diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6b301af1..d3135614 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -121,8 +121,10 @@ def resource_not_found
render 'errors/not_found', status: 404
end
- def member_should_be_active
- if !current_member.active
+ def member_should_exist_and_be_active
+ if !current_member
+ redirect_to organizations_path
+ elsif !current_member.active
flash[:error] = I18n.t('users.index.account_deactivated')
redirect_to select_organization_path
end
diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 858e9120..560c548e 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -1,5 +1,5 @@
class TagsController < ApplicationController
- before_action :authenticate_user!, :member_should_be_active
+ before_action :authenticate_user!, :member_should_exist_and_be_active
def index
model = params[:model].classify.constantize
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d9013a8b..65e5a2a7 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,6 @@
class UsersController < ApplicationController
- before_action :authenticate_user!, :member_should_be_active, except: [:signup, :create]
+ before_action :authenticate_user!, except: %i[signup create]
+ before_action :member_should_exist_and_be_active, except: %i[signup create edit show update]
has_scope :tagged_with, as: :tag
@@ -16,6 +17,8 @@ def manage
def show
@user = find_user
+ redirect_to edit_user_path(@user) and return if !current_organization
+
@member = @user.as_member_of(current_organization)
@movements = @member.movements.order("created_at DESC").page(params[:page]).
per(10)
@@ -57,11 +60,11 @@ def create
end
def update
- @user = scoped_users.find(params[:id])
- authorize @user
+ @user = User.find(params[:id])
+ authorize @user unless @user == current_user
if @user.update(user_params)
- @user.add_tags(current_organization, params[:tag_list] || [])
+ @user.add_tags(current_organization, params[:tag_list] || []) if current_organization
redirect_to @user
else
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
index 08ff149a..3a52b3cd 100644
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@@ -34,15 +34,18 @@
include_blank: :true %>
<%= f.input :description, as: "text" %>
<%= f.input :postcode %>
- <%= label_tag :tag_list, t('activerecord.attributes.post.tag_list') %>
-
- <%= select_tag :tag_list,
- options_for_select(member.tags, member.tags),
- multiple: true,
- data: { placeholder: t("application.tips.entertag"), model: "member" },
- id: "tags-js",
- class: "form-control" %>
-
+
+ <% if current_organization %>
+ <%= label_tag :tag_list, t('activerecord.attributes.post.tag_list') %>
+
+ <%= select_tag :tag_list,
+ options_for_select(member.tags, member.tags),
+ multiple: true,
+ data: { placeholder: t("application.tips.entertag"), model: "member" },
+ id: "tags-js",
+ class: "form-control" %>
+
+ <% end %>