Enable / Disable user from web application

[AlexLaroche]

Description

The option introduce permet to enable / disable to users management in the web application.

The option is available only to an admin or a subadmin.

Related Issue

#809
#12601

Motivation and Context

Easy management of the users.

How Has This Been Tested?

The functionnality have been test with the owncloud version 9.1.4.2 installed on Ubuntu 16.04.2 LTS.

Server version: Apache/2.4.18 (Ubuntu)
Server built: 2016-07-14T12:32:26
PHP 7.0.15-0ubuntu0.16.04.4

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[mention-bot]

@AlexLaroche, thanks for your PR! By analyzing the history of the files in this pull request, we identified @DeepDiver1975, @ringmaster and @PVince81 to be potential reviewers.

[CLAassistant]

All committers have signed the CLA.

[DeepDiver1975]

Thanks a lot! Please have a look at the failing unit tests. And also please get rid of that ajax/set enabled.php

[PVince81]

And also please get rid of that ajax/set enabled.php

which means: please use the UsersController class instead.
Basically add a new method there, you can see one here for example: https://github.com/owncloud/core/blob/master/settings/Controller/UsersController.php#L621
Then put a matching route here: https://github.com/owncloud/core/blob/master/settings/routes.php#L50

Let us know if you need help 😄

[DeepDiver1975]

@AlexLaroche 13 unit tests are failing - please have a look - in case you need guidance just let us know. THX

https://jenkins.owncloud.org/job/owncloud-core/job/core/job/PR-27333/2/testReport/

[DeepDiver1975]

Nice! Great job!

[PVince81]

@AlexLaroche tests passed, great. Please let us know when you think this is ready for another review. (you might still be tweaking stuff, we can't guess 😄)

[AlexLaroche]

It's ready for review. :)

[PVince81]

• TODO: prevent the current user to disable themselves (on API side and also remove the checkbox on frontend)
• TODO: would be good to also have the "undo" feature. Basically don't perform the action before 7 seconds have expired. See how delete is done. Because disabling a user kills all their sessions which is a bit nasty.
• TODO: add display name of the user in the notification: User "{someUser}" has been disabled (not "have been" which is plural)
• I wonder if we should hide this column by default to avoid cluttering the UI like other fields (optional)

Other than that this seems to work nicely!

I'll have a look at the code.

[PVince81]

• BUG: as subadmin I can disable users not in my group. I see that you put in checks in the code but they don't seem to work.

Steps to reproduce:

1. Create three users "user1", "user2", "user3"
2. Add "user1" and "user2" into a group "group1"
3. Make "user1" a subadmin of group "group1"
4. Login as "user1"
5. Open the browser network console
6. Disable "user2"
7. Select the "enabled" request in the network console and do "copy as curl"
8. Paste the curl command in a terminal and replace "user2" with "user3" and run the command

Expected: 403 error
Actual: user3 got disabled

[PVince81]

Apart from some minor issues (and the bugs), the code looks good!

[PVince81]

yes, prevent disabling yourself, but it seems this doesn't work correctly

[PVince81]

Maybe convert this to a boolean directly at the beginning of the function ?
Booleans compared as strings usually give me the shivers 😄

[PVince81]

use the boolean $select.prop('checked') for better browser compatibility

[PVince81]

use $select.prop('checked', user.isEnabled) for better browser compatibility

[PVince81]

Please add the message directly inside the t() block instead of using a variable.
This is because the translation bot looks for the t() functions to find what text to submit for translation.

Also use a placeholder for the state: t('admin', 'User {displayName} has been {state}', {displayName: ..., state: stateText). and for the stateText: t('admin', 'enabled'), etc

[PVince81]

Please use a class instead of id because ids must be unique within the page but here it would be repeated across the page. This will also require changing your jQuery selectors.

[PVince81]

@AlexLaroche ready for review again or are you still working on it ? (please always post a message when ready for review)

[AlexLaroche]

@PVince81 : In your requirements to merge the code, it still missing :

• TODO: would be good to also have the "undo" feature. Basically don't perform the action before 7 seconds have expired. See how delete is done. Because disabling a user kills all their sessions which is a bit nasty.

I have don't time to add it for the moment. I will try to implement it when I will have more time.
It why a don't have ask for the moment for an another review.

[PVince81]

I think the undo thing can be implemented separately.

Let me rereview.

[PVince81]

you can use OC.getCurrentUser().uid which would be slightly better

[PVince81]

• BUG: even though the checkbox "show enabled column" is disabled, if you refresh the page the column still appears. I couldn't spot the bug in the code after a quick look, maybe needs some debugging.

I've retested and apart from these two points I think this is good to go.

[AlexLaroche]

@PVince81 : All should be OK now. It was a single line of code that cause the bug. :)

[PVince81]

Tested, works 👍
Great work, thanks a lot!

[PVince81]

Added the feature list: https://github.com/owncloud/core/wiki/ownCloud-10.0-Features

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.