El Dorado: Delete Users as Admin controlled?

You are not logged in

Delete Users as Admin controlled? « El Dorado « almost effortless

Sun, 12 Apr 2009, 09:23am	#1
votto Member Registered: November 2008 Last visit: Sat, 26 Sep 2009 Posts: 13	It woudl be great if we could add deletion of accounts to teh list of things that only admins can do. is that possible? is there a file edit somewhere that can be applied for this? T H A N K S
Offline	Link

Mon, 13 Apr 2009, 09:20am	#2
Trevor Administrator Registered: September 2005 Last visit: 16 hours ago Posts: 370	That's already in place. If you're an admin, you can click to a user account page, then click edit profile, then delete. Users can also delete themselves. You'll see a message and confirmation screen that explains the details of deleting a user.
Offline	Link

Sun, 19 Apr 2009, 08:48am	#3
votto Member Registered: November 2008 Last visit: Sat, 26 Sep 2009 Posts: 13	Actually, what if you do NOT want users to delete themselves? In other words, take that privilege away from users so that ONLY admins can do that?
Offline	Link

Sun, 19 Apr 2009, 08:50am	#4
votto Member Registered: November 2008 Last visit: Sat, 26 Sep 2009 Posts: 13	test
Offline	Link

Sun, 19 Apr 2009, 08:50am	#5
votto Member Registered: November 2008 Last visit: Sat, 26 Sep 2009 Posts: 13	test2
Offline	Link

Fri, 24 Apr 2009, 12:30am	#6
Trevor Administrator Registered: September 2005 Last visit: 16 hours ago Posts: 370	You might have to change the way the users controller works. You could try to make the users controller an "admin only" setting, in the admin settings, but then users wouldn't be able to do anything with their accounts.
Offline	Link

Tue, 06 Oct 2009, 07:39am	#7
nekote Member Registered: October 2009 Last visit: Sun, 22 Nov 2009 Posts: 33	as posted in another thread: nekote2 wrote: Modifying El Dorado so only admins can delete a user. That's a piece of cake. \el-dorado\app\views\users\edit.html.erb # # <%= link_to 'Delete', confirm_delete_user_path %>   # # Allow only admins to delete any user, except themselves # <% if admin? %> <%= link_to 'Delete', confirm_delete_user_path %>   <% end %> # I'd like to add a bell and whistle. I would like to prevent an admin from deleting themselves. (Yes, I know, they can easily create such a shell admin account) (Looking to make that one notch of delay / extra effort / consideration / reflection) Unfortunately, I haven't figured out the finer points of @user versus user. What I need is an improved "<% if admin? %>" Maybe something like "<% if admin? and @user.id != user.id %>" But, that causes an error. Trevor wrote: I think the short answer is that you could restrict the admin from deleting himself in the controller or model layer. So, in the destroy action in the controller, you could flash a message if @user.admin? - or something similar in the model. Haven't gotten into the controller nor flashing, yet. Hope to avoid that. How can I test if the user to be deleted is the same as the (admin) user requesting the delete?
Offline	Link

Tue, 06 Oct 2009, 07:39am

nekote: Member; Registered: October 2009; Last visit: Sun, 22 Nov 2009; Posts: 33

as posted in another thread:

nekote2 wrote:
Modifying El Dorado so only admins can delete a user.
That's a piece of cake.
\el-dorado\app\views\users\edit.html.erb
#
# <%= link_to 'Delete', confirm_delete_user_path %>  
#
# Allow *only* admins to delete any user, except themselves
#
<% if admin? %>
<%= link_to 'Delete', confirm_delete_user_path %>  
<% end %>
#

I'd like to add a bell and whistle.

I would like to prevent an admin from deleting themselves.
(Yes, I know, they can easily create such a shell admin account)
(Looking to make that one notch of delay / extra effort / consideration / reflection)
Unfortunately, I haven't figured out the finer points of @user versus user.
What I need is an improved "<% if admin? %>"
Maybe something like "<% if admin? and @user.id != user.id %>"
But, that causes an error.

Trevor wrote:
I think the short answer is that you could restrict the admin from
deleting himself in the controller or model layer. So, in the destroy
action in the controller, you could flash a message if @user.admin? -
or something similar in the model.

Haven't gotten into the controller nor flashing, yet.
Hope to avoid that.

How can I test if the user to be deleted is the same as the (admin) user requesting the delete?

Offline

Link

Home » Forum Topics » almost effortless » El Dorado

Newest User: techthumb