return siteUserFields.filterProperty('editable', true).sortBy('field_type').map(function(uf) {
+
-        var val = userFields ? userFields[uf.get('id').toString()] : null;
+      // Staff can edit fields that are not `editable`
-        return Ember.Object.create({value: val, field: uf});
+      if (!this.get('currentUser.staff')) {
        siteUserFields = siteUserFields.filterProperty('editable', true);
      }
      return siteUserFields.sortBy('field_type').map(function(field) {
        const value = userFields ? userFields[field.get('id').toString()] : null;
        return Ember.Object.create({ value, field });
      });
    }
  }.property('user_fields.@each.value'),
@ -82,16 +87,16 @@ export default ObjectController.extend(CanCheckEmails, {
  actions: {
-    save: function() {
+    save() {
-      var self = this;
+      const self = this;
      this.setProperties({ saving: true, saved: false });
-      var model = this.get('model'),
+      const model = this.get('model'),
          userFields = this.get('userFields');
      // Update the user fields
      if (!Ember.isEmpty(userFields)) {
-        var modelFields = model.get('user_fields');
+        const modelFields = model.get('user_fields');
        if (!Ember.isEmpty(modelFields)) {
          userFields.forEach(function(uf) {
            modelFields[uf.get('field.id').toString()] = uf.get('value');
@ -120,8 +125,8 @@ export default ObjectController.extend(CanCheckEmails, {
      });
    },
-    changePassword: function() {
+    changePassword() {
-      var self = this;
+      const self = this;
      if (!this.get('passwordProgress')) {
        this.set('passwordProgress', I18n.t("user.change_password.in_progress"));
        return this.get('model').changePassword().then(function() {
@ -140,22 +145,20 @@ export default ObjectController.extend(CanCheckEmails, {
      }
    },
-    delete: function() {
+    delete() {
      this.set('deleting', true);
-      var self = this,
+      const self = this,
          message = I18n.t('user.delete_account_confirm'),
          model = this.get('model'),
-          buttons = [{
+          buttons = [
-        "label": I18n.t("cancel"),
+            { label: I18n.t("cancel"),
-        "class": "cancel-inline",
+              class: "cancel-inline",
-        "link":  true,
+              link:  true,
-        "callback": function() {
+              callback: () => { this.set('deleting', false); }
-          self.set('deleting', false);
+            },
-        }
+            { label: '<i class="fa fa-exclamation-triangle"></i> ' + I18n.t("user.delete_account"),
-      }, {
+              class: "btn btn-danger",
-        "label": '<i class="fa fa-exclamation-triangle"></i> ' + I18n.t("user.delete_account"),
+              callback() {
        "class": "btn btn-danger",
        "callback": function() {
                model.delete().then(function() {
                  bootbox.alert(I18n.t('user.deleted_yourself'), function() {
                    window.location.pathname = Discourse.getURL('/');
@ -165,7 +168,8 @@ export default ObjectController.extend(CanCheckEmails, {
                  self.set('deleting', false);
                });
              }
-      }];
+            }
          ];
      bootbox.dialog(message, buttons, {"classes": "delete-account"});
    }
  }
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -73,7 +73,10 @@ class UsersController < ApplicationController
    if params[:user_fields].present?
      params[:custom_fields] = {} unless params[:custom_fields].present?
-      UserField.where(editable: true).each do |f|
+
      fields = UserField.all
      fields = fields.where(editable: true) unless current_user.staff?
      fields.each do |f|
        val = params[:user_fields][f.id.to_s]
        val = nil if val === "false"
        val = val[0...UserField.max_length] if val
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -963,6 +963,21 @@ describe UsersController do
      end
    end
    context "as a staff user" do
      let!(:user) { log_in(:admin) }
      context "uneditable field" do
        let!(:user_field) { Fabricate(:user_field, editable: false) }
        it "allows staff to edit the field" do
          put :update, username: user.username, name: 'Jim Tom', user_fields: { user_field.id.to_s => 'happy' }
          expect(response).to be_success
          expect(user.user_fields[user_field.id.to_s]).to eq('happy')
        end
      end
    end
    context 'with authenticated user' do
      context 'with permission to update' do
        let!(:user) { log_in(:user) }