- 24 Feb, 2017 2 commits
-
-
Timothy Andrew authored
- Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
-
Timothy Andrew authored
Rather than using a separate `ghost` state. This lets us have the benefits of both ghost and blocked users (ghost: true, state: blocked) without having to rewrite a number of queries to include cases for `state: ghost`.
-
- 10 Feb, 2017 1 commit
-
-
Robert Speicher authored
-
- 06 Jun, 2016 1 commit
-
-
Timothy Andrew authored
- To hold registrations from U2F devices, and to authenticate them. - Previously, `User#two_factor_enabled` was aliased to the `otp_required_for_login` column on `users`. - This commit changes things a bit: - `User#two_factor_enabled` is not a method anymore - `User#two_factor_enabled?` checks both the `otp_required_for_login` column, as well as `U2fRegistration`s - Change all instances of `User#two_factor_enabled` to `User#two_factor_enabled?` - Add the `u2f` gem, and implement registration/authentication at the model level.
-
- 14 Apr, 2016 1 commit
-
-
Stan Hu authored
Closes #14370 Move gon function into its own helper
-
- 15 Mar, 2016 1 commit
-
-
Rémy Coutable authored
This reverts commit 01160fc0, reversing changes made to 4bff9daf.
-
- 04 Mar, 2016 1 commit
-
-
Robert Speicher authored
-