Allow admins to edit user profiles
Description
Attachments
Activity
User can now edit username/use all the other buttons, admin is correctly getting punted with the error message. I also vote for letting the period wait until i18n.
I think it’s fine to wait until i18n – I didn’t notice anything else.
The success message is blue “Your profile has been successfully updated” without a period.
I can fix that if there are other changes to be made. Otherwise, we’ll deal with it when we handle i18n.
'Change user name' gives me a 500 error--not sure if that's something Staging-specific?
Yeah, that was a temporary issue because we haven’t run the migration necessary for https://otwarchive.atlassian.net/browse/AO3-6146, but that should be fixed now.
If nothing else, I think this is good to go.
With no change (to other fields), could not save (and there was no activities log update) if:
Used the wrong format of ticket number (got an error pointing at the ticket number saying it must be a number)
With no change made, successfully saved (given a 'profile successfully updated' blue success message) and did not update Activities log when saving:
without a ticket number
with a non-existent ticket number
with an open non-spam PAC ticket number
With a change made, could not save (and there was no Activities log update) if:
No ticket number (got an error pointing at the ticket number saying it's mandatory)
The Title, Location, or About Me were over their character limits (got an error pointing at whichever field it was with the character limit)
Date of Birth would make them younger than 13, to the day (got an error message saying you must be over 13)
Non-existent ticket (got an error message saying it must exist and not be spam)
Closed spam ticket (got an error message saying it must exist and not be spam)
Open unassigned spam ticket (got an error message saying it must exist and not be spam)
Open assigned spam ticket (got an error message saying it must exist and not be spam)
Open Ticket fenced to Support (got an error message saying it must be in my department)
Closed Support ticket (got an error message saying it must not be closed)
Non-spam PAC ticket, closed (got an error message saying it must not be closed)
With a change made, Updated successfully (got the success message) (and got an Activities log update)
Unassigned PAC ticket with a status of Open
Unassigned PAC ticket with a status of Secondary Ticket
Assigned PAC ticket with a status of Needs Advice
Open unassigned ticket that used to be marked as spam but has been marked as no longer spam (had to wait about a minute; initially got an error message saying it must exist and not be spam)
I can use the same ticket multiple times successfully.
From the Activities log, clicking on 'Target' sent me to the user's dashboard. Clicking on the datestamp to get into the item gives a summary with the correct ticket ID, which links to the correct ticket in Zoho.
No updates are made on the user's Admin page.
Dates on the birthdate field corrected properly (e.g. setting to February 30th made it save as March 2nd). Setting a year, and leaving the month and day blank, blanked out the entire birthdate.
Trying to hit any of the other four buttons at the top to edit pseud, icon, username, password, or email gives a lack of permission error and boots me to the user's dash.
When logged in as a regular user, updating the profile all works normally. The 'edit default pseud and icon', 'change password', and 'change email' buttons at the top all work normally. 'Change user name' gives me a 500 error--not sure if that's something Staging-specific?
As PAC admin:
closed spam ticket, no edits: success, no activities log
closed spam ticket, edits: Ticket ID must exist and not be spam.
open spam ticket, no edits: success, no activities log
open spam ticket, edits: Ticket ID must exist and not be spam.
ticket that was merged into another ticket and therefore no longer exists, no edits: success, no activities log
ticket that was merged into another ticket and therefore no longer exists, edits: Ticket ID must exist and not be spam.
(didn’t matter whether the parent ticket was closed or open)
closed Support ticket, no edits: success, no activities log
closed Support ticket, edits: Ticket ID must not be closed.
open Support ticket, no edits: success, no activities log
open Support ticket, edits: Ticket ID must be in your department.
closed unassigned ticket, no edits: success, no activities log
closed unassigned ticket, edits: Ticket ID must not be closed.
open unassigned ticket, no edits: success, no activities log
open unassigned ticket, edits: success, activities log links to correct Zoho ticket
closed assigned ticket, no edits: success, no activities log
closed assigned ticket, edits: Ticket ID must not be closed.
open assigned ticket, no edits: success, no activities log
open assigned ticket, edits: success, activities log links to correct Zoho ticket
I can reuse an open ticket multiple times. I can reuse that same ticket on more than one user. I can use multiple tickets on the same user.
Activities log looks identical regardless of type of edit, and continue to link to the Zoho ticket.
The “Must be present.” and “Must be a number!” popups work as they did last time.
Inputting more than 255 characters in the Title or Location fields: tiny popup: Must be less than 255 letters long.
Inputting more than 2000 characters in the Description field: tiny popup: Must be less than 2000 letters long.
Setting their birthdate to anything in 2010 (not sure why that’s an option prior to January 2023) or the latter half of 2009: You must be over 13.
The success message is blue “Your profile has been successfully updated” without a period.
I can see the other edit profile buttons (pseud/icon, username, password, email) which all redirect to that user’s dash with the “Sorry, you don't have permission to access the page you were trying to reach. Please log in.” message. (as expected)
The user’s admin page shows no changes as a result of this editing. (as expected)
I think it’s good now?
Note: This issue can only be handled by AD&T staff as it requires access to some Zoho API info that cannot be shared outside the org.
If you're logged in as an admin with the role policy_and_abuse or superadmin and you go to a user's profile page, you should
be able to see the "Edit My Profile" link
follow said link to the edit page
On the edit page, there should be an "Ticket ID (required)" field at the bottom of the form. This field should only be present for admins. It should have a footnote specifying only numbers should be entered.
We should use Zoho's API to validate that a ticket with the given number exists.
If no number is provided, it should not save the change and should give the admin an error saying the field cannot be blank.
If a ticket with the number does not exist, the admin should not be able to save changes and should get an error message saying "Ticket ID must exist."
If a ticket with the number does exist, the change should be saved and a new admin activity log item should be created and displayed on the Activities admin page:
the target should say "User [login]" and should link to the user's profile
the summary should say "Ticket #000", and it should link to the relevant ticket on Zoho (we don't want to record a summary of the text before the change because profiles include personal information subject to privacy laws)
the time of the change and the name of the admin who made the change should also be recorded