Terrastories · DuldR · Jan 31, 2023 · Jan 31, 2023 · Jan 31, 2023 · Jan 31, 2023
diff --git a/rails/app/controllers/super_admin/users_controller.rb b/rails/app/controllers/super_admin/users_controller.rb
@@ -0,0 +1,33 @@
+module SuperAdmin
+  class UsersController < ApplicationController
+    def edit
+      @user = User.find(params[:id])
+
+      if @user.role == 'admin'
-      if @user.role == 'admin'
+      if @user.admin?
-      if @user.role == 'admin'
+      if @user.admin?
+        @user
+      else
+        flash[:alert] = 'You are not authorized to perform this action.'
+        redirect_to(root_path)
+      end
+    end
+
+    def update
+      @user = User.find(params[:id])
+      if @user.role != 'admin'
+        redirect_to(root_path)
+      elsif @user.update(user_params)
+        redirect_to edit_member_path(@user), notice: 'User successfully updated'
+      else
+        render :edit
+      end
+    end
+
+    private
+
+    def user_params
+      params.require(:user).permit(
+        :password,
+      )
+    end
+  end
+end
diff --git a/rails/app/views/super_admin/communities/show.html.erb b/rails/app/views/super_admin/communities/show.html.erb
@@ -77,6 +77,11 @@
         <tr>
           <td><%= user.username %></td>
           <td><%= User.human_attribute_name("role.#{user.role}") %></td>
+          <td>
+            <% if user.role == "admin" %>
+              <%= link_to "Edit", edit_member_path(user)%>
+            <% end %>
+          </td>
         </tr>
       <% end %>
     </tbody>

diff --git a/rails/app/views/super_admin/users/edit.html.erb b/rails/app/views/super_admin/users/edit.html.erb
@@ -0,0 +1,48 @@
+<% content_for(:title) do %>
+  <%= @user.display_name %> | <%= t("user") %>
+<% end %>
+
+<% content_for(:main_heading) do %>
+  <div class="avatar-card">
+    <span class="media-with-hover-controls rounded" data-replace-on-delete="<%= asset_path("speaker.png") %>">
+      <% if @user.photo.attached? %>
+        <% if @user.photo.variable? %>
+          <%= image_tag @user.photo.variant(resize_to_fill: [300, 300]), alt: @user.display_name, title: @user.display_name  %>
+        <% else %>
+          <%= image_tag @user.photo, alt: @user.display_name, title: @user.display_name %>
+        <% end %>
+        <%= link_to user_photo_path(@user), class: "overlay delete-link", method: :delete, data: {confirm: t("dashboard.actions.confirm")}, remote: true do %>
+          <span><%= t("dashboard.actions.destroy") %></span>
+        <% end %>
+      <% else %>
+        <%= image_tag asset_path("speaker.png"), alt: @user.display_name, title: @user.display_name %>
+      <% end %>
+    </span>
+    <h2>
+    <div class="small">
+      <% if @user.name.present? %>
+        <%= @user.username %> //
+      <% end %>
+      <%= @user.email %>
+    </div>
+    <%= @user.display_name %>
+    <div class="small">
+      <span class="badge"><%= User.human_attribute_name("role.#{@user.role}") %></span>
+    </div>
+  </h2>
+  </div>
+<% end %>
+
+<%= form_with url: member_path(@user), model: @user, multipart: true, class: "form aligned", data: {remote: false}, id: "userForm", locale: true do |f| %>
+  <%= render partial: "shared/form_errors", locals: { resource: @user } %>
+
+  <fieldset>
+    <%= f.label :reset_password, for: :user_password %>
+    <%= f.password_field :password %>
+  </fieldset>
+
+  <%= f.submit %>
+<% end %>
+
+
+<%= render partial: "shared/flash_messages" %>
diff --git a/rails/config/routes.rb b/rails/config/routes.rb
@@ -36,6 +36,7 @@
 
       resource :metrics, only: :show
       resources :communities
+      resources :users, only: [:edit, :update], as: :member
       resources :features do
         post :enable
         post :disable

diff --git a/rails/spec/requests/admin_user_request_spec.rb b/rails/spec/requests/admin_user_request_spec.rb
@@ -0,0 +1,68 @@
+require 'rails_helper'
+
+RSpec.describe "SuperAdmin user request", type: :request do
+  describe "GET edit" do
+    context "with a super admin privileges" do
+      let(:super_admin) { FactoryBot.create(:user, role: 100, super_admin: true) }
+      let(:user) { FactoryBot.create(:user, email: "[email protected]", username: "user_name", role: 2) }
+
+      before do
+        login_as super_admin 
+      end
+
+      it "should return success if the user is an admin" do
+        get "/admin/users/#{user.id}/edit" 
+        expect(response).to have_http_status(200)
+      end
+    end
+
+    context "without a super admin privileges" do
+      let(:other_user) { FactoryBot.create(:user, role: 1) }
+      let(:user) { FactoryBot.create(:user, email: "[email protected]", username: "user_name", role: 1) }
+
+      before do
+        login_as other_user 
+      end
+
+      it "should raise an error when the user tries to access super admin" do
+        assert_raises ActionController::RoutingError do
+         get "/admin/users/#{user.id}/edit" 
+        end
+      end
+
+    end
+  end
+
+  describe "PUT update"  do
+    context "with a super admin privileges" do
+      let(:super_admin) { FactoryBot.create(:user, role: 100, super_admin: true) }
+      let(:user) { FactoryBot.create(:user, email: "[email protected]", username: "user_name", role: 2) }
+
+      before do
+        login_as super_admin 
+      end
+      it "should return success if the user is an admin" do
+        put "/admin/users/#{user.id}", :params => {:user => { password: "securePassword" } }
+
+        expect(response).to have_http_status(302)
+        expect(flash[:notice]).to match('User successfully updated')
+      end
+    end
+
+    context "without a super admin privileges" do
+      let(:other_user) { FactoryBot.create(:user, role: 1) }
+      let(:user) { FactoryBot.create(:user, email: "[email protected]", username: "user_name", role: 1) }
+
+      before do
+        login_as other_user 
+      end
+
+      it "should raise an error when the user tries to access super admin" do
+        assert_raises ActionController::RoutingError do
+         put "/admin/users/#{user.id}/edit" 
+        end
+      end
+
+    end
+  end
+end