EPIC: Admin can suspend/restore users

[pconrad]

User Story

• As an admin
• I can suspend a user from logging in (if they have misbehaved)
• So that I can keep the game safe and fun for everyone else.

Discussion

We looked into the possibility of removing a user from a specific commons, but this turns out to be super complicated.

We went back to look at the original purpose of the user story, and realized that if we need to remove a user from one commons, it's probably better to just remove them from all of the commons.

And that's easiest to do by just preventing them from logging in (in the first place).

Acceptance Criteria

• The users entity get a new boolean field suspended which is initially false
• There is a way for an admin to suspend a user (suggested implementation: red Suspend button on the Admin Users table.
• There is a way to tell whether a user is suspended (either a column that shows this, or perhaps their row shows up in strikethrough text (like this).
• For suspended users, the button text says "Restore" instead of "Suspend". Clicking it removes the user from being suspended.
• When a user is suspended, they are logged out immediately if they try to access any functions in the app, with a message that says: "You have been suspended from using this site; please contact the site administrator for details".
• When a user is suspended, if they try to login, they are unable to and get the same message as above.

Suggested Implementation

Issue B1: Add suspended field to Users entity (5 pts)

Simple issue that just adds a boolean field to the Users entity with the initial value false.

Issue B2: Add endpoints that suspend or restore user (10 pts, depends on B1)

Simple issue that just adds an endpoint in the Users controller that is accessible only to Admins.

• POST /users/suspend/{userid} sets the suspended field to true
  *POST /users/restore/{userid} sets the suspended field to false

You can look at organic and gauchoride for the toggle admin endpoints for code that would be similar to this.

Issue B3a: Add gatekeeping for suspended users at login time (10 pts, depends on B2)

See B3b before starting.. this one may not be needed if we can do B3b properly...

Add code to the login routine so that if a user tries to login and they are suspended, they get a message and they are immediately logged out. This one may be tricky; you may need the staff to help you with this one.

Issue B3b: Add code similar to the code in organic and gauchoride that monitors role changes (10 pts, depends on B2) (10 pts, depends on B2)

In organic and gauchoride there is code that checks the status of the user and adjusts their roles based on the latest changes to the database. The role changes are effective immediately. We may be able to do something similar here.
This one may be tricky; you may need the staff to help you with this one.

Issue F1: Add button to suspend / restore users to Admin/Users table (10 pts, depends on B2)

Just add the information to the table about whether user is supended or not ,and the button that either says "Suspend" or "Restore". The buttons should work, but the confirmation modal can be saved for a second issue.

Issue F2: Add button to suspend / restore users to Admin/Users table (10 pts, depends on F1)

Add a confirmation modal to the button that suspends or restores a user.