Fix: users edition and login_as with the @ symbol in there usernames (

#857)

* fix username with the `@` in the usernames

* make the user edit as login as work

app/controllers/application_controller.rb

@@ -253,12 +253,15 @@ def authorize_and_redirect
   end
 
   def authorize_admin
-    admin = session[:user] && session[:user].admin?
-    redirect_to_home unless admin
+    redirect_to_home unless current_user_admin?
   end
 
   def current_user_admin?
-    session[:user] && session[:user].admin?
+    session[:user]&.admin? || current_login_as_admin?
+  end
+
+  def current_login_as_admin?
+    session[:admin_user]&.admin?
   end
 
   def ontology_restricted?(acronym)

app/controllers/users_controller.rb

@@ -226,6 +226,7 @@ def unescape_id
 
   def verify_owner
     return if current_user_admin?
+
     if session[:user].nil? || (!session[:user].id.eql?(params[:id]) && !session[:user].username.eql?(params[:id]))
       redirect_to controller: 'login', action: 'index', redirect: "/accounts/#{params[:id]}"
     end

config/routes.rb

@@ -25,7 +25,7 @@
 
   resources :projects, constraints: { id: /[^\/]+/ }
 
-  resources :users, path: :accounts, constraints: { id: /[\d\w\.\-\%\+ ]+/ }
+  resources :users, path: :accounts, constraints: { id: /[\d\w\.\@\-\%\+ ]+/ }
 
   get '/users/subscribe/:username', to: 'users#subscribe'
   get '/users/un-subscribe/:email', to: 'users#un_subscribe'
@@ -204,7 +204,7 @@
   get '/lost_pass_success' => 'login#lost_password_success'
   get '/reset_password' => 'login#reset_password'
   post '/accounts/:id/custom_ontologies' => 'users#custom_ontologies', :as => :custom_ontologies
-  get '/login_as/:login_as' => 'login#login_as', constraints: { login_as: /[\d\w\.\-\%\+ ]+/ }
+  get '/login_as/:login_as' => 'login#login_as', constraints: { login_as: /[\d\w\.\@\-\%\+ ]+/ }
   post '/login/send_pass', to: 'login#send_pass'
 
   get '/groups' => 'taxonomy#index'