Fix account page forms & add account actions rspec

#5
2025-12-10 10:44:03 +01:00
parent cce090587a
commit 8cea403dc9
12 changed files with 131 additions and 47 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -19,6 +19,7 @@ class UsersController < ApplicationController
  def update
    authorize @user

+    @user.password_change_attempt = false
    if @user.update(user_params)
      redirect_to contests_path, notice: t("users.edit.notice")
    else
@@ -26,6 +27,18 @@ class UsersController < ApplicationController
    end
  end

+  def change_password
+    @user = User.find(params[:user_id])
+    authorize @user
+
+    @user.password_change_attempt = true
+    if @user.update(user_password_params)
+      redirect_to contests_path, notice: t("users.edit.notice")
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
  def show
    authorize @user

@@ -89,6 +102,10 @@ class UsersController < ApplicationController
  end

  def user_params
-    params.expect(user: [ :username, :email_address, :lang, :password ])
+    params.expect(user: [ :username, :email_address, :lang ])
+  end
+
+  def user_password_params
+    params.expect(user: [ :password ])
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,14 +2,15 @@
 #
 # Table name: users
 #
-#  id              :integer          not null, primary key
-#  admin           :boolean          default(FALSE), not null
-#  email_address   :string           not null
-#  lang            :string           default("en")
-#  password_digest :string           not null
-#  username        :string
-#  created_at      :datetime         not null
-#  updated_at      :datetime         not null
+#  id                      :integer          not null, primary key
+#  admin                   :boolean          default(FALSE), not null
+#  email_address           :string           not null
+#  lang                    :string           default("en")
+#  password_change_attempt :boolean
+#  password_digest         :string           not null
+#  username                :string
+#  created_at              :datetime         not null
+#  updated_at              :datetime         not null
 #
 # Indexes
 #
@@ -25,4 +26,5 @@ class User < ApplicationRecord
  validates :username, presence: true, uniqueness: true
  validates :email_address, presence: true, uniqueness: true
  validates :lang, inclusion: { in: Languages::AVAILABLE_LANGUAGES.map { |lang| lang[:id] } }
+  validates :password, presence: true, if: -> { password_change_attempt }
 end
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -20,7 +20,11 @@ class UserPolicy < ApplicationPolicy
  end

  def update?
-    user.admin? || user.id == record.id
+    edit?
+  end
+
+  def change_password?
+    edit?
  end

  def destroy?
--- a/app/views/users/_form.html.slim
+++ b/app/views/users/_form.html.slim
@@ -30,13 +30,13 @@
          = form.label :password, class: "required"
  = form.submit t("helpers.buttons.save"), class: "btn btn-primary"

-  - if method == :patch
-    h4.mt-5 = t("users.edit.password_section")
+- if method == :patch
+  h4.mt-5 = t("users.edit.password_section")

-    = form_with model: user, method: method do |form|
-      .row.mb-3
-        .col
-          .form-floating
-            = form.password_field :password, autocomplete: "off", class: "form-control"
-            = form.label :password, class: "required"
-      = form.submit t("helpers.buttons.save"), class: "btn btn-primary"
+  = form_with model: user, url: user_password_path(user) do |form|
+    .row.mb-3
+      .col
+        .form-floating
+          = form.password_field :password, autocomplete: "off", class: "form-control"
+          = form.label :password, class: "required"
+    = form.submit t("helpers.buttons.save_password"), class: "btn btn-primary"