Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suspend a user #8114

Merged
merged 10 commits into from
Mar 13, 2017
Merged

suspend a user #8114

merged 10 commits into from
Mar 13, 2017

Conversation

kirrg001
Copy link
Contributor

@kirrg001 kirrg001 commented Mar 8, 2017
edited
Loading

refs #8111

This PR contains a new feature: suspending/un-suspending a user.
This branch was already tested with the Ghost-Admin PR.
Works as expected with ghost and password auth.

The key changes are

  • Ghost returns now all (active+none active) users by default
  • protect login with suspended status
  • test permissions and add extra protection for suspending myself
  • if a user is suspended and tries to activate himself, he won't be able to proceed the login to get a new token

TODO'S

  • wait for a ghost-admin branch to test the basics
  • add a test for the event listener
  • re-confirm that the permissions are OK
  • test permissions
  • optimise error message
  • add model fn: isActive isInactive
  • can't suspend myself
  • check status handling again e.g. user changes status to locked and then to active to trick the system
  • extend PR description
  • fix tests
  • test pwd mode

kevinansfield added a commit to kevinansfield/Ghost-Admin that referenced this pull request Mar 8, 2017
@kevinansfield
✨ suspend user option
a233cd6 
requires TryGhost/Ghost#8114
- adds "Suspend User" option on user profile page with a modal confirmation screen
@kevinansfield kevinansfield mentioned this pull request Mar 8, 2017
Merged
6 tasks
@kirrg001 kirrg001 force-pushed the 1.0.0-dev/get-users branch 10 times, most recently from d851cc8 to 2874100 Compare March 9, 2017 14:51
@kirrg001 kirrg001 changed the title [WIP] suspend a user suspend a user Mar 9, 2017
@kirrg001
Copy link
Contributor Author

kirrg001 commented Mar 9, 2017

Ready to review/merge!

kevinansfield added a commit to kevinansfield/Ghost-Admin that referenced this pull request Mar 10, 2017
@kevinansfield
✨ suspend user option
ef0bdbd 
requires TryGhost/Ghost#8114
- adds "Suspend User" option on user profile page with a modal confirmation screen
@kirrg001
🎨 tests: ensure who can change the status
36f960f 
- no logic must be adapted
- we could also remove these tests, because it just reflects how the role permission system in Ghost works
- owner can suspend all users except of owner
- admin can suspend all users except of owner
- editor can suspend author
@kirrg001
✨ remove tokens of the suspended user
dd0c107 
- add a new event listener
- when user is deactived, remove AT/RT

[ci skip]
@kirrg001
🎨 optimise error message for suspended users and reorder ghost strategy
a65306c 
- to react on suspended users i had to reorder the logic a bit in the ghost strategy
- it's a little bit hard to read the diff i think, but not much has changed here
- return correct error message if user is supended (for both password and ghost auth)
- can't be handled via the model layer (e.g. return suspended error from model layer), because findOne or findAll can be used in multiple places with different use cases

[ci skip]
@kirrg001
🎨 ghost returns all users inclusing status inactive by default
99d055e 
- we are changing the way ghost returns users
- return all users by default (status: all)
- ghost-admin will receive all active and inactive users and can decide which user can be suspended and which user can be unsuspended (depending on the permissions)
- inactive is no longer a status a user can't be in
- alternatively we could let the admin send GET /...../status=all for every request, but not my perseronal preference
@kirrg001
user.isActive()?
6945303 
- locked + inactive can't login

[ci skip]
@kirrg001
fix password auth and add user.isLocked and user.isInactive
1054b7e
@kirrg001
🎨 tests: add test for new listener
a9f92d6 
- test that tokens get deleted if a user get's deactivated
- change the custom fixture logic (perms:x, user-token:x)

[ci skip]
@kirrg001
User cannot change own status to inactive
8c8a1ef
@kirrg001
fix tests && lint
ef9adb6
kevinansfield added a commit to kevinansfield/Ghost-Admin that referenced this pull request Mar 13, 2017
@kevinansfield
✨ suspend user feature
b413e90 
requires TryGhost/Ghost#8114
- adds "(Un-)Suspend User" options on user profile page with a modal confirmation screen
- separates team index into "active" and "suspended" users
- adds "suspended" badge to user profile when suspended
kirrg001 pushed a commit to TryGhost/Admin that referenced this pull request Mar 13, 2017
@kevinansfield @kirrg001
✨ suspend user feature
97300e3 
requires TryGhost/Ghost#8114
- adds "(Un-)Suspend User" options on user profile page with a modal confirmation screen
- separates team index into "active" and "suspended" users
- adds "suspended" badge to user profile when suspended
@kevinansfield kevinansfield merged commit c9f551e into TryGhost:master Mar 13, 2017
@kevinansfield kevinansfield deleted the 1.0.0-dev/get-users branch March 13, 2017 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevinansfield kevinansfield kevinansfield approved these changes

Assignees

@kevinansfield kevinansfield

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kirrg001 @kevinansfield