diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 7c61ba41..6286639b 100755 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -97,7 +97,7 @@ def add_machine end def add_admin - if current_user.admin? or @group.admin?(current_user) + if current_user.admin? GroupAdmin.find_or_create_by(group_id: @group.id, user_id: params[:user_id]) end @@ -109,7 +109,7 @@ def add_admin end def remove_admin - if current_user.admin? or @group.admin?(current_user) + if current_user.admin? GroupAdmin.delete(params[:group_admin_id]) end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 08d79d18..e83869f9 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -92,15 +92,23 @@ def search # GET /users/:id/regenerate_token def regenerate_token @user = User.find(params[:id]) - @access_token = @user.access_token - @access_token.token = ROTP::Base32.random_base32 - respond_to do |format| - if @access_token.save - format.html { redirect_to user_path(@user.id), notice: 'Token regenerated.', flash: {token: @access_token.token} } - format.json { render :show, status: :ok, location: @user } - else - format.html { redirect_to user_path(@user.id), notice: 'Token failed to regenerate.' } - format.json { render json: @user.errors, status: :unprocessable_entity } + + if (current_user.admin? or (current_user.id == @user.id)) + @access_token = @user.access_token + @access_token.token = ROTP::Base32.random_base32 + respond_to do |format| + if @access_token.save + format.html { redirect_to user_path(@user.id), notice: 'Token regenerated.', flash: {token: @access_token.token} } + format.json { render :show, status: :ok, location: @user } + else + format.html { redirect_to user_path(@user.id), notice: 'Token failed to regenerate.' } + format.json { render json: @user.errors, status: :unprocessable_entity } + end + end + else + respond_to do |format| + format.html { redirect_to user_path(@user.id), notice: 'You cannot regenerate this token.' } + format.json { render json: @user.errors, status: :unauthorized } end end end diff --git a/app/views/groups/show.html.slim b/app/views/groups/show.html.slim index e5d641ec..9876f5f1 100755 --- a/app/views/groups/show.html.slim +++ b/app/views/groups/show.html.slim @@ -19,18 +19,19 @@ .col = "#{admin.user.try(:name)}" .col - - if (current_user.admin? or @group.admin?(current_user) ) and current_user.id != admin.user.try(:id) - = link_to "Remove?", [@group, admin], method: :delete, data: {confirm: "Are you sure to remove #{admin.user.try(:name)} ?"} - .row - .col - = text_field_tag "user_id", "", id: "assign_admin_user_id", class: "form-control" - .col - = submit_tag "Assign admin", class: "form-control btn btn-md btn-primary", disabled: true - .row - .col - = check_box_tag "assign_admin_include_inactive_user", "true", false - = " Include Inactive User" - .col + - if (current_user.admin?) + = link_to "Remove?", [@group, admin], method: :delete, data: {confirm: "Are you sure to remove #{admin.user.try(:name)} ?"} + - if (current_user.admin?) + .row + .col + = text_field_tag "user_id", "", id: "assign_admin_user_id", class: "form-control" + .col + = submit_tag "Assign admin", class: "form-control btn btn-md btn-primary", disabled: true + .row + .col + = check_box_tag "assign_admin_include_inactive_user", "true", false + = " Include Inactive User" + .col a name="group_members" br .card @@ -59,7 +60,7 @@ br = "*This group does not have any group members" if @group.users.count == 0 br - - if current_user.admin? || current_user.group_admin? + - if current_user.admin or @group.admin?(current_user) = form_tag add_user_to_group_path, method: :post do .row .col diff --git a/app/views/users/show.html.slim b/app/views/users/show.html.slim index f7430631..0d977487 100755 --- a/app/views/users/show.html.slim +++ b/app/views/users/show.html.slim @@ -16,18 +16,19 @@ span.input-group-text @ input#email.form-control placeholder="you@example.com" readonly="" type="email" value="#{@user.email}" - form.needs-validation novalidate="" - .form-row.mb-3 - .col - b Your Access Token - .col - - if flash[:token] - .alert.alert-warning role="alert" - | Important! please make note of this token, you will see it only this once. - pre - = flash[:token] - - else - = link_to 'Regenerate Token', regenerate_token_user_path(@user), :data => {:confirm => 'Are you sure?'} + - if (current_user.admin? or (current_user.id == @user.id)) + form.needs-validation novalidate="" + .form-row.mb-3 + .col + b Your Access Token + .col + - if flash[:token] + .alert.alert-warning role="alert" + | Important! please make note of this token, you will see it only this once. + pre + = flash[:token] + - else + = link_to 'Regenerate Token', regenerate_token_user_path(@user), :data => {:confirm => 'Are you sure?'} - if current_user.admin? .card @@ -73,15 +74,21 @@ br .card .card-body - h6.card-title Public Key - = form_tag user_public_key_update_path, method: :post do - .row - .col - = text_area_tag "public_key", @user.public_key, class: "form-contol text-align-top", style: "height:200px;width:100%;", placeholder: "Your public key here..." - br - .row - .col-md-3 - = submit_tag "Update key", class: "form-control btn-md btn-primary" + - if (current_user.admin? or (current_user.id == @user.id)) + h6.card-title Public Key + = form_tag user_public_key_update_path, method: :post do + .row + .col + = text_area_tag "public_key", @user.public_key, class: "form-contol text-align-top", style: "height:200px;width:100%;", placeholder: "Your public key here..." + br + .row + .col-md-3 + = submit_tag "Update key", class: "form-control btn-md btn-primary" + - else + h6.card-title Public Key + .row + .col + = @user.public_key br .card