Add Support form for users, with shadowban option

app/assets/stylesheets/closet_hangers/_index.sass

@@ -33,9 +33,12 @@ body.closet_hangers-index
     margin-left: 2em
     min-height: $icon-height
 
+    display: flex
+    gap: .5em
+    align-items: center
+
     a
       color: inherit
-      margin-right: .5em
       text-decoration: none
       &:hover
         text-decoration: underline

app/controllers/closet_hangers_controller.rb

@@ -218,8 +218,12 @@ class ClosetHangersController < ApplicationController
   def enforce_shadowban
     # If this user is shadowbanned, and this *doesn't* seem to be a request
     # from that user, render the 404 page.
-    if @user.shadowbanned? && !@user.likely_is?(current_user, request.remote_ip)
+    if @user.shadowbanned?
-      render file: "public/404.html", layout: false, status: :not_found
+      can_see = support_staff? ||
+        @user.likely_is?(current_user, request.remote_ip)
+      if !can_see
+        render file: "public/404.html", layout: false, status: :not_found
+      end
     end
   end
 

app/controllers/users_controller.rb

@@ -1,5 +1,6 @@
 class UsersController < ApplicationController
-  before_action :find_and_authorize_user!, :only => [:update]
+  before_action :find_and_authorize_user!, only: [:edit, :update]
+  before_action :support_staff_only, only: [:edit]
 
   def index # search, really
     name = params[:name]
@@ -16,6 +17,9 @@ class UsersController < ApplicationController
     @users = User.top_contributors.paginate :page => params[:page], :per_page => 20
   end
 
+  def edit
+  end
+
   def update
     @user.attributes = user_params
     success = @user.save
@@ -42,17 +46,24 @@ class UsersController < ApplicationController
 
   protected
 
+  ALLOWED_ATTRS = [
+    :owned_closet_hangers_visibility,
+    :wanted_closet_hangers_visibility,
+    :contact_neopets_connection_id,
+  ]
   def user_params
-    params.require(:user).permit(:owned_closet_hangers_visibility,
+    if support_staff?
-      :wanted_closet_hangers_visibility, :contact_neopets_connection_id)
+      params.require(:user).permit(
+        *ALLOWED_ATTRS, :name, :shadowbanned, :support_staff
+      )
+    else
+      params.require(:user).permit(*ALLOWED_ATTRS)
+    end
   end
 
   def find_and_authorize_user!
-    if current_user.id == params[:id].to_i
+    @user = User.find(params[:id])
-      @user = current_user
+    raise AccessDenied unless current_user == @user || support_staff?
-    else
-      raise AccessDenied
-    end
   end
 end
 

app/views/alt_styles/edit.html.haml

@@ -13,7 +13,7 @@
 
 = image_tag @alt_style.preview_image_url, class: "alt-style-preview"
 
-= support_form_with model: @alt_style, class: "support-form" do |f|
+= support_form_with model: @alt_style do |f|
 	= f.errors
 
 	= f.fields do

app/views/closet_hangers/index.html.haml

@@ -31,6 +31,14 @@
         = f.label :contact_neopets_connection_id
         = f.collection_select :contact_neopets_connection_id, @user.neopets_connections, :id, :neopets_username, {include_blank: true}, 'data-new-text' => t('.neopets_username.new'), 'data-new-prompt' => t('.neopets_username.prompt')
         = f.submit t('.neopets_username.submit')
+    - if support_staff?
+      = link_to "✏️ #{t('.support')}", edit_user_path(@user)
+
+- if support_staff? && @user.shadowbanned?
+  %p.warning
+    %strong 🕶️ Shadowbanned:
+    For most users, this page is hidden, but you can still see them because
+    you're Support staff.
 
 - unless public_perspective?
   %noscript

app/views/items/edit.html.haml

@@ -8,7 +8,7 @@
 	you change something, but it doesn't match what we're seeing on Neopets.com,
 	it will probably be reverted automatically when someone models it.
 
-= support_form_with model: @item, class: "support-form" do |f|
+= support_form_with model: @item do |f|
 	= f.errors
 
 	= f.fields do

app/views/users/edit.html.haml

@@ -0,0 +1,40 @@
+- title @user.name
+- use_responsive_design
+
+%ol.breadcrumbs
+	%li Users
+	%li= link_to @user.name, user_closet_hangers_path(@user)
+
+= support_form_with model: @user do |f|
+	= f.errors
+
+	= f.fields do
+		= f.field do
+			= f.label :name
+			= f.text_field :name
+
+		= f.radio_fieldset "Item list visibility" do
+			= f.radio_field do
+				= f.radio_button :shadowbanned, false
+				%strong 👁️ Visible:
+				Everyone can see page and trades
+			= f.radio_field do
+				= f.radio_button :shadowbanned, true
+				%strong 🕶️ Shadowbanned:
+				Page and trades hidden from other users/IPs
+
+		= f.radio_fieldset "Account role" do
+			= f.radio_field do
+				= f.radio_button :support_staff, false
+				%strong 👤 User:
+				Can manage their own data
+			= f.radio_field do
+				= f.radio_button :support_staff, true
+				%strong 💖 Support:
+				Can manage other users' data and customization data
+
+	= f.actions do
+		= f.submit "Save changes"
+
+- content_for :stylesheets do
+	= stylesheet_link_tag "application/breadcrumbs", "application/support-form"

config/locales/en.yml

@@ -95,6 +95,7 @@ en:
       item_search_submit: Search
       send_neomail: Neomail %{neopets_username}
       lookup: "%{neopets_username}'s lookup"
+      support: Support
       neopets_username:
         new: "Add username…"
         prompt: "What Neopets username should we add?"

config/routes.rb

@@ -55,7 +55,7 @@ OpenneoImpressItems::Application.routes.draw do
   get 'users/top_contributors' => redirect('/users/top-contributors')
 
   # User resources, like their item lists!
-  resources :users, :path => 'user', :only => [:index, :update] do
+  resources :users, :path => 'user', :only => [:index, :edit, :update] do
     resources :contributions, :only => [:index]
     resources :closet_hangers, :only => [:index, :update, :destroy], :path => 'closet' do
       collection do