From 9429305733ee10d7dae371d3e70b3aec828fe590 Mon Sep 17 00:00:00 2001
From: Syphax bouazzouni <gs_bouazzouni@esi.dz>
Date: Thu, 21 Nov 2024 11:16:43 +0100
Subject: [PATCH] Fix: users edition and login_as  with the `@` symbol in there
 usernames (#857)

* fix username with the `@` in the usernames

* make the user edit as login as work
---
 app/controllers/application_controller.rb | 9 ++++++---
 app/controllers/users_controller.rb       | 1 +
 config/routes.rb                          | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1a8a3c827..c27651a48 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -253,12 +253,15 @@ def authorize_and_redirect
   end
 
   def authorize_admin
-    admin = session[:user] && session[:user].admin?
-    redirect_to_home unless admin
+    redirect_to_home unless current_user_admin?
   end
 
   def current_user_admin?
-    session[:user] && session[:user].admin?
+    session[:user]&.admin? || current_login_as_admin?
+  end
+
+  def current_login_as_admin?
+    session[:admin_user]&.admin?
   end
 
   def ontology_restricted?(acronym)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 520ab1b86..5b4eb817e 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -226,6 +226,7 @@ def unescape_id
 
   def verify_owner
     return if current_user_admin?
+
     if session[:user].nil? || (!session[:user].id.eql?(params[:id]) && !session[:user].username.eql?(params[:id]))
       redirect_to controller: 'login', action: 'index', redirect: "/accounts/#{params[:id]}"
     end
diff --git a/config/routes.rb b/config/routes.rb
index 0a06e8913..4894165a6 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -25,7 +25,7 @@
 
   resources :projects, constraints: { id: /[^\/]+/ }
 
-  resources :users, path: :accounts, constraints: { id: /[\d\w\.\-\%\+ ]+/ }
+  resources :users, path: :accounts, constraints: { id: /[\d\w\.\@\-\%\+ ]+/ }
 
   get '/users/subscribe/:username', to: 'users#subscribe'
   get '/users/un-subscribe/:email', to: 'users#un_subscribe'
@@ -204,7 +204,7 @@
   get '/lost_pass_success' => 'login#lost_password_success'
   get '/reset_password' => 'login#reset_password'
   post '/accounts/:id/custom_ontologies' => 'users#custom_ontologies', :as => :custom_ontologies
-  get '/login_as/:login_as' => 'login#login_as', constraints: { login_as: /[\d\w\.\-\%\+ ]+/ }
+  get '/login_as/:login_as' => 'login#login_as', constraints: { login_as: /[\d\w\.\@\-\%\+ ]+/ }
   post '/login/send_pass', to: 'login#send_pass'
 
   get '/groups' => 'taxonomy#index'