Merge pull request #4624 from betagouv/instructor_cannot_change_its_mail

Suppression de la possibilité pour instructeur de changer son propre email
This commit is contained in:
LeSim 2019-12-11 17:28:57 +01:00 committed by GitHub
commit 1b17218b5c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 9 deletions

View file

@ -1,5 +1,9 @@
module Users module Users
class ProfilController < UserController class ProfilController < UserController
before_action :redirect_if_instructeur,
only: :update_email,
if: -> { instructeur_signed_in? }
def show def show
end end
@ -10,14 +14,14 @@ module Users
end end
def update_email def update_email
if @current_user.update(update_email_params) if current_user.update(update_email_params)
flash.notice = t('devise.registrations.update_needs_confirmation') flash.notice = t('devise.registrations.update_needs_confirmation')
elsif @current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken } elsif current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken }
UserMailer.account_already_taken(@current_user, requested_email).deliver_later UserMailer.account_already_taken(current_user, requested_email).deliver_later
# avoid leaking information about whether an account with this email exists or not # avoid leaking information about whether an account with this email exists or not
flash.notice = t('devise.registrations.update_needs_confirmation') flash.notice = t('devise.registrations.update_needs_confirmation')
else else
flash.alert = @current_user.errors.full_messages flash.alert = current_user.errors.full_messages
end end
redirect_to profil_path redirect_to profil_path
@ -32,5 +36,9 @@ module Users
def requested_email def requested_email
update_email_params[:email] update_email_params[:email]
end end
def redirect_if_instructeur
redirect_to profil_path
end
end end
end end

View file

@ -18,6 +18,7 @@
%p %p
Pour finaliser votre changement dadresse, vérifiez vos emails et cliquez sur le lien de confirmation. Pour finaliser votre changement dadresse, vérifiez vos emails et cliquez sur le lien de confirmation.
- if !instructeur_signed_in?
= form_for @current_user, url: update_email_path, method: :patch, html: { class: 'form' } do |f| = form_for @current_user, url: update_email_path, method: :patch, html: { class: 'form' } do |f|
= f.email_field :email, value: nil, placeholder: 'Nouvelle adresse email', required: true = f.email_field :email, value: nil, placeholder: 'Nouvelle adresse email', required: true
= f.submit "Changer mon adresse", class: 'button primary' = f.submit "Changer mon adresse", class: 'button primary'

View file

@ -52,8 +52,6 @@ describe Users::ProfilController, type: :controller do
end end
context 'when the mail is incorrect' do context 'when the mail is incorrect' do
let!(:user2) { create(:user) }
before do before do
patch :update_email, params: { user: { email: 'incorrect' } } patch :update_email, params: { user: { email: 'incorrect' } }
user.reload user.reload
@ -62,5 +60,18 @@ describe Users::ProfilController, type: :controller do
it { expect(response).to redirect_to(profil_path) } it { expect(response).to redirect_to(profil_path) }
it { expect(flash.alert).to eq(['Email invalide']) } it { expect(flash.alert).to eq(['Email invalide']) }
end end
context 'when the user has an instructeur role' do
let(:instructeur_email) { 'instructeur_email@a.com' }
let!(:user) { create(:instructeur, email: instructeur_email).user }
before do
patch :update_email, params: { user: { email: 'loulou@lou.com' } }
user.reload
end
it { expect(user.unconfirmed_email).to be_nil }
it { expect(response).to redirect_to(profil_path) }
end
end end
end end