BigW Consortium Gitlab

  1. 24 Feb, 2017 2 commits
    • Don't allow deleting a ghost user. · 6fdb17cb
      Timothy Andrew authored
      - Add a `destroy_user` ability. This didn't exist before, and was implicit in
        other abilities (only admins could access the admin area, so only they could
        destroy all users; a user can only access their own account page, and so can
        destroy only themselves).
      
      - Grant this ability to admins, and when the current user is trying to destroy
        themselves. Disallow destroying ghost users in all cases.
      
      - Modify the `Users::DestroyService` to check this ability. Also check it in
        views to decide whether or not to show the "Delete User" button.
      
      - Add a short summary of the Ghost User to the bio.
    • Use a `ghost` boolean to track ghost users. · 8e684809
      Timothy Andrew authored
      Rather than using a separate `ghost` state. This lets us have the benefits of
      both ghost and blocked users (ghost: true, state: blocked) without having to
      rewrite a number of queries to include cases for `state: ghost`.
  2. 10 Feb, 2017 1 commit
  3. 06 Jun, 2016 1 commit
    • Add a `U2fRegistrations` table/model. · 791cc913
      Timothy Andrew authored
      - To hold registrations from U2F devices, and to authenticate them.
      - Previously, `User#two_factor_enabled` was aliased to the
        `otp_required_for_login` column on `users`.
      - This commit changes things a bit:
          - `User#two_factor_enabled` is not a method anymore
          - `User#two_factor_enabled?` checks both the
            `otp_required_for_login` column, as well as `U2fRegistration`s
          - Change all instances of `User#two_factor_enabled` to
            `User#two_factor_enabled?`
      - Add the `u2f` gem, and implement registration/authentication at the
        model level.
  4. 14 Apr, 2016 1 commit
  5. 15 Mar, 2016 1 commit
  6. 04 Mar, 2016 1 commit