Close remote accounts in admin UI

Gemfile

@@ -303,5 +303,5 @@ group :development, :test do
   gem "sinon-rails",               "1.15.0"
 
   # For `assigns` in controller specs
-  gem "rails-controller-testing", "1.0.5"
+  gem "rails-controller-testing", "1.0.4"
 end

app/controllers/admin/users_controller.rb

@@ -4,24 +4,34 @@ module Admin
   class UsersController < AdminController
     before_action :validate_user, only: %i(make_admin remove_admin make_moderator remove_moderator make_spotlight remove_spotlight)
 
-    def close_account
-      u = User.find(params[:id])
-      u.close_account!
-      redirect_to user_search_path, notice: t("admins.user_search.account_closing_scheduled", name: u.username)
-    end
-
+    # Receives the user ID to lock an account
     def lock_account
       u = User.find(params[:id])
       u.lock_access!
       redirect_to user_search_path, notice: t("admins.user_search.account_locking_scheduled", name: u.username)
     end
 
+    # Receives the user ID to unlock an account
     def unlock_account
       u = User.find(params[:id])
       u.unlock_access!
       redirect_to user_search_path, notice: t("admins.user_search.account_unlocking_scheduled", name: u.username)
     end
 
+    # Receives the person ID to close an account
+    def close_account
+      p = Person.find(params[:id])
+      p.close_account!
+      redirect_to user_search_path, notice: t("admins.user_search.account_closing_scheduled", name: p.username)
+    end
+
+    # Closes a remote or local account irretrievable and retracts and deletes all created data
+    def wipe_and_close_account
+      p = Person.find(params[:id])
+      p.wipe_and_close_account!
+      redirect_to user_search_path, notice: t("admins.user_search.account_closing_scheduled", name: p.username)
+    end
+
     def make_admin
       unless Role.is_admin? @user.person
         Role.add_admin @user.person
@@ -33,6 +43,8 @@ def make_admin
     end
 
     def remove_admin
+      return if @user == @current_user
+
       if Role.is_admin? @user.person
         Role.remove_admin @user.person
         notice = "admins.user_search.delete_admin"

app/controllers/admins_controller.rb

@@ -12,11 +12,11 @@ def user_search
       search_params = params.require(:admins_controller_user_search)
                             .permit(:username, :email, :guid, :under13)
       @search = UserSearch.new(search_params)
-      @users = @search.perform
+      @persons = @search.perform
     end
 
     @search ||= UserSearch.new
-    @users ||= []
+    @persons ||= [] # rubocop:disable Naming/MemoizedInstanceVariableName
   end
 
   def admin_inviter
@@ -138,15 +138,19 @@ def any_searchfield_present?
     def perform
       return User.none unless valid?
 
-      users = User.arel_table
       people = Person.arel_table
+      users = User.arel_table
       profiles = Profile.arel_table
-      res = User.joins(person: :profile)
-      res = res.where(users[:username].matches("%#{username}%")) unless username.blank?
-      res = res.where(users[:email].matches("%#{email}%")) unless email.blank?
-      res = res.where(people[:guid].matches("%#{guid}%")) unless guid.blank?
-      res = res.where(profiles[:birthday].gt(Date.today-13.years)) if under13 == '1'
-      res
+
+      persons = Person.joins("left join profiles on profiles.person_id = people.id")
+                      .joins("left join users on people.owner_id = users.id")
+      persons = persons.where(people[:diaspora_handle].matches("%#{username}%")) if username.present?
+      persons = persons.where(users[:email].matches("%#{email}%")) if email.present?
+      persons = persons.where(people[:guid].matches("%#{guid}%")) if guid.present?
+      persons = persons.where(profiles[:birthday].gt(Time.zone.today - 13.years)) if under13 == "1"
+      persons = persons.select("people.*, users.id as user_id, profiles.full_name as full_name")
+      persons = persons.distinct
+      persons.limit(50)
     end
   end
 end

app/models/person.rb

@@ -372,9 +372,42 @@ def as_json( opts = {} )
     json
   end
 
+  # Verifies whether local user is temporay locked or not
+  def locked_access?
+    return owner.access_locked? if owner.present?
+
+    false
+  end
+
+  # Locks revocably the users account and access to this instance if local
   def lock_access!
-    self.closed_account = true
-    self.save
+    owner.lock_access!({send_instructions: false}) if owner.present?
+  end
+
+  def unlock_access
+    owner.unlock_access! if owner.present?
+  end
+
+  # Verifies whether user account is permanetly locked or not
+  def closed_account?
+    closed_account
+  end
+
+  # Locks user and closes account permanently. Messages from external users will not enter this pod
+  def close_account!
+    update(closed_account: true)
+    lock_access!
+    AccountDeletion.create(person: self) unless AccountDeletion.exists?(person: self)
+  end
+
+  # Locks user and closes account permanently. Messages from external users will not enter this pod
+  # All messages and comments will be deleted
+  def wipe_and_close_account!
+    update(closed_account: true)
+    lock_access!
+    owner.lock_access! if owner.present?
+    AccountDeletion.create(person: self) unless AccountDeletion.exists?(person: self)
+    Workers::WipeAccount.perform_async(id)
   end
 
   def clear_profile!

app/models/user.rb

@@ -537,13 +537,12 @@ def no_person_with_same_username
   end
 
   def close_account!
-    self.person.lock_access!
-    self.lock_access!
-    AccountDeletion.create(person: person)
+    person.close_account!
+    AccountDeletion.create(person: person) unless AccountDeletion.exists?(person: person)
   end
 
   def closed_account?
-    self.person.closed_account
+    person.closed_account
   end
 
   def clear_account!

app/views/admins/_user_entry.haml

@@ -1,131 +1,90 @@
 %li.user.media
   .media-left
-    - if user.person
-      .media-object
-        = person_image_tag(user.person, size: :thumb_small)
+    .media-object
+      = person_image_tag(person, size: :thumb_small)
   .media-body
     .row
       .col-sm-7
         %h4.media-heading
-          = user.try(:person).try(:name)
+          = person.diaspora_handle
+        = t(".remote") if person.remote?
+        = t(".local") if person.local?
+        %br
+        - if person.closed_account?
+          .label.label-danger
+            = t(".closed_account")
+        - elsif person.locked_access?
+          .label.label-warning
+            = t(".locked_account")
+        - if !person.closed_account? && !person.locked_access?
+          .label.label-success
+            = t(".active_account")
       .col-sm-5
         .pull-right
           %span.label.label-default
             = t(".id")
-            = user.id
+            = person.id
           %span.label.label-info
             = t(".guid")
-            = user.try(:person).try(:guid)
+            = person.guid
     .row
       .col-sm-8
         %dl.dl-horizontal
           %dt= t("username")
-          %dd= user.username
-          %dt= t(".email")
-          %dd= user.email
-          %dt= t(".diaspora_handle")
-          %dd= user.person.diaspora_handle
-          %dt= t(".last_seen")
-          %dd= user.last_seen || t(".unknown")
-          %dt= t(".current_sign_in_ip")
-          %dd= user.current_sign_in_ip || t(".unknown")
-          - if user.invited_by.present?
-            %dt= t(".invite_token")
-            %dd= invite_code_url(user.invited_by.invitation_code)
-          %dt= t(".account_closed")
-          %dd
-            - if user.person.closed_account
-              %span.label.label-warning= t(".yes")
-            - else
-              %span.label.label-success= t(".no")
+          %dd= person.username
+          - if person.owner.present?
+            %dt= t(".email")
+            %dd= person.owner.email
+            %dt= t(".first_seen")
+            %dd= person.owner.created_at || t(".unknown")
+            %dt= t(".last_seen")
+            %dd= person.owner.last_seen || t(".unknown")
+            %dt= t(".current_sign_in_ip")
+            %dd= person.owner.current_sign_in_ip || t(".unknown")
+            - if person.owner.invited_by.present?
+              %dt= t(".invite_token")
+              %dd= invite_code_url(person.owner.invited_by.invitation_code)
           %dt= t(".nsfw")
           %dd
-            - if user.person.profile.nsfw
+            - if person.profile.nsfw
               %span.label.label-warning= t(".yes")
             - else
               %span.label.label-success= t(".no")
-          %dt= t(".admin")
-          %dd
-            - if user.admin?
-              %span.label.label-success= t(".yes")
-            - else
-              %span.label.label-warning= t(".no")
-          %dt= t(".moderator")
-          %dd
-            - if user.moderator_only?
-              %span.label.label-success= t(".yes")
-            - else
-              %span.label.label-warning= t(".no")
-          %dt= t(".spotlight")
-          %dd
-            - if user.spotlight?
-              %span.label.label-success= t(".yes")
-            - else
-              %span.label.label-warning= t(".no")
-
+          - if person.owner.present?
+            %dt= t(".admin")
+            %dd
+              - if person.owner.admin?
+                %span.label.label-success= t(".yes")
+              - else
+                %span.label.label-warning= t(".no")
+            %dt= t(".moderator")
+            %dd
+              - if person.owner.moderator?
+                %span.label.label-success= t(".yes")
+              - else
+                %span.label.label-warning= t(".no")
+            %dt= t(".spotlight")
+            %dd
+              - if person.owner.spotlight?
+                %span.label.label-success= t(".yes")
+              - else
+                %span.label.label-warning= t(".no")
         %h4= t("layouts.header.profile")
-
         %dl.dl-horizontal
           %dt= t("people.profile_sidebar.born")
-          %dd= user.person.profile.birthday
+          %dd= person.profile.birthday
           %dt= t("people.profile_sidebar.gender")
-          %dd= user.person.profile.gender
+          %dd= person.profile.gender
           %dt= t("people.profile_sidebar.location")
-          %dd= user.person.profile.location
+          %dd= person.profile.location
           %dt= t("people.profile_sidebar.bio")
-          %dd= user.person.profile.bio
+          %dd= person.profile.bio
 
       .col-sm-4
-        = link_to t("admins.user_search.view_profile"),
-          person_path(user.person),
-          class: "btn btn-default btn-block"
-        = link_to t("admins.user_search.add_invites"),
-          add_invites_path(user.invitation_code),
-          class: "btn btn-info btn-block"
-        - unless user.person.closed_account
-          = link_to t("admins.user_search.close_account"),
-            admin_close_account_path(user),
-            method: :post, data: {confirm: t("admins.user_search.are_you_sure")},
-            class: "btn btn-danger btn-block"
-          - if user.access_locked?
-            = link_to t("admins.user_search.unlock_account"),
-              admin_unlock_account_path(user),
-              method: :post,
-              data: {confirm: t("admins.user_search.are_you_sure_unlock_account")},
-              class: "btn btn-danger btn-block"
-          - else
-            = link_to t("admins.user_search.lock_account"),
-              admin_lock_account_path(user),
-              method: :post,
-              data: {confirm: t("admins.user_search.are_you_sure_lock_account")},
-              class: "btn btn-danger btn-block"
-          - if Role.is_admin?(user.person)
-            = link_to t("admins.user_search.remove_admin"),
-              admin_remove_admin_path(user),
-              method: :post,
-              class: "btn btn-danger btn-block"
-          - else
-            = link_to t("admins.user_search.make_admin"),
-              admin_make_admin_path(user),
-              method: :post,
-              class: "btn btn-info btn-block"
-          - if Role.moderator_only?(user.person)
-            = link_to t("admins.user_search.remove_moderator"),
-              admin_remove_moderator_path(user),
-              method: :post,
-              class: "btn btn-danger btn-block"
-          - else
-            = link_to t("admins.user_search.make_moderator"),
-              admin_make_moderator_path(user),
-              method: :post,
-              class: "btn btn-info btn-block"
-          - if Role.spotlight?(user.person)
-            = link_to t("admins.user_search.remove_spotlight"),
-              admin_remove_spotlight_path(user),
-              method: :post,
-              class: "btn btn-danger btn-block"
-          - else
-            = link_to t("admins.user_search.make_spotlight"),
-              admin_make_spotlight_path(user),
-              method: :post,
-              class: "btn btn-info btn-block"
+        = render partial: "admins/user_entry/view_profile", locals: {person: person}
+        = render partial: "admins/user_entry/add_invites", locals: {person: person}
+        = render partial: "admins/user_entry/lock_action", locals: {person: person}
+        = render partial: "admins/user_entry/close_action", locals: {person: person}
+        = render partial: "admins/user_entry/admin_action", locals: {person: person}
+        = render partial: "admins/user_entry/moderator_action", locals: {person: person}
+        = render partial: "admins/user_entry/spotlight_action", locals: {person: person}

app/views/admins/_user_search.haml

@@ -36,8 +36,9 @@
 .row
   .users.col-md-12
     %ul.media-list
-      - @users.each do |user|
-        = render partial: "user_entry", locals: {user: user}
+      - if @persons.present?
+        - @persons.each do |person|
+          = render partial: "user_entry", locals: {person: person}
 
 .row
   .more_invites.col-md-12

app/views/admins/user_entry/_add_invites.haml

@@ -0,0 +1,4 @@
+- if person.owner.present? && !person.closed_account?
+  = link_to t("admins.user_search.add_invites"),
+    add_invites_path(person.user_id),
+    class: "btn btn-info btn-block"

app/views/admins/user_entry/_admin_action.haml

@@ -0,0 +1,11 @@
+- if person.owner.present? && person != @current_user.person && !person.closed_account?
+  - if Role.is_admin?(person)
+    = link_to t("admins.user_search.remove_admin"),
+      admin_remove_admin_path(person.user_id),
+      method: :post,
+      class: "btn btn-danger btn-block"
+  - else
+    = link_to t("admins.user_search.make_admin"),
+      admin_make_admin_path(person.user_id),
+      method: :post,
+      class: "btn btn-info btn-block"

app/views/admins/user_entry/_close_action.haml

@@ -0,0 +1,9 @@
+- if person != @current_user.person && !person.closed_account?
+  = link_to person.owner.present? ? t("admins.user_search.close_account") : t("admins.user_search.close_local_account"),
+    admin_close_account_path(person.id),
+    method: :post, data: {confirm: t("admins.user_search.are_you_sure")},
+    class: "btn btn-danger btn-block"
+  = link_to person.owner.present? ? t("admins.user_search.wipe_and_close_account") : t("admins.user_search.wipe_and_close_local_account"),
+    admin_wipe_and_close_account_path(person.id),
+    method: :post, data: {confirm: t("admins.user_search.are_you_sure_close_and_wipe_account")},
+    class: "btn btn-danger btn-block"