Commit graph

2 commits

Author SHA1 Message Date
http://jneen.net/
963b374dc7 update the specs to not require a set to be returned 2017-06-27 12:41:54 -07:00
Timothy Andrew
6fdb17cbbe
Don't allow deleting a ghost user.
- Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.
2017-02-24 16:50:20 +05:30