Admin level field for users.

Edit users from admin interface. Let admin users classify any request from main website interface. Give admin users links from users/bodies/requests to admin interface.
author: francis <francis> 2008-08-27 00:39:03 +0000
committer: francis <francis> 2008-08-27 00:39:03 +0000
commit: 79f4c456c9c435f72dfd5ec5fce1049f57947a75 (patch)
tree: 2b091ad19113e50308c9aaf479d8a5c79f02f36f
parent: 18d4c071bd737f16bc135727087e5ebdbced97c1 (diff)
13 files changed, 102 insertions, 11 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 50be7e65d..f9fe839df 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: admin_user_controller.rb,v 1.5 2008-07-28 18:04:38 francis Exp $
+# $Id: admin_user_controller.rb,v 1.6 2008-08-27 00:39:03 francis Exp $
 
 class AdminUserController < ApplicationController
     layout "admin"
@@ -27,6 +27,27 @@ class AdminUserController < ApplicationController
         @admin_user = User.find(params[:id])
     end
 
+    def edit
+        @admin_user = User.find(params[:id])
+    end
+
+    def update
+        @admin_user = User.find(params[:id])
+
+        @admin_user.name = params[:admin_user][:name]
+        @admin_user.email = params[:admin_user][:email]
+        @admin_user.admin_level = params[:admin_user][:admin_level]
+
+        if @admin_user.valid?
+            @admin_user.save!
+            flash[:notice] = 'User successfully updated.'
+            redirect_to user_admin_url(@admin_user)
+        else
+            render :action => 'edit'
+        end
+    end 
+
+ 
     private
 
 end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 4cb3e497d..41c48dee3 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: request_controller.rb,v 1.95 2008-08-07 00:24:51 francis Exp $
+# $Id: request_controller.rb,v 1.96 2008-08-27 00:39:03 francis Exp $
 
 class RequestController < ApplicationController
     
@@ -23,7 +23,7 @@ class RequestController < ApplicationController
         @info_request_events = @info_request.info_request_events
         @status = @info_request.calculate_status
         @collapse_quotes = params[:unfold] ? false : true
-        @is_owning_user = !authenticated_user.nil? && authenticated_user.id == @info_request.user_id
+        @is_owning_user = !authenticated_user.nil? && (authenticated_user.id == @info_request.user_id || authenticated_user.owns_every_request?)
         @events_needing_description = @info_request.events_needing_description
         last_event = @events_needing_description[-1]
         @last_info_request_event_id = last_event.nil? ? nil : last_event.id
@@ -273,7 +273,7 @@ class RequestController < ApplicationController
         end
         @info_request = InfoRequest.find(params[:id].to_i)
         @collapse_quotes = params[:unfold] ? false : true
-        @is_owning_user = !authenticated_user.nil? && authenticated_user.id == @info_request.user_id
+        @is_owning_user = !authenticated_user.nil? && (authenticated_user.id == @info_request.user_id || authenticated_user.owns_every_request?)
 
         params_outgoing_message = params[:outgoing_message]
         if params_outgoing_message.nil?
diff --git a/app/models/user.rb b/app/models/user.rb
index 9c160dbd5..9c68ff0aa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -21,7 +21,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user.rb,v 1.61 2008-08-09 15:19:01 francis Exp $
+# $Id: user.rb,v 1.62 2008-08-27 00:39:03 francis Exp $
 
 require 'digest/sha1'
 
@@ -41,6 +41,11 @@ class User < ActiveRecord::Base
     attr_accessor :password_confirmation
     validates_confirmation_of :password, :message =>"^Please enter the same password twice"
 
+    validates_inclusion_of :admin_level, :in => [ 
+        'none',
+        'super', 
+    ]
+
     acts_as_xapian :texts => [ :name ],
         :values => [ [ :created_at, 0, "created_at", :date ] ],
         :terms => [ [ :variety, 'V', "variety" ] ]
@@ -148,9 +153,14 @@ class User < ActiveRecord::Base
             u.save!
         end
 
-        return u
+        return 
     end
 
+    # Does the user magically gain powers as if they owned every request?
+    # e.g. Can classify it
+    def owns_every_request?
+        self.admin_level == 'super'
+    end
 
     private
 
diff --git a/app/views/admin_user/_form.rhtml b/app/views/admin_user/_form.rhtml
new file mode 100644
index 000000000..f56a23ea3
--- /dev/null
+++ b/app/views/admin_user/_form.rhtml
@@ -0,0 +1,13 @@
+<%= error_messages_for 'admin_user' %>
+
+<!--[form:admin_user]-->
+
+<p><label for="admin_user_name">Name</label> (will change URL name and break URLs; unlike authorities, there is no history)<br/>
+<%= text_field 'admin_user', 'name', :size => 60  %></p>
+
+<p><label for="admin_user_email">Email</label> (<strong>you must</strong> first validate this)<br/>
+<%= text_field 'admin_user', 'email', :size => 60  %></p>
+
+<p><label for="admin_level">Admin level</label> (<strong>none</strong> or <strong>super</strong>; this is for admin features and links which are in the site proper)<br/>
+<%= text_field 'admin_user', 'admin_level', :size => 60  %></p>
+
diff --git a/app/views/admin_user/edit.rhtml b/app/views/admin_user/edit.rhtml
new file mode 100644
index 000000000..c9803fbde
--- /dev/null
+++ b/app/views/admin_user/edit.rhtml
@@ -0,0 +1,23 @@
+
+
+<h1><%=@title%></h1>
+
+<% form_tag '../update/' + @admin_user.id.to_s do %>
+  <%= render :partial => 'form' %>
+  <p><%= submit_tag 'Save' %></p>
+<% end %>
+
+<p>
+<%= link_to 'Show', '../show/' + @admin_user.id.to_s %> |
+<%= link_to 'List all', '../list' %>
+</p>
+
+<% if false #@admin_user.info_requests.size == 0 %>
+    <% form_tag('../destroy/' + @admin_user.id.to_s) do %>
+       <p>
+       <%= hidden_field_tag(:admin_user_id, { :value => @admin_user.id } ) %>
+       <%= submit_tag "Destroy " + @admin_user.name %> (this is permanent!)
+       </p>
+    <% end %>
+<% end %>
+
diff --git a/app/views/admin_user/list.rhtml b/app/views/admin_user/list.rhtml
index 2950041e5..3ba26a626 100644
--- a/app/views/admin_user/list.rhtml
+++ b/app/views/admin_user/list.rhtml
@@ -12,7 +12,7 @@
 <table>
   <tr>
     <th>Id</th>
-  <% for column in ['Name', 'Email', 'Created at', 'Updated at', 'Email confirmed'] %>
+  <% for column in ['Name', 'Email', 'Created at', 'Updated at', 'Email confirmed', 'Admin'] %>
     <th><%= column %></th>
   <% end %>
   </tr>
@@ -22,7 +22,7 @@
     <td><%= user.id.to_s %></td>
     <td><%= link_to h(user.name), 'show/' + user.id.to_s %></td>
     <td><a href="mailto:<%=h user.email %>"><%=h user.email%></a></td>
-  <% for column in ['created_at', 'updated_at', 'email_confirmed'] %>
+  <% for column in ['created_at', 'updated_at', 'email_confirmed', 'admin_level'] %>
     <td><%=h user.send(column) %></td>
   <% end %>
   </tr>
diff --git a/app/views/admin_user/show.rhtml b/app/views/admin_user/show.rhtml
index 68d72feea..aea8c8e3b 100644
--- a/app/views/admin_user/show.rhtml
+++ b/app/views/admin_user/show.rhtml
@@ -15,7 +15,8 @@
 <% end %>
 </p>
 
-<p><%= link_to 'Public page', main_url(user_url(@admin_user)) %></p>
+<p><%= link_to 'Edit', '../edit/' + @admin_user.id.to_s %>
+| <%= link_to 'Public page', main_url(user_url(@admin_user)) %></p>
 
 <h2>Track things</h2>
 
diff --git a/app/views/body/show.rhtml b/app/views/body/show.rhtml
index ec09dfb70..07cf3ce8e 100644
--- a/app/views/body/show.rhtml
+++ b/app/views/body/show.rhtml
@@ -10,6 +10,9 @@
 <p class="subtitle">
 <%=@public_body.type_of_authority(true)%> in the UK<% if not @public_body.short_name.empty? %>, also called <%= h(@public_body.short_name) %><% end %>
 (<%= link_to "home page", @public_body.calculated_home_page %>)
+<% if !@user.nil? && @user.owns_every_request? %>
+(<%= link_to "admin", public_body_admin_url(@public_body) %>)
+<% end %>
 </p>
 
 <% if @public_body.notes != "" %>
diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml
index 0182574d8..0d6d72f22 100644
--- a/app/views/request/show.rhtml
+++ b/app/views/request/show.rhtml
@@ -45,6 +45,9 @@
     <%= public_body_link(@info_request.public_body) %>
     by 
     <%= user_link(@info_request.user) %>
+    <% if !@user.nil? && @user.owns_every_request? %>
+    (<%= link_to "admin", request_admin_url(@info_request) %>)
+    <% end %>
     </p>
 
     <p id="request_status">
diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml
index 8eef38adc..01f20ed71 100644
--- a/app/views/user/show.rhtml
+++ b/app/views/user/show.rhtml
@@ -14,7 +14,12 @@
 
 <div class="single_user">
     <h1><%=@title%></h1>
-    <p class="subtitle">Joined WhatDoTheyKnow on <%= simple_date(@display_user.created_at) %></p>
+    <p class="subtitle">
+        Joined WhatDoTheyKnow on <%= simple_date(@display_user.created_at) %>
+        <% if !@user.nil? && @user.owns_every_request? %>
+        (<%= link_to "admin", user_admin_url(@display_user) %>)
+        <% end %>
+    </p>
 
     <p>
         <%= link_to "Send message to " + h(@display_user.name), contact_user_url(:id => @display_user.id) %>
diff --git a/db/migrate/063_add_admin_users.rb b/db/migrate/063_add_admin_users.rb
new file mode 100644
index 000000000..9daa64a35
--- /dev/null
+++ b/db/migrate/063_add_admin_users.rb
@@ -0,0 +1,9 @@
+class AddAdminUsers < ActiveRecord::Migration
+    def self.up
+        add_column :users, :admin_level, :string, :null => false, :default => 'none'
+    end
+
+    def self.down
+        remove_column :users, :admin_level
+    end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 3511724da..99ced4c04 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 62) do
+ActiveRecord::Schema.define(:version => 63) do
 
   create_table "acts_as_xapian_jobs", :force => true do |t|
     t.string  "model",    :null => false
@@ -176,6 +176,7 @@ ActiveRecord::Schema.define(:version => 62) do
     t.boolean  "email_confirmed",        :default => false,                 :null => false
     t.text     "url_name",                                                  :null => false
     t.datetime "last_daily_track_email", :default => '2000-01-01 00:00:00'
+    t.string   "admin_level",            :default => "none",                :null => false
   end
 
   add_index "users", ["url_name"], :name => "index_users_on_url_name", :unique => true
diff --git a/todo.txt b/todo.txt
index f9aee06f8..fe28c2e0e 100644
--- a/todo.txt
+++ b/todo.txt
@@ -66,6 +66,8 @@ Admin:
     Somehow fold up the enormous pages on many admin pages
     Make it easy to go from pages to admin page (perhaps via link as in PB?)
 
+Replace "deep" with admin_... URLs
+
 Later
 =====
author	francis <francis>	2008-08-27 00:39:03 +0000
committer	francis <francis>	2008-08-27 00:39:03 +0000
commit	79f4c456c9c435f72dfd5ec5fce1049f57947a75 (patch)
tree	2b091ad19113e50308c9aaf479d8a5c79f02f36f
parent	18d4c071bd737f16bc135727087e5ebdbced97c1 (diff)