wip

app/assets/stylesheets/hyku.scss

@@ -301,6 +301,21 @@ footer.navbar {
   }
 }
 
+#manage-users-table > tr > td> ul {
+  padding: 0 !important;
+  list-style-type: none;
+
+  li {
+    a > span {
+      color: red;
+    }
+
+    a:hover {
+      text-decoration: none;
+    }
+  }
+}
+
 .user-workflow-roles-table {
   td:nth-child(1),
   th:nth-child(1) {

app/controllers/roles_controller.rb

@@ -26,6 +26,20 @@ def update
     end
   end
 
+  def remove_role
+    user = User.find(params[:user_id])
+    role_name = params[:role_name]
+
+    if user && user.roles.exists?(name: role_name)
+      user.remove_role(role_name)
+      flash[:notice] = "Role '#{role_name}' was successfully removed from user #{user.email}."
+    else
+      flash[:alert] = "Failed to remove role '#{role_name}' from user #{user.email}."
+    end
+
+    redirect_back(fallback_location: root_path)
+  end
+
   protected
 
     def user_params

app/models/ability.rb

@@ -25,6 +25,15 @@ class Ability
     self.ability_logic += %i[everyone_can_create_curation_concerns]
   end
 
+  def initialize(user)
+    super(user) # Calls Hydra::Ability's initialize method
+
+    if user.has_role? "user_manager", Site.instance
+      can :manage, User
+      can :manage, Role
+    end
+  end
+
   # OVERRIDE METHOD from blacklight-access_controls v0.6.2
   #
   # NOTE: DO NOT RENAME THIS METHOD - it is required for permissions to function properly.

app/presenters/hyrax/admin/users_presenter.rb

@@ -18,6 +18,18 @@ def user_roles(user)
         user.ability.all_user_and_group_roles
       end
 
+      # @return [Array] an array of user group role names
+      def user_group_roles(user)
+        user.group_roles.map(&:name)
+      end
+
+      # @return [Array] an array of user added role names
+      def user_site_roles(user)
+        # if the user has a group role that is the same as the site role, we don't want to show the site role
+        # because if it shows up as a site role and we can delete it, it will cause funky behavior
+        user.site_roles.map(&:name) - user_group_roles(user)
+      end
+
       def user_groups(user)
         user.hyrax_groups
       end

app/views/hyrax/admin/users/index.html.erb

@@ -46,15 +46,16 @@
             <th></th>
             <th><%= t('.id_label') %></th>
             <th><%= t('.group_label') %></th>
-            <th><%= t('.role_label') %></th>
+            <th><%= t('.group_role_label') %></th>
+            <th><%= t('.site_role_label') %></th>
             <th><%= t('.access_label') %></th>
             <th><%= t('.status_label') %></th>
             <% if can? :destroy, User %>
             <th><%= t('.action_label') %></th>
             <% end %>
           </tr>
         </thead>
-        <tbody>
+        <tbody id="manage-users-table">
           <% @presenter.users.each do |user| %>
             <tr id="<%= user.email.parameterize %>">
               <td><%= link_to hyrax.user_path(user) do %>
@@ -71,12 +72,28 @@
                   </ul>
               </td>
 
-              <td class="roles"><% roles = @presenter.user_roles(user) %>
+              <td class="roles"><% roles = @presenter.user_group_roles(user) %>
                   <ul><% roles.each do |role| %>
                     <li><%= role.titleize %></li>
                     <% end %>
                   </ul>
               </td>
+
+              <td class="roles"><% roles = @presenter.user_site_roles(user) %>
+                <ul>
+                  <% roles.each do |role| %>
+                    <li>
+                      <%= role.titleize %>
+                      <%= link_to main_app.remove_role_site_roles_path(user_id: user.id, role_name: role), method: :delete, data: { confirm: t('hyrax.admin.users.roles.remove.confirmation', user: user.email, role: role.titleize) } do %>
+                        <% if can?(:edit, User) && role != 'admin' %>
+                          <span class="glyphicon glyphicon-remove"></span>
+                        <% end %>
+                      <% end %>
+                    </li>
+                  <% end %>
+                </ul>
+              </td>
+
               <td>
                 <%# in the case that a user is created who never signs in, this is necessary %>
                 <relative-time datetime="<%= @presenter.last_accessed(user).getutc.iso8601 %>" title="<%= @presenter.last_accessed(user).to_formatted_s(:standard) %>">

config/locales/en.yml

@@ -270,6 +270,9 @@ en:
             active: Active
             pending: Pending
           status_label: Status
+        roles:
+          remove:
+            confirmation: Are you sure you want to remove the role "%{role}" from the user "%{user}"?
   permissions:
     collections:
       cannot:

config/locales/hyrax.en.yml

@@ -256,8 +256,9 @@ en:
             one: There is <b>%{count} user</b> in this repository.
             other: There are <b>%{count} users</b> in this repository.
           id_label: Username
-          role_label: Roles
           group_label: Groups
+          group_role_label: Group roles
+          site_role_label: Site roles
           title: Manage Users
           reader_title: View Users
       workflow_roles:

config/routes.rb

@@ -54,8 +54,11 @@
   get 'status', to: 'status#index'
 
   mount BrowseEverything::Engine => '/browse'
+
   resource :site, only: [:update] do
-    resources :roles, only: %i[index update]
+    resources :roles, only: %i[index update] do
+      delete 'remove_role/:user_id/:role_name', on: :collection, to: 'roles#remove_role', as: :remove_role
+    end
     resource :labels, only: %i[edit update]
   end