Bugfixes: menu bar profile picture, persmissions, posessive pronouns

fablabbcn · Dec 13, 2024 · ae4d62d · ae4d62d
1 parent e4b314c
commit ae4d62d
Show file tree

Hide file tree

Showing 11 changed files with 61 additions and 40 deletions.
diff --git a/app/controllers/ui/users_controller.rb b/app/controllers/ui/users_controller.rb
@@ -1,24 +1,25 @@
 module Ui
   class UsersController < ApplicationController
     include SharedControllerMethods
+    include UserHelper
 
     def index
       redirect_to current_user ? ui_user_path(current_user.username) : login_path
     end
 
     def show
       find_user!
-      @title = I18n.t(:show_user_title, username: @user.username)
+      @title = I18n.t(:show_user_title, owner: owner(true))
       add_breadcrumb(@title, ui_user_path(@user.username))
       render "show", layout: "base"
     end
 
     def secrets
       find_user!
-      return unless authorize_user!
-      @title = I18n.t(:secrets_user_title, username: @user.username)
+      return unless authorize_user! :show_secrets?, :secrets_user_forbidden
+      @title = I18n.t(:secrets_user_title, owner: owner)
       add_breadcrumbs(
-        [I18n.t(:show_user_title, username: @user.username), ui_user_path(@user.username)],
+        [I18n.t(:show_user_title, owner: owner(true)), ui_user_path(@user.username)],
         [@title, secrets_ui_user_path(@user.username)]
       )
     end
@@ -59,17 +60,17 @@ def create
 
     def edit
       find_user!
-      return unless authorize_user!
-      @title = I18n.t(:edit_user_title)
+      return unless authorize_user! :update?, :edit_user_forbiden
+      @title = I18n.t(:edit_user_title, owner: owner)
       add_breadcrumbs(
-        [I18n.t(:show_user_title, username: @user.username), ui_user_path(@user.username)],
+        [I18n.t(:show_user_title, owner: owner(true)), ui_user_path(@user.username)],
         [@title, edit_ui_user_path(@user.username)]
       )
     end
 
     def update
       find_user!
-      return unless authorize_user!
+      return unless authorize_user! :update?, :edit_user_forbiden
       if @user.update(params.require(:user).permit(
         :profile_picture,
         :username,
@@ -90,18 +91,18 @@ def update
 
     def delete
       find_user!
-      return unless authorize_user!
-      @title = I18n.t(:delete_user_title)
+      return unless authorize_user! :destroy?, :delete_user_forbidden
+      @title = I18n.t(:delete_user_title, owner: owner)
       add_breadcrumbs(
-        [I18n.t(:show_user_title, username: @user.username), ui_user_path(@user.username)],
-        [I18n.t(:edit_user_title, username: @user.username), edit_ui_user_path(@user.username)],
+        [I18n.t(:show_user_title, owner: owner(true)), ui_user_path(@user.username)],
+        [I18n.t(:edit_user_title, owner: owner), edit_ui_user_path(@user.username)],
         [@title, delete_ui_user_path(@user.username)]
       )
     end
 
     def destroy
       find_user!
-      return unless authorize_user!
+      return unless authorize_user! :destroy?, :delete_user_forbidden
       if @user.username != params[:username]
         flash[:alert] = I18n.t(:delete_user_wrong_username)
         redirect_to delete_ui_user_path(@user.username)
@@ -122,11 +123,15 @@ def find_user!
       @user = User.friendly.find(params[:id])
     end
 
-    def authorize_user!
-      return true if authorize? @user, :destroy?
-      flash[:alert] = I18n.t(:delete_user_forbidden)
+    def authorize_user!(action, alert)
+      return true if authorize? @user, action
+      flash[:alert] = I18n.t(alert)
       redirect_to current_user ? ui_user_path(@user) : login_path
       return false
     end
+
+    def owner(capitalize=false)
+      possessive(@user, current_user, capitalize: capitalize)
+    end
   end
 end
diff --git a/app/helpers/user_helper.rb b/app/helpers/user_helper.rb
@@ -6,4 +6,15 @@ def profile_picture_url(user)
       ''
     end
   end
-end
+
+  def possessive(user, current_user, params={})
+    first_person = params[:first_person]
+    capitalize = params[:capitalize]
+    if current_user && current_user == user
+      pronoun = t(first_person ? :first_person_possessive : :second_person_possessive)
+      capitalize ? pronoun.capitalize : pronoun
+    else
+      t :third_person_possessive, username: user.username
+    end
+  end
+end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
@@ -25,6 +25,6 @@ def update_password?
   end
 
   def show_secrets?
-    user == record
+    user.try(:is_admin?) || user == record
   end
 end
diff --git a/app/views/layouts/_nav.html.erb b/app/views/layouts/_nav.html.erb
@@ -36,7 +36,7 @@
             <a class="nav-link ms-md-2" title="<%= t :profile_pic_alt_text %>" href="<%= ui_user_path(current_user.username) %>">
               <div class="circular-image-crop navbar-profile-image">
                 <%= image_tag(
-                  @user.profile_picture.present? ? @user.profile_picture : "default_avatar.svg",
+                  current_user.profile_picture.present? ? current_user.profile_picture : "default_avatar.svg",
                   alt: t(:profile_pic_alt_text),
                   class: "w-100"
                 ) %>

diff --git a/app/views/ui/users/delete.html.erb b/app/views/ui/users/delete.html.erb
@@ -1,8 +1,8 @@
 <%= bootstrap_form_tag url: ui_user_path(@user.id), method: :delete do |f| %>
   <%= f.hidden_field :token, value: @token %>
   <p><%= t(:delete_user_warning_html, username: current_user.username) %></p>
-  <%= f.text_field :username, label: t(:delete_user_username_label)  %>
+  <%= f.text_field :username, label: t(:delete_user_username_label, owner: possessive(@user, current_user))  %>
   <div class="mt-4">
-    <%= f.primary t(:delete_user_submit), class: "btn btn-danger w-100 w-md-auto" %>
+    <%= f.primary t(:delete_user_submit, owner: possessive(@user, current_user, first_person: true)), class: "btn btn-danger w-100 w-md-auto" %>
   </div>
 <% end %>
diff --git a/app/views/ui/users/edit.html.erb b/app/views/ui/users/edit.html.erb
@@ -18,6 +18,8 @@
   <div class="mt-5">
     <%= f.primary t(:edit_user_submit), class: "btn btn-primary w-100 w-md-auto" %>
   </div>
-  <h2 class="mt-5 mb-3"><%= t(:edit_user_other_actions_subhead) %></h2>
-  <div><%= link_to t(:edit_user_delete_account_submit), delete_ui_user_path(@user.username), class: "btn btn-danger w-100 w-md-auto" %></div>
+  <% if authorize? @user, :destroy? %>
+    <h2 class="mt-5 mb-3"><%= t(:edit_user_other_actions_subhead) %></h2>
+    <div><%= link_to t(:edit_user_delete_account_submit, owner: possessive(@user, current_user)), delete_ui_user_path(@user.username), class: "btn btn-danger w-100 w-md-auto" %></div>
+  <%  end %>
 <% end %>
diff --git a/app/views/ui/users/secrets.html.erb b/app/views/ui/users/secrets.html.erb
@@ -7,7 +7,7 @@
 
 <% if @user.forward_device_readings? %>
   <div class="mt-5">
-    <h1 class="mb-4"><%= t :secrets_user_forwarding_heading %></h1>
+    <h1 class="mb-4"><%= t :secrets_user_forwarding_heading, owner: possessive(@user, current_user) %></h1>
     <p><%= t :secrets_user_forwarding_blurb_html %></p>
     <%= render partial: "ui/shared/copyable_input", locals: {
       name: t(:secrets_user_forwarding_token_label),

diff --git a/app/views/ui/users/show.html.erb b/app/views/ui/users/show.html.erb
@@ -33,12 +33,12 @@
         <div class="actions mt-3">
             <p class="mb-0">
               <% if authorize? @user, :update? %>
-                <%= link_to(t(:show_user_edit_cta), edit_ui_user_path(@user), class: "btn btn-dark me-md-2 w-100 w-md-auto") %>
+                <%= link_to(t(:show_user_edit_cta, owner: possessive(@user, current_user)), edit_ui_user_path(@user), class: "btn btn-dark me-md-2 w-100 w-md-auto") %>
               <% end %>
               <% if authorize? @user, :show_secrets? %>
-                <%= link_to(t(:show_user_secrets_cta), secrets_ui_user_path(@user), class: "btn btn-dark me-md-2 mt-3 mt-md-0 w-100 w-md-auto") %>
+                <%= link_to(t(:show_user_secrets_cta, owner: possessive(@user, current_user)), secrets_ui_user_path(@user), class: "btn btn-dark me-md-2 mt-3 mt-md-0 w-100 w-md-auto") %>
               <% end %>
-              <% if @user %>
+              <% if current_user == @user %>
                 <%= link_to(t(:show_user_log_out_cta), logout_path, class: "btn btn-dark mt-3 mt-lg-0 w-100 w-md-auto") %>
               <% end %>
             </p>

diff --git a/config/locales/controllers/en.yml b/config/locales/controllers/en.yml
@@ -9,16 +9,17 @@ en:
     password_reset_success: "Changed password for: %{username}."
     password_reset_invalid: "Your reset code might be too old or have been used before."
     destroy_session_success: "Logged out!"
-    show_user_title: "%{username}'s profile"
-    secrets_user_title: "Your API keys"
+    show_user_title: "%{owner} profile"
+    secrets_user_title: "%{owner} API keys"
+    secrets_user_forbidden: "You are not allowed to see API keys for that user account!"
     new_user_title: "Sign up"
     new_user_success: "Thanks for signing up! You are now logged in."
     new_user_failure: "Some errors prevented us from creating your account. Please check below and try again!"
-    edit_user_title: "Edit your profile"
+    edit_user_title: "Edit %{owner} profile"
     edit_user_forbidden: "You are not allowed to edit that user account!"
     update_user_success: "Your profile has been updated!"
     update_user_failure: "Some errors prevented us from updating your profile. Please check below and try again!"
-    delete_user_title: "Delete your account"
+    delete_user_title: "Delete %{owner} account"
     post_delete_user_title: "We are sorry to see you go!"
     delete_user_forbidden: "You are not allowed to delete that user account!"
     delete_user_wrong_username: "That username did not match! Please try again."
diff --git a/config/locales/helpers/user/en.yml b/config/locales/helpers/user/en.yml
@@ -0,0 +1,4 @@
+en:
+  second_person_possessive: "your"
+  third_person_possessive: "%{username}'s"
+  first_person_possessive: "my"
diff --git a/config/locales/views/users/en.yml b/config/locales/views/users/en.yml
@@ -1,15 +1,13 @@
 en:
   show_user_headline: "User: %{username}"
   show_user_profile_pic_alt: "Profile picture for user %{username}"
-  show_user_edit_cta: "Edit your profile"
-  show_user_secrets_cta: "Show your API keys"
+  show_user_edit_cta: "Edit %{owner} profile"
+  show_user_secrets_cta: "Show %{owner} API keys"
   show_user_log_out_cta: "Sign out"
   secrets_user_blurb_html: This key gives you access to your data in the SmartCitizen platform using the <a href="https://developer.smartcitizen.me/" target="_blank">REST API</a>. <strong>Please keep it safe and do not share with anyone, just as you would with a password</strong>.
-
-
   secrets_user_api_key_label: API key
-  secrets_user_forwarding_heading: Your MQTT Forwarding Keys
-  secrets_user_forwarding_blurb_html: Your account has MQTT forwarding enabled, so you can connect directly to our MQTT broker to receive new readings from your devices as they are posted. You will need the following username and token to authenticate. <strong>As above, please treat these credentials as if they were your password, and do not share them with anyone</strong>.
+  secrets_user_forwarding_heading: "%{owner} MQTT Forwarding Keys"
+  secrets_user_forwarding_blurb_html: "This account has MQTT forwarding enabled, so you can connect directly to our MQTT broker to receive new readings from your devices as they are posted. You will need the following username and token to authenticate. <strong>As above, please treat these credentials as if they were your password, and do not share them with anyone</strong>."
   secrets_user_forwarding_token_label: MQTT forwarding token
   secrets_user_forwarding_username_label: MQTT forwarding username
   new_user_submit: "Sign up"
@@ -24,10 +22,10 @@ en:
   edit_user_account_details_subhead: "Account details"
   edit_user_public_profile_subhead: "Public profile"
   edit_user_other_actions_subhead: "Other Actions"
-  edit_user_delete_account_submit: "Permanently delete your account"
+  edit_user_delete_account_submit: "Permanently delete %{owner} account"
   delete_user_warning_html: "🚨<strong>Warning!</strong> This will permanently delete the account <strong>%{username}</strong> and all of its devices.🚨"
-  delete_user_username_label: "To confirm, type your username below:"
-  delete_user_submit: "I understand, delete my account"
+  delete_user_username_label: "To confirm, type %{owner} username below:"
+  delete_user_submit: "I understand, delete %{owner} account"
   users_password_reset_landing_confirmation_label: "Confirm new password"
   users_password_reset_landing_submit: "Change my password"
   post_delete_user_blurb_html: "If you have deleted your account in error, please contact <a href='mailto:[email protected]'>Smart Citizen support<a> as soon as possible. After 24 hours, your account and all devices will be deleted permanently."