mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-23 23:58:31 -05:00
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
This commit is contained in:
parent
ffcf3f7e7d
commit
b36c6d7b78
8 changed files with 61 additions and 4 deletions
|
@ -4,7 +4,9 @@
|
|||
<label class="control-label">{{i18n user.username.title}}</label>
|
||||
<div class="controls">
|
||||
<span class='static'>{{username}}</span>
|
||||
{{#linkTo "preferences.username" class="btn pad-left"}}{{i18n user.change}}{{/linkTo}}
|
||||
{{#if can_edit_username}}
|
||||
{{#linkTo "preferences.username" class="btn pad-left"}}{{i18n user.change}}{{/linkTo}}
|
||||
{{/if}}
|
||||
</div>
|
||||
<div class='instructions'>
|
||||
{{{i18n user.username.short_instructions username="username"}}}
|
||||
|
|
|
@ -75,7 +75,7 @@ class UsersController < ApplicationController
|
|||
params.require(:new_username)
|
||||
|
||||
user = fetch_user_from_params
|
||||
guardian.ensure_can_edit!(user)
|
||||
guardian.ensure_can_edit_username!(user)
|
||||
|
||||
result = user.change_username(params[:new_username])
|
||||
raise Discourse::InvalidParameters.new(:new_username) unless result
|
||||
|
|
|
@ -240,6 +240,8 @@ class SiteSetting < ActiveRecord::Base
|
|||
client_setting(:delete_user_max_age, 7)
|
||||
setting(:delete_all_posts_max, 10)
|
||||
|
||||
setting(:username_change_period, 3) # days
|
||||
|
||||
|
||||
def self.generate_api_key!
|
||||
self.api_key = SecureRandom.hex(32)
|
||||
|
|
|
@ -9,6 +9,7 @@ class UserSerializer < BasicUserSerializer
|
|||
:created_at,
|
||||
:website,
|
||||
:can_edit,
|
||||
:can_edit_username,
|
||||
:stats,
|
||||
:can_send_private_message_to_user,
|
||||
:bio_excerpt,
|
||||
|
@ -69,6 +70,10 @@ class UserSerializer < BasicUserSerializer
|
|||
scope.can_edit?(object)
|
||||
end
|
||||
|
||||
def can_edit_username
|
||||
scope.can_edit_username?(object)
|
||||
end
|
||||
|
||||
def stats
|
||||
UserAction.stats(object.id, scope)
|
||||
end
|
||||
|
|
|
@ -663,6 +663,7 @@ en:
|
|||
relative_date_duration: "Number of days after posting where post dates will be shown as relative instead of absolute. Examples: relative date: 7d, absolute date: 20 Feb"
|
||||
delete_user_max_age: "The maximum age of a user, in days, which can be deleted by an admin."
|
||||
delete_all_posts_max: "The maximum number of posts that can be deleted at once with the Delete All Posts button. If a user has more than this many posts, the posts cannot all be deleted at once and the user can't be deleted."
|
||||
username_change_period: "The number of days after registration that someone can change their own username."
|
||||
|
||||
notification_types:
|
||||
mentioned: "%{display_username} mentioned you in %{link}"
|
||||
|
|
|
@ -278,6 +278,10 @@ class Guardian
|
|||
!topic.archived && (is_staff? || is_my_own?(topic))
|
||||
end
|
||||
|
||||
def can_edit_username?(user)
|
||||
is_staff? || (is_me?(user) && user.created_at > SiteSetting.username_change_period.days.ago)
|
||||
end
|
||||
|
||||
# Deleting Methods
|
||||
def can_delete_post?(post)
|
||||
# Can't delete the first post
|
||||
|
|
|
@ -1125,5 +1125,48 @@ describe Guardian do
|
|||
end
|
||||
end
|
||||
|
||||
describe "can_edit_username?" do
|
||||
it "is false without a logged in user" do
|
||||
Guardian.new(nil).can_edit_username?(build(:user, created_at: 1.minute.ago)).should be_false
|
||||
end
|
||||
|
||||
it "is false for regular users to edit another user's username" do
|
||||
Guardian.new(build(:user)).can_edit_username?(build(:user, created_at: 1.minute.ago)).should be_false
|
||||
end
|
||||
|
||||
shared_examples "staff can always change usernames" do
|
||||
it "is true for moderators" do
|
||||
Guardian.new(moderator).can_edit_username?(user).should be_true
|
||||
end
|
||||
|
||||
it "is true for admins" do
|
||||
Guardian.new(admin).can_edit_username?(user).should be_true
|
||||
end
|
||||
end
|
||||
|
||||
context 'for a new user' do
|
||||
let(:target_user) { build(:user, created_at: 1.minute.ago) }
|
||||
include_examples "staff can always change usernames"
|
||||
|
||||
it "is true for the user to change his own username" do
|
||||
Guardian.new(target_user).can_edit_username?(target_user).should be_true
|
||||
end
|
||||
end
|
||||
|
||||
context 'for an old user' do
|
||||
before do
|
||||
SiteSetting.stubs(:username_change_period).returns(3)
|
||||
end
|
||||
|
||||
let(:target_user) { build(:user, created_at: 4.days.ago) }
|
||||
|
||||
include_examples "staff can always change usernames"
|
||||
|
||||
it "is false for the user to change his own username" do
|
||||
Guardian.new(target_user).can_edit_username?(target_user).should be_false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -521,8 +521,8 @@ describe UsersController do
|
|||
lambda { xhr :put, :username, username: user.username }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it 'raises an error when you don\'t have permission to change the user' do
|
||||
Guardian.any_instance.expects(:can_edit?).with(user).returns(false)
|
||||
it 'raises an error when you don\'t have permission to change the username' do
|
||||
Guardian.any_instance.expects(:can_edit_username?).with(user).returns(false)
|
||||
xhr :put, :username, username: user.username, new_username: new_username
|
||||
response.should be_forbidden
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue