Add headings

Allow closing accounts
Closes #37
2026-04-21 22:37:38 -05:00 · 2026-04-21 22:37:25 -05:00 · 2026-04-21 22:16:49 -05:00 · 2026-04-21 22:16:47 -05:00 · 2026-04-21 22:15:21 -05:00
11 changed files with 158 additions and 36 deletions
--- a/db/migrate/20260420181729_add_closed_at_to_user.rb
+++ b/db/migrate/20260420181729_add_closed_at_to_user.rb
@ -0,0 +1,5 @@
 class AddClosedAtToUser < ActiveRecord::Migration[7.2]
  def change
    add_column :users, :closed_at, :datetime
  end
 end
--- a/db/migrate/20260420210736_add_opened_at_to_vote.rb
+++ b/db/migrate/20260420210736_add_opened_at_to_vote.rb
@ -0,0 +1,5 @@
 class AddOpenedAtToVote < ActiveRecord::Migration[7.2]
  def change
    add_column :votes, :opened_at, :datetime
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.2].define(version: 2026_03_23_215246) do
+ActiveRecord::Schema[7.2].define(version: 2026_04_20_210736) do
  create_table "candidates", force: :cascade do |t|
    t.integer "vote_id"
    t.string "name"
@ -46,6 +46,7 @@ ActiveRecord::Schema[7.2].define(version: 2026_03_23_215246) do
    t.datetime "updated_at", null: false
    t.string "reset"
    t.boolean "admin"
    t.datetime "closed_at"
  end
  create_table "votes", force: :cascade do |t|
@ -57,6 +58,7 @@ ActiveRecord::Schema[7.2].define(version: 2026_03_23_215246) do
    t.datetime "updated_at", null: false
    t.string "state"
    t.integer "reminders"
    t.datetime "opened_at"
  end
  add_foreign_key "ratings", "votes"
--- a/vedia.rb
+++ b/vedia.rb
@ -120,7 +120,7 @@ end
 post '/login' do
  user = User.find_by(email: params[:email].downcase.strip)
-  if user && verify_password(params[:password], user.password)
+  if user && active(user) && verify_password(params[:password], user.password)
    if not user.reset.nil?
      user.reset = nil
      user.save
@ -134,7 +134,7 @@ post '/login' do
      redirect '/'
    end
  else
-    @error = _("Incorrect email or password.")
+    @error = true
    erb :login
  end
 end
@ -154,7 +154,7 @@ post '/reset' do
    erb :reset
  else
    @user = User.find_by(email: params[:email])
-    if @user
+    if @user && active(@user)
      @reset = SecureRandom.uuid
      @user.reset = hash_password(@reset)
      @user.save
@ -174,7 +174,7 @@ get '/reset/:uuid' do
  User.where.not(reset: nil).each do |user|
    @user = user if verify_password(params[:uuid], user.reset)
  end
-  if @user
+  if @user && active(@user)
    erb :reset_change
  else
    erb :reset_invalid
@ -186,7 +186,7 @@ post '/reset/:uuid' do
  User.where.not(reset: nil).each do |user|
    @user = user if verify_password(params[:uuid], user.reset)
  end
-  if @user
+  if @user && active(@user)
    @errors = []
    if params[:password].empty?
      @errors << OpenStruct.new(:attribute => :password, :type => :blank)
@ -218,17 +218,35 @@ post '/logout' do
  redirect '/login'
 end
-get '/admin' do
+get '/users/:id' do
-  require_admin
+  require_admin_or_self
-  @users = User.all
+  erb :users_show
  @votes = Vote.all
  erb :admin
 end
-get '/admin/users/:id' do
+get '/users/:id/close' do
  require_admin_or_self
  require_active
  erb :users_close
 end
 post '/users/:id/close' do
  require_admin_or_self
  require_active
  @user.closed_at = Time.now.utc
  @user.save
  if is_admin
    redirect "/users/#{@user.id}"
  else
    @closed = true
    session.clear
    erb :login
  end
 end
 get '/admin' do
  require_admin
-  @user = User.find(params[:id])
+  @votes = Vote.all
-  erb :admin_users
+  erb :admin
 end
 get '/admin/users/:id/organizers/:vote/delete' do
@ -557,7 +575,7 @@ post '/votes/:id/organizers' do
    @errors << OpenStruct.new(:attribute => :email, :type => :invalid)
  else
    user = User.find_by(email: params[:email])
-    if not user
+    if not user or not active(user)
      @errors << OpenStruct.new(:attribute => :email, :type => :unknown)
      @params = params
    elsif @vote.users.exists?(user.id)
@ -585,7 +603,7 @@ def close_expired_votes
    puts "#{Time.now.utc} Closing vote \"#{vote.title}\" because it expired on #{vote.expire_on}..."
    vote.state = 'closed'
    vote.save
-    all_users_sorted.each do |user|
+    users_for_vote(vote).each do |user|
      puts "#{Time.now.utc} Sending results by email to #{user.email}..."
      mail = Mail.new
      mail.from = settings.admin_email
@ -603,7 +621,7 @@ def send_reminders
    settings.reminders.slice(vote.reminders..settings.reminders.length-1).each do |reminder|
      minutes_to_expiry = ( vote.expire_on - Time.now.utc ) / 60
      if minutes_to_expiry < reminder[:timeout] / 60
-        all_users_sorted.each do |user|
+        active_users.each do |user|
          if not vote.ratings.collect { |rating| rating.user }.include?(user)
            puts "#{Time.now.utc} Sending reminder #{reminder[:template]} for '#{vote.title}' to #{user.email}..."
            mail = Mail.new
@ -629,7 +647,13 @@ end
 helpers do
  def current_user
    if session[:user_id]
-      User.find(session[:user_id])
+      user = User.find(session[:user_id])
      if active(user)
        return user
      else
        session.clear
        return nil
      end
    elsif settings.spoof_admin
      session.clear
      session[:timezone] = 'UTC'
@ -652,6 +676,21 @@ helpers do
    redirect '/' unless is_admin
  end
  def require_admin_or_self
    require_login
    find_user
    redirect '/' unless is_admin or current_user == @user
  end
  def active(user)
    user.closed_at.nil?
  end
  def require_active
    find_user
    redirect '/' unless active(@user)
  end
  def find_vote
    @vote = Vote.find_by(secure_id: params[:id])
  end
@ -660,10 +699,43 @@ helpers do
    @candidate = Candidate.find(params[:cid])
  end
-  def all_users_sorted
+  def find_user
    @user = User.find(params[:id])
  end
  def all_users
    User.all.each.sort_by { |user| user.email }
  end
  def active_users(timestamp = Time.now.utc)
    users = []
    User.all.each do |user|
      if user.created_at < timestamp and ( active(user) or user.closed_at > timestamp )
        users << user
      end
    end
    users.sort_by { |user| user.email }
  end
  def users_created_between(min, max)
    users = []
    User.all.each do |user|
      if user.created_at > min and user.created_at < max
        users << user
      end
    end
    users.sort_by { |user| user.email }
  end
  def users_for_vote(vote)
    # Users who were active when the vote was open (or created if not open yet)
    # Users who were created between the vote was open and the vote was closed (or now if the vote is not closed yet)
    min = vote.opened_at ? vote.opened_at : vote.created_at
    max = vote.expire_on ? vote.expire_on : Time.now.utc
    users = active_users(min) + users_created_between(min, max)
    users.sort_by { |user| user.email }
  end
  def require_candidate_in_vote
    redirect '/votes/' + @vote.secure_id unless @candidate.vote == @vote
  end
--- a/views/admin.erb
+++ b/views/admin.erb
@ -2,27 +2,44 @@
 <h2 class="mb-4"><%= _("Users") %></h2>
-<ul class="mb-5">
+<table class="table table-striped mb-5">
-<% @users.sort_by { |user| user.email }.each do |user| %>
+  <thead>
-  <li>
+    <tr>
-  <a href="/admin/users/<%= user.id %>"><%= user.email %></a>
+      <th><%= _("Email") %></th>
-  </li>
+      <th><%= _("Created") %></th>
      <th><%= _("Closed") %></th>
      <th><%= _("Admin") %></th>
      <th><%= _("Votes") %></th>
      <th><%= _("Ratings") %></th>
    </tr>
  </thead>
  <% all_users.each do |user| %>
    <tr>
      <td><a href="/users/<%= user.id %>"><%= user.email %></a></td>
      <td><%= format_date(user.created_at) %></td>
      <td><%= active(user) ? nil : format_date(user.closed_at) %></td>
      <td><%= user.admin %></td>
      <td><%= user.votes.length %></td>
      <td><%= user.ratings.length %></td>
    </tr>
  <% end %>
-</ul>
+</table>
 <h2 class="mb-4"><%= _("Votes") %></h2>
 <table class="table table-striped mb-5">
  <thead>
    <tr>
-      <td></td>
+      <th><%= _("Created") %></th>
-      <td></td>
+      <th><%= _("Expired") %></th>
      <th><%= _("State") %></th>
    </tr>
  </thead>
  <tbody>
    <% @votes.reverse.each do |vote| %>
      <tr>
        <td><%= format_date(vote.created_at) %></td>
        <td><%= format_date(vote.expire_on) if vote.expire_on %></td>
        <td class="text-nowrap">
          <% case vote.state
             when 'draft' %>
--- a/views/layout.erb
+++ b/views/layout.erb
@ -40,7 +40,7 @@
      <div class="d-flex flex-wrap justify-content-end pe-3 py-3 mb-4">
        <% if current_user %>
-          <%= current_user.email %>
+          <a href="/users/<%= current_user.id %>"><%= current_user.email %></a>
        <% else %>
          &nbsp;
        <% end %>
--- a/views/login.erb
+++ b/views/login.erb
@ -1,8 +1,12 @@
 <h1 class="mb-5"><%= _("Login") %></h1>
 <% if @closed %>
  <p class="alert alert-success mb-4"><%= _("Your account was closed successfully.") %></p>
 <% end %>
 <% if @error %>
  <div class="alert alert-warning mb-4">
-    <p><%= @error %></p>
+    <p><%= _("Incorrect email or password.") %></p>
    <p class="mb-0"><a href="/reset"><%= _("Reset password") %></a></p>
  </div>
 <% end %>
--- a/views/users_close.erb
+++ b/views/users_close.erb
@ -0,0 +1,11 @@
 <h1 class="mb-5"><%= _("Closing account %{email}") % { email: @user.email } %></h1>
 <p><%= _("Do you really want to close the account for %{email}?") % { email: @user.email } %></p>
 <p><%= _("Past votes and ratings created by this account will remain available, but the account will no longer be able to log in, create new votes, or participate in open votes.") %></p>
 <p><%= _("This action cannot be undone.") %></p>
 <form action="/users/<%= @user.id %>/close" method="post" class="mb-5">
  <button type="submit" class="btn btn-danger"><%= _("Close account") %></button>
 </form>
--- a/views/admin_users.erb
+++ b/views/admin_users.erb
@ -1,12 +1,18 @@
-<h1 class="mb-5"><%= _("Admin") %></h1>
+<h1 class="mb-5"><%= @user.email %></h1>
 <h2 class="mb-4"><%= @user.email %></h2>
 <p><%= _("Created: %{date}") % { date: format_date(@user.created_at) } %></p>
 <p><%= _("Updated: %{date}") % { date: format_date(@user.updated_at) } %></p>
-<p class="mb-5"><%= _("Admin: %{admin}") % { admin: @user.admin ? _("Yes") : _("No") } %></p>
+<p><%= _("Admin: %{admin}") % { admin: @user.admin ? _("Yes") : _("No") } %></p>
 <% if @user.closed_at %>
  <p class="mb-5"><%= _("Closed: %{date}") % { date: format_date(@user.closed_at) } %></p>
 <% else %>
  <form action="/users/<%= @user.id %>/close" method="get" class="mb-5">
    <button type="submit" class="btn btn-outline-danger"><%= _("Close account") %></button>
  </form>
 <% end %>
 <h2 class="mb-4"><%= _("Organized votes") %></h2>
--- a/views/votes_show_closed.erb
+++ b/views/votes_show_closed.erb
@ -175,7 +175,7 @@
      <% end %>
    </tr>
  </thead>
-  <% all_users_sorted.each do |user| %>
+  <% users_for_vote(@vote).each do |user| %>
  <tr>
    <td><%= user.email %></td>
    <% @vote.candidates.each do |candidate| %>
--- a/views/votes_show_open.erb
+++ b/views/votes_show_open.erb
@ -66,7 +66,7 @@
 <h2 class="mb-4"><%= _("Participants") + " (#{@vote.ratings.collect { |rating| rating.user }.uniq.count})" %></h2>
 <ul class="mb-5">
-  <% all_users_sorted.each do |user| %>
+  <% users_for_vote(@vote).each do |user| %>
    <li>
      <% if @vote.ratings.collect { |rating| rating.user }.include?(user) %>
        <span>
Author	SHA1	Message	Date
ricola	e70279a1b2	Add headings	2026-04-21 22:37:38 -05:00
ricola	29bd105072	Allow closing accounts Closes #37	2026-04-21 22:37:25 -05:00
ricola	1acc369774	Move error message to view	2026-04-21 22:16:49 -05:00
ricola	267dc439f1	Allow user to see their profile page	2026-04-21 22:16:47 -05:00
ricola	b4e56645f6	Display users as table in admin panel	2026-04-21 22:15:21 -05:00