Added the ability to change and confirm new passwords for editing a user as an admin

This commit is contained in:
Ben 2024-04-12 02:55:34 -05:00
parent b4cd83c2e7
commit bb9c354146
3 changed files with 33 additions and 12 deletions

View File

@ -37,21 +37,25 @@ class UsersController < ApplicationController
end end
def update def update
@user = User.find(params[:id]) # Assumes @user is already set from a before_action callback, so this line could be redundant if such a callback exists. @user = User.find(params[:id]) # If @user is set in a before_action, this line can be removed.
# Handling password change: if password fields are blank, they are removed from user_params to prevent updating the password to nil.
cleaned_params = user_params
if cleaned_params[:password].blank?
cleaned_params.delete(:password)
cleaned_params.delete(:password_confirmation)
end
if @user.update(cleaned_params.except(:roles))
# Update roles
update_user_roles(@user, params[:user][:roles] || [])
if @user.update(user_params.except(:roles))
# Check and update the access revoked status and end date # Check and update the access revoked status and end date
if params[:user][:access_revoked] == "1" if params[:user][:access_revoked] == "1"
# This assumes that you always want to update the latest access period. current_period = @user.access_periods.order(:created_at).last
# Consider the logic if multiple access periods can exist and which one should be updated. current_period.update(end_date: Date.today) unless current_period.end_date.present?
last_access_period = @user.access_periods.order(:created_at).last
last_access_period.update(end_date: Date.today) unless last_access_period.end_date.present?
end end
# Update user roles if they are part of the form submission
update_user_roles(@user, user_params[:roles])
handle_access_revocation
redirect_to users_path, notice: 'User was successfully updated.' redirect_to users_path, notice: 'User was successfully updated.'
else else
render :edit render :edit

View File

@ -5,6 +5,7 @@ class User < ApplicationRecord
accepts_nested_attributes_for :access_periods, allow_destroy: true accepts_nested_attributes_for :access_periods, allow_destroy: true
after_create :assign_default_role after_create :assign_default_role
validate :password_complexity
# Validation for date fields # Validation for date fields
validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? } validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
@ -20,6 +21,11 @@ class User < ApplicationRecord
self.add_role(:user) unless self.has_any_role? self.add_role(:user) unless self.has_any_role?
end end
def password_complexity
return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/
errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit'
end
def end_date_after_start_date def end_date_after_start_date
if access_start_date.present? if access_start_date.present?
errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present? errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?

View File

@ -14,12 +14,12 @@
<%# User attributes fields %> <%# User attributes fields %>
<div class="mb-3"> <div class="mb-3">
<%= form.label :first_name, class: 'form-label' %> <%= form.label :first_name, 'First Name', class: 'form-label' %>
<%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %> <%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %>
</div> </div>
<div class="mb-3"> <div class="mb-3">
<%= form.label :last_name, class: 'form-label' %> <%= form.label :last_name, 'Last Name', class: 'form-label' %>
<%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %> <%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %>
</div> </div>
@ -28,6 +28,17 @@
<%= form.email_field :email, id: :user_email, class: 'form-control' %> <%= form.email_field :email, id: :user_email, class: 'form-control' %>
</div> </div>
<div class="mb-3">
<%= form.label :new_password, 'New Password', class: 'form-label' %>
<%= form.password_field :password, id: :user_password, class: 'form-control', autocomplete: "new-password" %>
</div>
<div class="mb-3">
<%= form.label :password_confirmation, 'Password Confirmation', class: 'form-label' %>
<%= form.password_field :password_confirmation, id: "user_password_confirmation", class: 'form-control', autocomplete: "new-password" %>
</div>
<div class="mb-3"> <div class="mb-3">
<%= form.label :phone, class: 'form-label' %> <%= form.label :phone, class: 'form-label' %>
<%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %> <%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %>