From cbc1c50cd27adda3b4ac74ff666bbd609b91e6e5 Mon Sep 17 00:00:00 2001
From: joshua stein <jcs@jcs.org>
Date: Fri, 26 Jun 2015 10:27:04 -0500
Subject: [PATCH] add user banning/unbanning from user view page

---
 app/controllers/application_controller.rb | 13 +++++++++
 app/controllers/users_controller.rb       | 33 ++++++++++++++++++++++
 app/mailers/ban_notification.rb           |  3 +-
 app/models/user.rb                        | 10 ++++++-
 app/views/users/show.html.erb             | 34 +++++++++++++++++++++++
 config/routes.rb                          |  3 ++
 6 files changed, 94 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2194273..6ee005e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -89,6 +89,19 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def require_logged_in_moderator
+    require_logged_in_user
+
+    if @user
+      if @user.is_moderator?
+        true
+      else
+        flash[:error] = "You are not authorized to access that resource."
+        return redirect_to "/"
+      end
+    end
+  end
+
   def require_logged_in_user_or_400
     if @user
       true
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index eeb4ba6..5f77a19 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,6 @@
 class UsersController < ApplicationController
+  before_filter :require_logged_in_moderator, :only => [ :ban, :unban ]
+
   def show
     @showing_user = User.where(:username => params[:username]).first!
     @title = "User #{@showing_user.username}"
@@ -34,4 +36,35 @@ class UsersController < ApplicationController
   def invite
     @title = "Pass Along an Invitation"
   end
+
+  def ban
+    buser = User.where(:username => params[:username]).first
+    if !buser
+      flash[:error] = "Invalid user."
+      return redirect_to "/"
+    end
+
+    if !params[:reason].present?
+      flash[:error] = "You must give a reason for the ban."
+      return redirect_to user_path(:user => buser.username)
+    end
+
+    buser.ban_by_user_for_reason!(@user, params[:reason])
+
+    flash[:success] = "User has been banned."
+    return redirect_to user_path(:user => buser.username)
+  end
+
+  def unban
+    buser = User.where(:username => params[:username]).first
+    if !buser
+      flash[:error] = "Invalid user."
+      return redirect_to "/"
+    end
+
+    buser.unban_by_user!(@user)
+
+    flash[:success] = "User has been unbanned."
+    return redirect_to user_path(:user => buser.username)
+  end
 end
diff --git a/app/mailers/ban_notification.rb b/app/mailers/ban_notification.rb
index d207710..2029e10 100644
--- a/app/mailers/ban_notification.rb
+++ b/app/mailers/ban_notification.rb
@@ -7,7 +7,8 @@ class BanNotification < ActionMailer::Base
     @reason = reason
 
     mail(
-      :from => "#{@banner.username} <#{@banner.email}>",
+      :from => "#{@banner.username} <nobody@#{Rails.application.domain}>",
+      :replyto => "#{@banner.username} <#{@banner.email}>",
       :to => user.email,
       :subject => "[#{Rails.application.name}] You have been banned"
     )
diff --git a/app/models/user.rb b/app/models/user.rb
index 0cc2939..64df4b7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -241,11 +241,19 @@ class User < ActiveRecord::Base
     username
   end
 
-  def unban!
+  def unban_by_user!(unbanner)
     self.banned_at = nil
     self.banned_by_user_id = nil
     self.banned_reason = nil
     self.save!
+
+    m = Moderation.new
+    m.moderator_user_id = unbanner.id
+    m.user_id = self.id
+    m.action = "Unbanned"
+    m.save!
+
+    true
   end
 
   def undeleted_received_messages
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 732ae43..ac7d540 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -166,5 +166,39 @@
       <% end %>
     </div>
     <br>
+
+    <div style="clear: both;"></div>
+    <br>
+
+    <p>
+    <div class="legend">
+      Administrative Actions
+    </div>
+    </p>
+
+    <% if @user.is_banned? %>
+      <%= form_tag user_unban_path, :method => :post do %>
+        <p>
+        <%= submit_tag "Unban User" %>
+        </p>
+      <% end %>
+    <% else %>
+      <%= form_tag user_ban_path, :method => :post do %>
+        <p>
+        Banning a user will send an e-mail to the user with the reason below,
+        with your e-mail address as the Reply-To so the user can respond.
+        </p>
+        <p>
+
+        <div class="boxline">
+          <%= label_tag :reason, "Reason:", :class => "required" %>
+          <%= text_field_tag :reason, "", :size => 40 %>
+        </div>
+
+        <p>
+        <%= submit_tag "Ban User" %>
+        </p>
+      <% end %>
+    <% end %>
   <% end %>
 </div>
diff --git a/config/routes.rb b/config/routes.rb
index dd864ae..d9d09c2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -90,6 +90,9 @@ Lobsters::Application.routes.draw do
     get "/u" => "users#tree"
     get "/u/:username" => "users#show", :as => "user", :format => /html|json/
 
+    post "/users/:username/ban" => "users#ban", :as => "user_ban"
+    post "/users/:username/unban" => "users#unban", :as => "user_unban"
+
     get "/settings" => "settings#index"
     post "/settings" => "settings#update"
     post "/settings/pushover" => "settings#pushover"