Add headings

Allow closing accounts
Closes #37
2026-04-21 22:37:38 -05:00 · 2026-04-21 22:37:25 -05:00 · 2026-04-21 22:16:49 -05:00 · 2026-04-21 22:16:47 -05:00 · 2026-04-21 22:15:21 -05:00
11 changed files with 158 additions and 36 deletions
--- a/db/migrate/20260420181729_add_closed_at_to_user.rb
+++ b/db/migrate/20260420181729_add_closed_at_to_user.rb
@ -0,0 +1,5 @@
+class AddClosedAtToUser < ActiveRecord::Migration[7.2]
+  def change
+    add_column :users, :closed_at, :datetime
+  end
+end
--- a/db/migrate/20260420210736_add_opened_at_to_vote.rb
+++ b/db/migrate/20260420210736_add_opened_at_to_vote.rb
@ -0,0 +1,5 @@
+class AddOpenedAtToVote < ActiveRecord::Migration[7.2]
+  def change
+    add_column :votes, :opened_at, :datetime
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[7.2].define(version: 2026_03_23_215246) do
+ActiveRecord::Schema[7.2].define(version: 2026_04_20_210736) do
  create_table "candidates", force: :cascade do |t|
    t.integer "vote_id"
    t.string "name"
@ -46,6 +46,7 @@ ActiveRecord::Schema[7.2].define(version: 2026_03_23_215246) do
    t.datetime "updated_at", null: false
    t.string "reset"
    t.boolean "admin"
+    t.datetime "closed_at"
  end

  create_table "votes", force: :cascade do |t|
@ -57,6 +58,7 @@ ActiveRecord::Schema[7.2].define(version: 2026_03_23_215246) do
    t.datetime "updated_at", null: false
    t.string "state"
    t.integer "reminders"
+    t.datetime "opened_at"
  end

  add_foreign_key "ratings", "votes"
--- a/vedia.rb
+++ b/vedia.rb
@ -120,7 +120,7 @@ end

 post '/login' do
  user = User.find_by(email: params[:email].downcase.strip)
-  if user && verify_password(params[:password], user.password)
+  if user && active(user) && verify_password(params[:password], user.password)
    if not user.reset.nil?
      user.reset = nil
      user.save
@ -134,7 +134,7 @@ post '/login' do
      redirect '/'
    end
  else
-    @error = _("Incorrect email or password.")
+    @error = true
    erb :login
  end
 end
@ -154,7 +154,7 @@ post '/reset' do
    erb :reset
  else
    @user = User.find_by(email: params[:email])
-    if @user
+    if @user && active(@user)
      @reset = SecureRandom.uuid
      @user.reset = hash_password(@reset)
      @user.save
@ -174,7 +174,7 @@ get '/reset/:uuid' do
  User.where.not(reset: nil).each do |user|
    @user = user if verify_password(params[:uuid], user.reset)
  end
-  if @user
+  if @user && active(@user)
    erb :reset_change
  else
    erb :reset_invalid
@ -186,7 +186,7 @@ post '/reset/:uuid' do
  User.where.not(reset: nil).each do |user|
    @user = user if verify_password(params[:uuid], user.reset)
  end
-  if @user
+  if @user && active(@user)
    @errors = []
    if params[:password].empty?
      @errors << OpenStruct.new(:attribute => :password, :type => :blank)
@ -218,17 +218,35 @@ post '/logout' do
  redirect '/login'
 end

-get '/admin' do
-  require_admin
-  @users = User.all
-  @votes = Vote.all
-  erb :admin
+get '/users/:id' do
+  require_admin_or_self
+  erb :users_show
 end

-get '/admin/users/:id' do
+get '/users/:id/close' do
+  require_admin_or_self
+  require_active
+  erb :users_close
+end
+
+post '/users/:id/close' do
+  require_admin_or_self
+  require_active
+  @user.closed_at = Time.now.utc
+  @user.save
+  if is_admin
+    redirect "/users/#{@user.id}"
+  else
+    @closed = true
+    session.clear
+    erb :login
+  end
+end
+
+get '/admin' do
  require_admin
-  @user = User.find(params[:id])
-  erb :admin_users
+  @votes = Vote.all
+  erb :admin
 end

 get '/admin/users/:id/organizers/:vote/delete' do
@ -557,7 +575,7 @@ post '/votes/:id/organizers' do
    @errors << OpenStruct.new(:attribute => :email, :type => :invalid)
  else
    user = User.find_by(email: params[:email])
-    if not user
+    if not user or not active(user)
      @errors << OpenStruct.new(:attribute => :email, :type => :unknown)
      @params = params
    elsif @vote.users.exists?(user.id)
@ -585,7 +603,7 @@ def close_expired_votes
    puts "#{Time.now.utc} Closing vote \"#{vote.title}\" because it expired on #{vote.expire_on}..."
    vote.state = 'closed'
    vote.save
-    all_users_sorted.each do |user|
+    users_for_vote(vote).each do |user|
      puts "#{Time.now.utc} Sending results by email to #{user.email}..."
      mail = Mail.new
      mail.from = settings.admin_email
@ -603,7 +621,7 @@ def send_reminders
    settings.reminders.slice(vote.reminders..settings.reminders.length-1).each do |reminder|
      minutes_to_expiry = ( vote.expire_on - Time.now.utc ) / 60
      if minutes_to_expiry < reminder[:timeout] / 60
-        all_users_sorted.each do |user|
+        active_users.each do |user|
          if not vote.ratings.collect { |rating| rating.user }.include?(user)
            puts "#{Time.now.utc} Sending reminder #{reminder[:template]} for '#{vote.title}' to #{user.email}..."
            mail = Mail.new
@ -629,7 +647,13 @@ end
 helpers do
  def current_user
    if session[:user_id]
-      User.find(session[:user_id])
+      user = User.find(session[:user_id])
+      if active(user)
+        return user
+      else
+        session.clear
+        return nil
+      end
    elsif settings.spoof_admin
      session.clear
      session[:timezone] = 'UTC'
@ -652,6 +676,21 @@ helpers do
    redirect '/' unless is_admin
  end

+  def require_admin_or_self
+    require_login
+    find_user
+    redirect '/' unless is_admin or current_user == @user
+  end
+
+  def active(user)
+    user.closed_at.nil?
+  end
+
+  def require_active
+    find_user
+    redirect '/' unless active(@user)
+  end
+
  def find_vote
    @vote = Vote.find_by(secure_id: params[:id])
  end
@ -660,10 +699,43 @@ helpers do
    @candidate = Candidate.find(params[:cid])
  end

-  def all_users_sorted
+  def find_user
+    @user = User.find(params[:id])
+  end
+
+  def all_users
    User.all.each.sort_by { |user| user.email }
  end

+  def active_users(timestamp = Time.now.utc)
+    users = []
+    User.all.each do |user|
+      if user.created_at < timestamp and ( active(user) or user.closed_at > timestamp )
+        users << user
+      end
+    end
+    users.sort_by { |user| user.email }
+  end
+
+  def users_created_between(min, max)
+    users = []
+    User.all.each do |user|
+      if user.created_at > min and user.created_at < max
+        users << user
+      end
+    end
+    users.sort_by { |user| user.email }
+  end
+
+  def users_for_vote(vote)
+    # Users who were active when the vote was open (or created if not open yet)
+    # Users who were created between the vote was open and the vote was closed (or now if the vote is not closed yet)
+    min = vote.opened_at ? vote.opened_at : vote.created_at
+    max = vote.expire_on ? vote.expire_on : Time.now.utc
+    users = active_users(min) + users_created_between(min, max)
+    users.sort_by { |user| user.email }
+  end
+
  def require_candidate_in_vote
    redirect '/votes/' + @vote.secure_id unless @candidate.vote == @vote
  end
--- a/views/admin.erb
+++ b/views/admin.erb
@ -2,27 +2,44 @@

 <h2 class="mb-4"><%= _("Users") %></h2>

-<ul class="mb-5">
-<% @users.sort_by { |user| user.email }.each do |user| %>
-  <li>
-  <a href="/admin/users/<%= user.id %>"><%= user.email %></a>
-  </li>
-<% end %>
-</ul>
+<table class="table table-striped mb-5">
+  <thead>
+    <tr>
+      <th><%= _("Email") %></th>
+      <th><%= _("Created") %></th>
+      <th><%= _("Closed") %></th>
+      <th><%= _("Admin") %></th>
+      <th><%= _("Votes") %></th>
+      <th><%= _("Ratings") %></th>
+    </tr>
+  </thead>
+  <% all_users.each do |user| %>
+    <tr>
+      <td><a href="/users/<%= user.id %>"><%= user.email %></a></td>
+      <td><%= format_date(user.created_at) %></td>
+      <td><%= active(user) ? nil : format_date(user.closed_at) %></td>
+      <td><%= user.admin %></td>
+      <td><%= user.votes.length %></td>
+      <td><%= user.ratings.length %></td>
+    </tr>
+  <% end %>
+</table>

 <h2 class="mb-4"><%= _("Votes") %></h2>

 <table class="table table-striped mb-5">
  <thead>
    <tr>
-      <td></td>
-      <td></td>
+      <th><%= _("Created") %></th>
+      <th><%= _("Expired") %></th>
+      <th><%= _("State") %></th>
    </tr>
  </thead>
  <tbody>
    <% @votes.reverse.each do |vote| %>
      <tr>
        <td><%= format_date(vote.created_at) %></td>
+        <td><%= format_date(vote.expire_on) if vote.expire_on %></td>
        <td class="text-nowrap">
          <% case vote.state
             when 'draft' %>
--- a/views/layout.erb
+++ b/views/layout.erb
@ -40,7 +40,7 @@

      <div class="d-flex flex-wrap justify-content-end pe-3 py-3 mb-4">
        <% if current_user %>
-          <%= current_user.email %>
+          <a href="/users/<%= current_user.id %>"><%= current_user.email %></a>
        <% else %>
          &nbsp;
        <% end %>
--- a/views/login.erb
+++ b/views/login.erb
@ -1,8 +1,12 @@
 <h1 class="mb-5"><%= _("Login") %></h1>

+<% if @closed %>
+  <p class="alert alert-success mb-4"><%= _("Your account was closed successfully.") %></p>
+<% end %>
+
 <% if @error %>
  <div class="alert alert-warning mb-4">
-    <p><%= @error %></p>
+    <p><%= _("Incorrect email or password.") %></p>
    <p class="mb-0"><a href="/reset"><%= _("Reset password") %></a></p>
  </div>
 <% end %>
--- a/views/users_close.erb
+++ b/views/users_close.erb
@ -0,0 +1,11 @@
+<h1 class="mb-5"><%= _("Closing account %{email}") % { email: @user.email } %></h1>
+
+<p><%= _("Do you really want to close the account for %{email}?") % { email: @user.email } %></p>
+
+<p><%= _("Past votes and ratings created by this account will remain available, but the account will no longer be able to log in, create new votes, or participate in open votes.") %></p>
+
+<p><%= _("This action cannot be undone.") %></p>
+
+<form action="/users/<%= @user.id %>/close" method="post" class="mb-5">
+  <button type="submit" class="btn btn-danger"><%= _("Close account") %></button>
+</form>
--- a/views/admin_users.erb
+++ b/views/admin_users.erb
@ -1,12 +1,18 @@
-<h1 class="mb-5"><%= _("Admin") %></h1>
-
-<h2 class="mb-4"><%= @user.email %></h2>
+<h1 class="mb-5"><%= @user.email %></h1>

 <p><%= _("Created: %{date}") % { date: format_date(@user.created_at) } %></p>

 <p><%= _("Updated: %{date}") % { date: format_date(@user.updated_at) } %></p>

-<p class="mb-5"><%= _("Admin: %{admin}") % { admin: @user.admin ? _("Yes") : _("No") } %></p>
+<p><%= _("Admin: %{admin}") % { admin: @user.admin ? _("Yes") : _("No") } %></p>
+
+<% if @user.closed_at %>
+  <p class="mb-5"><%= _("Closed: %{date}") % { date: format_date(@user.closed_at) } %></p>
+<% else %>
+  <form action="/users/<%= @user.id %>/close" method="get" class="mb-5">
+    <button type="submit" class="btn btn-outline-danger"><%= _("Close account") %></button>
+  </form>
+<% end %>

 <h2 class="mb-4"><%= _("Organized votes") %></h2>

--- a/views/votes_show_closed.erb
+++ b/views/votes_show_closed.erb
@ -175,7 +175,7 @@
      <% end %>
    </tr>
  </thead>
-  <% all_users_sorted.each do |user| %>
+  <% users_for_vote(@vote).each do |user| %>
  <tr>
    <td><%= user.email %></td>
    <% @vote.candidates.each do |candidate| %>
--- a/views/votes_show_open.erb
+++ b/views/votes_show_open.erb
@ -66,7 +66,7 @@
 <h2 class="mb-4"><%= _("Participants") + " (#{@vote.ratings.collect { |rating| rating.user }.uniq.count})" %></h2>

 <ul class="mb-5">
-  <% all_users_sorted.each do |user| %>
+  <% users_for_vote(@vote).each do |user| %>
    <li>
      <% if @vote.ratings.collect { |rating| rating.user }.include?(user) %>
        <span>
Author	SHA1	Message	Date
ricola	e70279a1b2	Add headings	2026-04-21 22:37:38 -05:00
ricola	29bd105072	Allow closing accounts Closes #37	2026-04-21 22:37:25 -05:00
ricola	1acc369774	Move error message to view	2026-04-21 22:16:49 -05:00
ricola	267dc439f1	Allow user to see their profile page	2026-04-21 22:16:47 -05:00
ricola	b4e56645f6	Display users as table in admin panel	2026-04-21 22:15:21 -05:00