Use a state machine for user status

The user status is a bit complex, since there are various states and not all transitions between them make sense. Using AASM means that we can name and restrict the transitions, which hopefully makes them easier to reason about.
2022-01-05 18:44:46 +00:00 · 2022-01-05 18:44:46 +00:00 · 1a11c4dc19
commit 1a11c4dc19
parent 786f28993a
12 changed files with 103 additions and 45 deletions
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@ -25,7 +25,7 @@ class ConfirmationsController < ApplicationController
        render_unknown_user token.user.display_name
      else
        user = token.user
-        user.status = "active"
+        user.activate
        user.email_valid = true
        flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
        user.save!
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@ -46,7 +46,7 @@ class PasswordsController < ApplicationController
        if params[:user]
          current_user.pass_crypt = params[:user][:pass_crypt]
          current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
-          current_user.status = "active" if current_user.status == "pending"
+          current_user.activate if current_user.may_activate?
          current_user.email_valid = true

          if current_user.save
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -164,8 +164,6 @@ class UsersController < ApplicationController

      Rails.logger.info "create: #{session[:referer]}"

-      current_user.status = "pending"
-
      if current_user.auth_provider.present? && current_user.pass_crypt.empty?
        # We are creating an account with external authentication and
        # no password was specified so create a random one
@ -202,15 +200,17 @@ class UsersController < ApplicationController
  ##
  # sets a user's status
  def set_status
-    @user.status = params[:status]
-    @user.save
+    @user.activate! if params[:event] == "activate"
+    @user.confirm! if params[:event] == "confirm"
+    @user.hide! if params[:event] == "hide"
+    @user.unhide! if params[:event] == "unhide"
    redirect_to user_path(:display_name => params[:display_name])
  end

  ##
  # destroy a user, marking them as deleted and removing personal data
  def destroy
-    @user.destroy
+    @user.soft_destroy!
    redirect_to user_path(:display_name => params[:display_name])
  end