From 6c62294b9469d1d4d86a3689edc8fab47e1357a2 Mon Sep 17 00:00:00 2001 From: Gregor Billing Date: Fri, 18 Oct 2024 18:40:44 +0900 Subject: [PATCH] Fix permissions to show Avatar tab in 'Edit Profile' section --- app/models/user.rb | 14 +++++++++----- app/views/users/edit.html.erb | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 1f502155fa..7429d08d96 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -777,7 +777,10 @@ def can_edit_any_user? end def can_change_users_avatar?(user) - user.wca_id.present? && self.editable_fields_of_user(user).include?(:current_avatar) + # We use the ability to `remove_avatar` as a general check for whether edits are allowed. + # Otherwise, checking for competitions of `current_avatar` and `pending_avatar` might be + # too cumbersome depending on the context (ie depending on where this method is being called from) + self.editable_fields_of_user(user).include?(:remove_avatar) end def organizer_for?(user) @@ -1068,11 +1071,12 @@ def editable_fields_of_user(user) private def editable_avatar_fields(user) fields = Set.new - if admin? || results_team? - fields += %i(current_avatar) - end if user == self || admin? || results_team? || is_senior_delegate_for?(user) - fields += %i(pending_avatar) + fields += %i(pending_avatar avatar_thumbnail remove_avatar) + + if can_admin_results? + fields += %i(current_avatar) + end end fields end diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index f4ff17af6e..0d13521db3 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -177,7 +177,7 @@ userId: @user.id, showStaffGuidelines: @user.staff_or_any_delegate?, uploadDisabled: !editable_fields.include?(:pending_avatar), - canRemoveAvatar: @user.current_avatar.present? && editable_fields.include?(:current_avatar), + canRemoveAvatar: editable_fields.include?(:remove_avatar), canAdminAvatars: current_user.can_admin_results?, }) %>