Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.

This commit is contained in:
Neil Lalonde 2013-08-12 14:54:52 -04:00
parent ffcf3f7e7d
commit b36c6d7b78
8 changed files with 61 additions and 4 deletions

View file

@ -4,7 +4,9 @@
<label class="control-label">{{i18n user.username.title}}</label>
<div class="controls">
<span class='static'>{{username}}</span>
{{#linkTo "preferences.username" class="btn pad-left"}}{{i18n user.change}}{{/linkTo}}
{{#if can_edit_username}}
{{#linkTo "preferences.username" class="btn pad-left"}}{{i18n user.change}}{{/linkTo}}
{{/if}}
</div>
<div class='instructions'>
{{{i18n user.username.short_instructions username="username"}}}

View file

@ -75,7 +75,7 @@ class UsersController < ApplicationController
params.require(:new_username)
user = fetch_user_from_params
guardian.ensure_can_edit!(user)
guardian.ensure_can_edit_username!(user)
result = user.change_username(params[:new_username])
raise Discourse::InvalidParameters.new(:new_username) unless result

View file

@ -240,6 +240,8 @@ class SiteSetting < ActiveRecord::Base
client_setting(:delete_user_max_age, 7)
setting(:delete_all_posts_max, 10)
setting(:username_change_period, 3) # days
def self.generate_api_key!
self.api_key = SecureRandom.hex(32)

View file

@ -9,6 +9,7 @@ class UserSerializer < BasicUserSerializer
:created_at,
:website,
:can_edit,
:can_edit_username,
:stats,
:can_send_private_message_to_user,
:bio_excerpt,
@ -69,6 +70,10 @@ class UserSerializer < BasicUserSerializer
scope.can_edit?(object)
end
def can_edit_username
scope.can_edit_username?(object)
end
def stats
UserAction.stats(object.id, scope)
end

View file

@ -663,6 +663,7 @@ en:
relative_date_duration: "Number of days after posting where post dates will be shown as relative instead of absolute. Examples: relative date: 7d, absolute date: 20 Feb"
delete_user_max_age: "The maximum age of a user, in days, which can be deleted by an admin."
delete_all_posts_max: "The maximum number of posts that can be deleted at once with the Delete All Posts button. If a user has more than this many posts, the posts cannot all be deleted at once and the user can't be deleted."
username_change_period: "The number of days after registration that someone can change their own username."
notification_types:
mentioned: "%{display_username} mentioned you in %{link}"

View file

@ -278,6 +278,10 @@ class Guardian
!topic.archived && (is_staff? || is_my_own?(topic))
end
def can_edit_username?(user)
is_staff? || (is_me?(user) && user.created_at > SiteSetting.username_change_period.days.ago)
end
# Deleting Methods
def can_delete_post?(post)
# Can't delete the first post

View file

@ -1125,5 +1125,48 @@ describe Guardian do
end
end
describe "can_edit_username?" do
it "is false without a logged in user" do
Guardian.new(nil).can_edit_username?(build(:user, created_at: 1.minute.ago)).should be_false
end
it "is false for regular users to edit another user's username" do
Guardian.new(build(:user)).can_edit_username?(build(:user, created_at: 1.minute.ago)).should be_false
end
shared_examples "staff can always change usernames" do
it "is true for moderators" do
Guardian.new(moderator).can_edit_username?(user).should be_true
end
it "is true for admins" do
Guardian.new(admin).can_edit_username?(user).should be_true
end
end
context 'for a new user' do
let(:target_user) { build(:user, created_at: 1.minute.ago) }
include_examples "staff can always change usernames"
it "is true for the user to change his own username" do
Guardian.new(target_user).can_edit_username?(target_user).should be_true
end
end
context 'for an old user' do
before do
SiteSetting.stubs(:username_change_period).returns(3)
end
let(:target_user) { build(:user, created_at: 4.days.ago) }
include_examples "staff can always change usernames"
it "is false for the user to change his own username" do
Guardian.new(target_user).can_edit_username?(target_user).should be_false
end
end
end
end

View file

@ -521,8 +521,8 @@ describe UsersController do
lambda { xhr :put, :username, username: user.username }.should raise_error(ActionController::ParameterMissing)
end
it 'raises an error when you don\'t have permission to change the user' do
Guardian.any_instance.expects(:can_edit?).with(user).returns(false)
it 'raises an error when you don\'t have permission to change the username' do
Guardian.any_instance.expects(:can_edit_username?).with(user).returns(false)
xhr :put, :username, username: user.username, new_username: new_username
response.should be_forbidden
end