Added the ability to change and confirm new passwords for editing a user as an admin
This commit is contained in:
parent
b4cd83c2e7
commit
bb9c354146
|
@ -37,20 +37,24 @@ class UsersController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
@user = User.find(params[:id]) # Assumes @user is already set from a before_action callback, so this line could be redundant if such a callback exists.
|
@user = User.find(params[:id]) # If @user is set in a before_action, this line can be removed.
|
||||||
|
|
||||||
if @user.update(user_params.except(:roles))
|
# Handling password change: if password fields are blank, they are removed from user_params to prevent updating the password to nil.
|
||||||
# Check and update the access revoked status and end date
|
cleaned_params = user_params
|
||||||
if params[:user][:access_revoked] == "1"
|
if cleaned_params[:password].blank?
|
||||||
# This assumes that you always want to update the latest access period.
|
cleaned_params.delete(:password)
|
||||||
# Consider the logic if multiple access periods can exist and which one should be updated.
|
cleaned_params.delete(:password_confirmation)
|
||||||
last_access_period = @user.access_periods.order(:created_at).last
|
|
||||||
last_access_period.update(end_date: Date.today) unless last_access_period.end_date.present?
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Update user roles if they are part of the form submission
|
if @user.update(cleaned_params.except(:roles))
|
||||||
update_user_roles(@user, user_params[:roles])
|
# Update roles
|
||||||
handle_access_revocation
|
update_user_roles(@user, params[:user][:roles] || [])
|
||||||
|
|
||||||
|
# Check and update the access revoked status and end date
|
||||||
|
if params[:user][:access_revoked] == "1"
|
||||||
|
current_period = @user.access_periods.order(:created_at).last
|
||||||
|
current_period.update(end_date: Date.today) unless current_period.end_date.present?
|
||||||
|
end
|
||||||
|
|
||||||
redirect_to users_path, notice: 'User was successfully updated.'
|
redirect_to users_path, notice: 'User was successfully updated.'
|
||||||
else
|
else
|
||||||
|
|
|
@ -5,6 +5,7 @@ class User < ApplicationRecord
|
||||||
accepts_nested_attributes_for :access_periods, allow_destroy: true
|
accepts_nested_attributes_for :access_periods, allow_destroy: true
|
||||||
after_create :assign_default_role
|
after_create :assign_default_role
|
||||||
|
|
||||||
|
validate :password_complexity
|
||||||
|
|
||||||
# Validation for date fields
|
# Validation for date fields
|
||||||
validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
|
validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
|
||||||
|
@ -20,6 +21,11 @@ class User < ApplicationRecord
|
||||||
self.add_role(:user) unless self.has_any_role?
|
self.add_role(:user) unless self.has_any_role?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def password_complexity
|
||||||
|
return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/
|
||||||
|
errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit'
|
||||||
|
end
|
||||||
|
|
||||||
def end_date_after_start_date
|
def end_date_after_start_date
|
||||||
if access_start_date.present?
|
if access_start_date.present?
|
||||||
errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
|
errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
|
||||||
|
|
|
@ -14,12 +14,12 @@
|
||||||
|
|
||||||
<%# User attributes fields %>
|
<%# User attributes fields %>
|
||||||
<div class="mb-3">
|
<div class="mb-3">
|
||||||
<%= form.label :first_name, class: 'form-label' %>
|
<%= form.label :first_name, 'First Name', class: 'form-label' %>
|
||||||
<%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %>
|
<%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="mb-3">
|
<div class="mb-3">
|
||||||
<%= form.label :last_name, class: 'form-label' %>
|
<%= form.label :last_name, 'Last Name', class: 'form-label' %>
|
||||||
<%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %>
|
<%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -28,6 +28,17 @@
|
||||||
<%= form.email_field :email, id: :user_email, class: 'form-control' %>
|
<%= form.email_field :email, id: :user_email, class: 'form-control' %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="mb-3">
|
||||||
|
<%= form.label :new_password, 'New Password', class: 'form-label' %>
|
||||||
|
<%= form.password_field :password, id: :user_password, class: 'form-control', autocomplete: "new-password" %>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="mb-3">
|
||||||
|
<%= form.label :password_confirmation, 'Password Confirmation', class: 'form-label' %>
|
||||||
|
<%= form.password_field :password_confirmation, id: "user_password_confirmation", class: 'form-control', autocomplete: "new-password" %>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<div class="mb-3">
|
<div class="mb-3">
|
||||||
<%= form.label :phone, class: 'form-label' %>
|
<%= form.label :phone, class: 'form-label' %>
|
||||||
<%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %>
|
<%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %>
|
||||||
|
|
Loading…
Reference in New Issue