Allow mods to disable login, improve message when login disabled (#8329)

* Allow moderators to disable/enable login

* Instead of rejecting login, show forbidden error when login disabled

Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.

* Fix tests
pull/8409/head
Eugen Rochko 2018-08-23 23:26:29 +02:00 committed by GitHub
parent 9d58daac6c
commit 2f34b747b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 9 additions and 11 deletions

View File

@ -7,6 +7,8 @@ class Api::BaseController < ApplicationController
include RateLimitHeaders include RateLimitHeaders
skip_before_action :store_current_location skip_before_action :store_current_location
skip_before_action :check_user_permissions
protect_from_forgery with: :null_session protect_from_forgery with: :null_session
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|

View File

@ -24,7 +24,7 @@ class ApplicationController < ActionController::Base
rescue_from Mastodon::NotPermittedError, with: :forbidden rescue_from Mastodon::NotPermittedError, with: :forbidden
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller? before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
before_action :check_suspension, if: :user_signed_in? before_action :check_user_permissions, if: :user_signed_in?
def raise_not_found def raise_not_found
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}" raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
@ -48,8 +48,8 @@ class ApplicationController < ActionController::Base
forbidden unless current_user&.staff? forbidden unless current_user&.staff?
end end
def check_suspension def check_user_permissions
forbidden if current_user.account.suspended? forbidden if current_user.disabled? || current_user.account.suspended?
end end
def after_sign_out_path_for(_resource_or_scope) def after_sign_out_path_for(_resource_or_scope)

View File

@ -6,7 +6,7 @@ class Auth::SessionsController < Devise::SessionsController
layout 'auth' layout 'auth'
skip_before_action :require_no_authentication, only: [:create] skip_before_action :require_no_authentication, only: [:create]
skip_before_action :check_suspension, only: [:destroy] skip_before_action :check_user_permissions, only: [:destroy]
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
before_action :set_instance_presenter, only: [:new] before_action :set_instance_presenter, only: [:new]
before_action :set_body_classes before_action :set_body_classes

View File

@ -216,10 +216,6 @@ class User < ApplicationRecord
save! save!
end end
def active_for_authentication?
super && !disabled?
end
def setting_default_privacy def setting_default_privacy
settings.default_privacy || (account.locked? ? 'private' : 'public') settings.default_privacy || (account.locked? ? 'private' : 'public')
end end

View File

@ -18,11 +18,11 @@ class UserPolicy < ApplicationPolicy
end end
def enable? def enable?
admin? staff?
end end
def disable? def disable?
admin? && !record.admin? staff? && !record.admin?
end end
def promote? def promote?

View File

@ -512,7 +512,7 @@ RSpec.describe User, type: :model do
context 'when user is confirmed' do context 'when user is confirmed' do
let(:confirmed_at) { Time.zone.now } let(:confirmed_at) { Time.zone.now }
it { is_expected.to be false } it { is_expected.to be true }
end end
context 'when user is not confirmed' do context 'when user is not confirmed' do