Forbid password changing for CAS users

2ec5db6b · Daniel Gerhardt · 411d5e22 · 2ec5db6b · 2ec5db6b · 2ec5db6b
Commit 2ec5db6b authored Apr 14, 2015 by Daniel Gerhardt
3 changed files
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
 class PasswordsController < Devise::PasswordsController
  before_action :resource_from_email, only: [:create]
  before_action :prevent_ldap_reset,  only: [:create]
+  before_action :prevent_cas_reset,   only: [:create]
  before_action :throttle_reset,      only: [:create]

  def edit
@@ -45,6 +46,13 @@ def prevent_ldap_reset
      alert: "Cannot reset password for LDAP user."
  end

+  def prevent_cas_reset
+    return unless resource && resource.cas_user?
+
+    redirect_to after_sending_reset_password_instructions_path_for(resource_name),
+      alert: "Cannot reset password for CAS user."
+  end
+
  def throttle_reset
    return unless resource && resource.recently_sent_password_reset?


--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@@ -75,7 +75,7 @@ def determine_layout
  end

  def authorize_change_password!
-    return render_404 if @user.ldap_user?
+    return render_404 if @user.ldap_user? || @user.cas_user?
  end

  def user_params

--- a/app/views/layouts/nav/_profile.html.haml
+++ b/app/views/layouts/nav/_profile.html.haml
@@ -29,7 +29,7 @@
      = link_to profile_emails_path, title: 'Emails' do
        %span
          Emails
-    - unless current_user.ldap_user?
+    - unless current_user.ldap_user? || current_user.cas_user?
      = nav_link(controller: :passwords) do
        = link_to edit_profile_password_path, title: 'Password' do
          %span