allow admins to close user accounts from the backend

* thanks to @maxwell for the initial work on this port admin pages to bootstrap * improve user view on admin search page * add 'close account' link to each user in the search results * keep the same blue color for the admin menu some refactoring of the routes and the admin code * try to be more RESTful (possibly) * use a 'UserSearch' model for search parameters and querying add changelog entry
2014-06-29 19:34:19 +02:00 · 2014-06-29 19:34:19 +02:00 · 13b716a449
commit 13b716a449
parent cc53e1762b
22 changed files with 389 additions and 194 deletions
--- a/Changelog.md
+++ b/Changelog.md
@ -10,7 +10,8 @@
 * Fix self-XSS when renaming an aspect [#5048](https://github.com/diaspora/diaspora/pull/5048)
 * Fix live updating when renaming an aspect [#5049](https://github.com/diaspora/diaspora/pull/5049)
-## FeatureS
+## Features
 * Port admin pages to bootstrap, polish user search results, allow accounts to be closed from the backend [#5046](https://github.com/diaspora/diaspora/pull/5046)
 # 0.4.0.1
--- a/app/assets/stylesheets/admin.css.scss
+++ b/app/assets/stylesheets/admin.css.scss
@ -0,0 +1,51 @@
@import 'colors';
 /** ADMIN STYlES **/
 body > div.container {
  margin-top: 40px;
  padding-top: 1em;
 }
 #admin_nav {
  font-size: 1em;
  border-bottom: 2px solid #777;
  margin-bottom: 20px;
  ul {
    display: inline;
  }
  li {
    font-size: 0.8em;
    display: inline;
    margin-right: 0.5em;
    a { color: $blue; }
  }
 }
 /** user search **/
 .users {
  li.user {
    border-bottom: 1px solid $light-grey;
    margin-bottom: .4em;
    padding-bottom: .4em;
    &:last-child { border: none; }
    .avatar {
      width: 50px;
      height: 50px;
    }
    .actions li {
      margin-top: .3em;
    }
  }
 }
 /** reported posts **/
@import 'report'
--- a/app/assets/stylesheets/application.css.sass
+++ b/app/assets/stylesheets/application.css.sass
@ -1329,20 +1329,6 @@ a.toggle_selector
    &:hover
      :text-decoration none
 #admin_nav
  :font-size 1em
  :border
    :bottom 2px solid #777
  :margin
    :bottom 20px
  ul
    :display inline
  li
    :font-size 0.8em
    :display inline
    :margin
      :right 0.5em
 #grey_header
  @include box-shadow(0,1px,1px,#eee)
  :background
--- a/app/assets/stylesheets/bootstrap-complete.css.scss
+++ b/app/assets/stylesheets/bootstrap-complete.css.scss
@ -1,3 +1,9 @@
 // Calling this file bootstrap would cause an infinite recursion during asset compilation.
@import 'bootstrap';
@import 'bootstrap-responsive';
 // according to the docs, this is part of bootstrap 2.3.x
 .text-left { text-align: left; }
 .text-center { text-align: center; }
 .text-right { text-align: right; }
--- a/app/controllers/admin/admin_controller.rb
+++ b/app/controllers/admin/admin_controller.rb
@ -0,0 +1,7 @@
 class Admin::AdminController < ApplicationController
  before_filter :authenticate_user!
  before_filter :redirect_unless_admin
 end
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@ -0,0 +1,16 @@
 class Admin::UsersController < Admin::AdminController
  def close_account
    u = User.find(close_account_params)
    u.close_account!
    redirect_to user_search_path, notice: t('admins.user_search.account_closing_scheduled', name: u.username)
  end
  private
  def close_account_params
    params.require(:id)
  end
 end
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -1,19 +1,17 @@
-class AdminsController < ApplicationController
+class AdminsController < Admin::AdminController
-  before_filter :authenticate_user!
+
-  before_filter :redirect_unless_admin
+  use_bootstrap_for :user_search, :weekly_user_stats, :stats, :correlations
  def user_search
-    params[:user] ||= {}
+    if params[:admins_controller_user_search]
-    params[:user].delete_if {|key, value| value.blank? }
+      search_params = params.require(:admins_controller_user_search)
-    @users = User.joins(person: :profile).where(["profiles.birthday > ?", Date.today - 13.years]) if params[:under13]
+                            .permit(:username, :email, :guid, :under13)
-    @users = (@users || User).where(params[:user]) if params[:user].present?
+      @search = UserSearch.new(search_params)
-    @users ||= []
+      @users = @search.perform
    end
-  def remove_spammer
+    @search ||= UserSearch.new
-    user = User.find(params[:user_id])
+    @users ||= []
    user.close_account!
    redirect_to root_url, notice:"this account will be deleted in a few moments"
  end
  def admin_inviter
@ -101,4 +99,54 @@ class AdminsController < ApplicationController
 DATA
    )
  end
  # TODO action needed after rails4 update
  class UserSearch
    #include ActiveModel::Model  # rails4
    include ActiveModel::Conversion
    include ActiveModel::Validations
    include ActiveModel::MassAssignmentSecurity
    attr_accessor :username, :email, :guid, :under13
    validate :any_searchfield_present?
    def initialize(attributes={})
      assign_attributes(attributes)
      yield(self) if block_given?
    end
    def assign_attributes(values, options={})
      sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
        send("#{k}=", v)
      end
    end
    # TODO remove this once ActiveModel is included
    def persisted?
      false
    end
    def any_searchfield_present?
      if %w(username email guid under13).all? { |attr| self.send(attr).blank? }
        errors.add :base, "no fields for search set"
      end
    end
    def perform
      #return User.none unless valid?  # rails4
      return [] unless valid?
      users = User.arel_table
      people = Person.arel_table
      profiles = Profile.arel_table
      res = User.joins(person: :profile)
      res = res.where(users[:username].matches("%#{username}%")) unless username.blank?
      res = res.where(users[:email].matches("%#{email}%")) unless email.blank?
      res = res.where(people[:guid].matches("%#{guid}%")) unless guid.blank?
      res = res.where(profiles[:birthday].gt(Date.today-13.years)) if under13 == '1'
      res
    end
  end
 end
--- a/app/controllers/report_controller.rb
+++ b/app/controllers/report_controller.rb
@ -6,6 +6,8 @@ class ReportController < ApplicationController
  before_filter :authenticate_user!
  before_filter :redirect_unless_admin, :except => [:create]
  use_bootstrap_for :index
  def index
    @reports = Report.where(reviewed: false).all
  end
--- a/app/views/admins/_admin_bar.haml
+++ b/app/views/admins/_admin_bar.haml
@ -1,3 +1,7 @@
 - content_for :head do
  = stylesheet_link_tag :admin
 #admin_nav
  %h2
    = t('.pages')
--- a/app/views/admins/_user_entry.haml
+++ b/app/views/admins/_user_entry.haml
@ -0,0 +1,64 @@
 %li.user.media
  %div.pull-left
    - if user.person
      %span.media-object
        = person_image_tag(user.person)
  %div.media-body.row
    %div.pull-right
      %span.label
        = t('.id')
        = user.id
      %span.label.label-info
        = t('.guid')
        = user.person.guid if user.person
    %h4.media-heading
      = user.person.name if user.person
    %div.pull-right
      %ul.unstyled.text-right.actions
        %li= link_to t('admins.user_search.view_profile'), person_path(user.person), class: 'btn btn-mini'
        %li= link_to t('admins.user_search.add_invites'), add_invites_path(user.invitation_code), class: 'btn btn-info btn-mini'
        - unless user.person.closed_account
          %li= link_to t('admins.user_search.close_account'), admin_close_account_path(user), method: :post, data: { confirm: t('admins.user_search.are_you_sure') }, class: 'btn btn-danger btn-mini'
    %div.row
      %div.span5
        %dl.dl-horizontal
          %dt= t('username')
          %dd= user.username
          %dt= t('.email')
          %dd= user.email
          %dt= t('.diaspora_handle')
          %dd= user.person.diaspora_handle
          %dt= t('.last_seen')
          %dd= user.last_seen || t('.unknown')
          -if user.invited_by.present?
            %dt= t('.invite_token')
            %dd= invite_code_url(user.invited_by.invitation_code)
          %dt= t('.account_closed')
          %dd
            - if user.person.closed_account
              %span.badge.badge-warning= t('.yes')
            - else
              %span.badge.badge-success= t('.no')
          %dt= t('.nsfw')
          %dd
            - if user.person.profile.nsfw
              %span.badge.badge-warning= t('.yes')
            - else
              %span.badge.badge-success= t('.no')
        %h4= t('layouts.header.profile')
        %dl.dl-horizontal
          %dt= t('people.profile_sidebar.born')
          %dd= user.person.profile.birthday
          %dt= t('people.profile_sidebar.gender')
          %dd= user.person.profile.gender
          %dt= t('people.profile_sidebar.location')
          %dd= user.person.profile.location
          %dt= t('people.profile_sidebar.bio')
          %dd= user.person.profile.bio
--- a/app/views/admins/correlations.haml
+++ b/app/views/admins/correlations.haml
@ -1,9 +1,9 @@
 .span-24
  = render :partial => 'admins/admin_bar'
 %br
 %br
-.span-24.last
+%div
  = render :partial => 'admins/admin_bar'
 %div.row
  %div.span12
    %h1
      = t('.correlations_count')
    %ul
--- a/app/views/admins/stats.html.haml
+++ b/app/views/admins/stats.html.haml
@ -1,14 +1,12 @@
-.span-24
+%div
  = render :partial => 'admins/admin_bar'
 %br
 %br
-.span-24.last
+%h1
  %h1
  = t('.usage_statistic')
-    %div{:style => "float:right;"}
+
-      = form_tag('/admins/stats', :method => 'get') do
+%div.pull-right
  = form_tag('/admins/stats', :method => 'get', class: 'form-inline') do
    %select{:name => 'range'}
      %option{:value => 'daily', :selected => ('selected' if params[:range] == 'daily')}
        = t('.daily')
@ -19,19 +17,12 @@
      %option{:value => 'month', :selected => ('selected' if params[:range] == 'month')}
        = t('.month')
-        = submit_tag t('.go')
+    = submit_tag t('.go'), class: 'btn btn-primary'
-  %br
+
-  %h3
+%h3
  != t('.display_results', :segment => @segment)
-  %br
+%div.row
  %br
  %br
 %hr
 .clearfix
 .span-24.last
  - [:posts, :comments, :aspect_memberships, :users].each do |name|
    - model = eval("@#{name.to_s}")
    - if name == :aspect_memberships
@ -43,7 +34,7 @@
    - if name == :users
      - name = t('.users', :count => model[:yesterday])
-    .span-6{:class => ('last' if name == t('.users', :count => model[:yesterday]))}
+    .span3
      %h2{:style => 'font-weight:bold;'}
        = name.to_s
      %h4
@ -51,17 +42,15 @@
        %span.percent_change{:class => (model[:change] > 0 ? "green" : "red")}
          = "(#{model[:change]}%)"
-  %br
+%div.row
-  %br
+  %div.span12
-  %br
+    %p.alert.alert-info.text-center
  %hr
  %p{:style => "text-align:center;"}
      != t('.current_segment', :post_yest => @posts[:yesterday]/@user_count.to_f, :post_day => @posts[:day_before]/@user_count.to_f)
-.span-24.last
+%div.row
-  %h3
+  %div.span12
-    = t('.50_most')
+    %h3= t('.50_most')
    %ul
    - @popular_tags.each do |name,count|
      %li
        != t('.tag_name', :name_tag => name, :count_tag => count)
    %br
--- a/app/views/admins/user_search.html.haml
+++ b/app/views/admins/user_search.html.haml
@ -1,47 +1,49 @@
-.span-24
+%div
  = render :partial => 'admins/admin_bar'
 .span-24.prepend-4
-  %h3
+%div.row
  %div.user_search.span9
    %h3= t('admins.admin_bar.user_search')
    = form_for @search, url: {action: 'user_search'}, html: {method: :get, class: 'form-horizontal'} do |f|
      %div.control-group
        = f.label :username, t('username'), class: 'control-label'
        %div.controls
          = f.text_field :username
      %div.control-group
        = f.label :email, t('email'), class: 'control-label'
        %div.controls
          = f.text_field :email
      %div.control-group
        = f.label :guid, t('admins.user_entry.guid'), class: 'control-label'
        %div.controls
          = f.text_field :guid
      %div.control-group
        %div.controls
          = f.label :under13 do
            = f.check_box :under13
            = t('.under_13')
          = submit_tag t('admins.stats.go')
  %div.more_invites.span3
    %h3= t('shared.invitations.invites')
    != t('.you_currently', :count => current_user.invitation_code.count, :link => link_to(t(".add_invites"), add_invites_path(current_user.invitation_code)))
-    = form_tag 'admin_inviter', :method => :get do
+    = form_tag 'admin_inviter', method: :get do
      = t('.email_to')
      = text_field_tag 'identifier'
      = submit_tag t('services.remote_friend.invite')
 %div.row
  %div.span12
    %div.alert.alert-info.text-center= t('.users', :count => @users.count)
-
+%div.row
-  %h3
+  %div.users.span12
-    = t('admins.admin_bar.user_search')
+    %ul.media-list
  = form_tag 'user_search', :method => :get do
    = t('username')
    = text_field_tag 'user[username]', params[:user][:username]
    = t('email')
    = text_field_tag 'user[email]', params[:user][:email]
    = t('.under_13')
    = check_box_tag 'under13', params[:under13]
    = submit_tag t('admins.stats.go')
  = t('.users', :count => @users.count)
  %br
  %br
      - @users.each do |user|
-    = user.inspect
+        = render partial: 'user_entry', locals: { user: user }
    %br
    - if user.person
      = user.person.inspect
      %br
      - if user.person.profile
        = user.person.profile.inspect
      %br
    = "invite token: #{invite_code_url(user.invited_by.invite_code)}" if user.invited_by.present?
    = link_to t(".add_invites"), add_invites_path(user.invitation_code)
    %br
    %br
    %br
--- a/app/views/admins/weekly_user_stats.haml
+++ b/app/views/admins/weekly_user_stats.haml
@ -1,15 +1,14 @@
 .span-24
  = render partial: 'admins/admin_bar'
 %br
 %br
-.span-24.last
+%div
-  %h2
+  = render :partial => 'admins/admin_bar'
 %h2
  = t('.current_server', date: Time.now.to_date)
-= form_tag('/admins/weekly_user_stats', method: 'get') do
+%div.pull-right
  = form_tag('/admins/weekly_user_stats', method: 'get', class: 'form-inline') do
    = select_tag(:week, options_for_select(@created_users_by_week.keys), selected: @selected_week)
-  = submit_tag t('admins.stats.go')
+    = submit_tag t('admins.stats.go'), class: 'btn btn-primary'
 = t('.amount_of', count: @counter)
 %br
--- a/app/views/layouts/centered_with_header_with_footer.html.haml
+++ b/app/views/layouts/centered_with_header_with_footer.html.haml
@ -1,4 +1,8 @@
- content_for :container_content do
+- if @css_framework == :bootstrap
  - content_for :container_content do
    = yield
 - else
  - content_for :container_content do
    .span-24.last
      = yield
--- a/app/views/people/_profile_sidebar.html.haml
+++ b/app/views/people/_profile_sidebar.html.haml
@ -90,7 +90,3 @@
        %br
        %br
    - if current_user.admin? && person.owner.present?
      = link_to 'Disable Account', remove_spammer_path(user_id:person.owner.id), method: :delete, data:{confirm:'Are you sure you want to disable this account?  It will delete all data associated.'}
--- a/app/views/report/index.html.haml
+++ b/app/views/report/index.html.haml
@ -1,7 +1,9 @@
-.span-24
+
 %div
  = render :partial => 'admins/admin_bar'
-.span-24.last
+%div.row
  %div.span12
    %h1
      = t('report.title')
    %div#reports
@ -14,14 +16,14 @@
            = raw t('report.reported_label', person: link_to(username, user_profile_path(username)))
          %span
            = t('report.reason_label', text: r.text)
-      %div.options
+        %div.options.text-right
          %span
            = button_to t('report.review_link'), report_path(r.id, :type => r.item_type),
-            :class => "button",
+              :class => "btn btn-info btn-small",
              method: :put
          %span
            = button_to t('report.delete_link'), report_path(r.id, :type => r.item_type),
              :data => { :confirm => t('report.confirm_deletion') },
-            :class => "button delete",
+              :class => "btn btn-danger btn-small",
              method: :delete
        %div.clear
--- a/config/application.rb
+++ b/config/application.rb
@ -86,6 +86,7 @@ module Diaspora
      bootstrap-responsive.css
      default.css
      error_pages.css
      admin.css
      login.css
      mobile/mobile.css
      new-templates.css
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@ -109,13 +109,28 @@ en:
        zero: "you currently have no invites left %{link}"
        one: "you currently have one invite left %{link}"
        other: "you currently have %{count} invites left %{link}"
      view_profile: "view profile"
      add_invites: "add invites"
      close_account: "close account"
      are_you_sure: "Are you sure you want to close this account?"
      account_closing_scheduled: "The account of %{name} is scheduled to be closed. It will be processed in a few moments..."
      email_to: "Email to Invite"
      under_13: "Show users that are under 13 (COPPA)"
      users:
        zero: "%{count} users found"
        one: "%{count} user found"
        other: "%{count} users found"
    user_entry:
      id: 'ID'
      guid: 'GUID'
      email: 'Email'
      diaspora_handle: 'Diaspora handle'
      last_seen: 'last seen'
      account_closed: 'account closed'
      nsfw: '#nsfw'
      unknown: 'unknown'
      'yes': 'yes'
      'no': 'no'
    weekly_user_stats:
      current_server: "Current server date is %{date}"
      amount_of:
--- a/config/routes.rb
+++ b/config/routes.rb
@ -123,16 +123,21 @@ Diaspora::Application.routes.draw do
  get 'login' => redirect('/users/sign_in')
  # Admin backend routes
  scope 'admins', :controller => :admins do
    match :user_search
    get   :admin_inviter
    get   :weekly_user_stats
    get   :correlations
    delete :remove_spammer
    get   :stats, :as => 'pod_stats'
    get   "add_invites/:invite_code_id" => 'admins#add_invites', :as => 'add_invites'
  end
  namespace :admin do
    post 'users/:id/close_account' => 'users#close_account', :as => 'close_account'
  end
  resource :profile, :only => [:edit, :update]
  resources :profiles, :only => [:show]
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@ -0,0 +1,22 @@
 require 'spec_helper'
 describe Admin::UsersController do
  before do
    @user = FactoryGirl.create :user
    Role.add_admin(@user.person)
    sign_in :user, @user
  end
  describe '#close_account' do
    it 'queues a job to disable the given account' do
      other_user = FactoryGirl.create :user
      other_user.should_receive(:close_account!)
      User.stub(:find).and_return(other_user)
      post :close_account, id: other_user.id
    end
  end
 end
--- a/spec/controllers/admins_controller_spec.rb
+++ b/spec/controllers/admins_controller_spec.rb
@ -35,26 +35,12 @@ describe AdminsController do
      end
      it 'searches on username' do
-        get :user_search, :user => {:username => @user.username}
+        get :user_search, admins_controller_user_search: { username: @user.username }
        assigns[:users].should == [@user]
      end
      it 'searches on email' do
-        get :user_search, :user => {:email => @user.email}
+        get :user_search, admins_controller_user_search: { email: @user.email }
        assigns[:users].should == [@user]
      end
      it 'searches on invitation_identifier' do
        @user.invitation_identifier = "La@foo.com"
        @user.save!
        get :user_search, :user => {:invitation_identifier => @user.invitation_identifier}
        assigns[:users].should == [@user]
      end
      it 'searches on invitation_token' do
        @user.invitation_token = "akjsdhflhasdf"
        @user.save
        get :user_search, :user => {:invitation_token => @user.invitation_token}
        assigns[:users].should == [@user]
      end
@ -67,7 +53,7 @@ describe AdminsController do
        o_13.profile.birthday = 20.years.ago.to_date
        o_13.profile.save!
-        get :user_search, under13: true
+        get :user_search, admins_controller_user_search: { under13: '1' }
        assigns[:users].should include(u_13)
        assigns[:users].should_not include(o_13)
@ -103,17 +89,6 @@ describe AdminsController do
    end
  end
  describe '#remove_spammer' do
    it 'it queues a job to disable the given account' do
      other_user = FactoryGirl.create :user
      User.stub(:find).and_return(other_user)
      delete :remove_spammer, user_id: other_user.id
      other_user.should_receive(:close_account)
    end
  end
  describe '#stats' do
    before do
      Role.add_admin(@user.person)