Added the ability to change and confirm new passwords for editing a user as an admin

2024-04-12 02:55:34 -05:00 · 2024-04-12 02:55:34 -05:00 · bb9c354146
parent b4cd83c2e7
commit bb9c354146
3 changed files with 33 additions and 12 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -37,20 +37,24 @@ class UsersController < ApplicationController
  end
  
  def update
-    @user = User.find(params[:id])  # Assumes @user is already set from a before_action callback, so this line could be redundant if such a callback exists.
+    @user = User.find(params[:id])  # If @user is set in a before_action, this line can be removed.
  
-    if @user.update(user_params.except(:roles))
-      # Check and update the access revoked status and end date
-      if params[:user][:access_revoked] == "1"
-        # This assumes that you always want to update the latest access period.
-        # Consider the logic if multiple access periods can exist and which one should be updated.
-        last_access_period = @user.access_periods.order(:created_at).last
-        last_access_period.update(end_date: Date.today) unless last_access_period.end_date.present?
+    # Handling password change: if password fields are blank, they are removed from user_params to prevent updating the password to nil.
+    cleaned_params = user_params
+    if cleaned_params[:password].blank?
+      cleaned_params.delete(:password)
+      cleaned_params.delete(:password_confirmation)
    end
  
-      # Update user roles if they are part of the form submission
-      update_user_roles(@user, user_params[:roles])
-      handle_access_revocation
+    if @user.update(cleaned_params.except(:roles))
+      # Update roles
+      update_user_roles(@user, params[:user][:roles] || [])
+  
+      # Check and update the access revoked status and end date
+      if params[:user][:access_revoked] == "1"
+        current_period = @user.access_periods.order(:created_at).last
+        current_period.update(end_date: Date.today) unless current_period.end_date.present?
+      end
  
      redirect_to users_path, notice: 'User was successfully updated.'
    else
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -5,6 +5,7 @@ class User < ApplicationRecord
  accepts_nested_attributes_for :access_periods, allow_destroy: true
  after_create :assign_default_role

+  validate :password_complexity
  
  # Validation for date fields
  validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
@ -20,6 +21,11 @@ class User < ApplicationRecord
    self.add_role(:user) unless self.has_any_role?
  end

+  def password_complexity
+    return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/
+    errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit'
+  end
+
  def end_date_after_start_date
    if access_start_date.present?
      errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@ -14,12 +14,12 @@

  <%# User attributes fields %>
  <div class="mb-3">
-    <%= form.label :first_name, class: 'form-label' %>
+    <%= form.label :first_name, 'First Name', class: 'form-label' %>
    <%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %>
  </div>

  <div class="mb-3">
-    <%= form.label :last_name, class: 'form-label' %>
+    <%= form.label :last_name, 'Last Name', class: 'form-label' %>
    <%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %>
  </div>

@ -28,6 +28,17 @@
    <%= form.email_field :email, id: :user_email, class: 'form-control' %>
  </div>

+  <div class="mb-3">
+    <%= form.label :new_password, 'New Password', class: 'form-label' %>
+    <%= form.password_field :password, id: :user_password, class: 'form-control', autocomplete: "new-password" %>
+  </div>
+
+  <div class="mb-3">
+    <%= form.label :password_confirmation, 'Password Confirmation', class: 'form-label' %>
+    <%= form.password_field :password_confirmation, id: "user_password_confirmation", class: 'form-control', autocomplete: "new-password" %>
+  </div>
+
+
  <div class="mb-3">
    <%= form.label :phone, class: 'form-label' %>
    <%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %>