[#124] Validate user status changes

app/models/user.rb

@@ -69,6 +69,7 @@ class User < Principal
   validates_length_of :mail, :maximum => 60, :allow_nil => true
   validates_confirmation_of :password, :allow_nil => true
   validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
+  validates_inclusion_of :status, :in => [STATUS_ANONYMOUS, STATUS_ACTIVE, STATUS_REGISTERED, STATUS_LOCKED]
 
   named_scope :in_group, lambda {|group|
     group_id = group.is_a?(Group) ? group.id : group.to_i
@@ -525,6 +526,24 @@ class User < Principal
     if !password.nil? && password.size < Setting.password_min_length.to_i
       errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
     end
+
+    # Status
+    if !new_record? && status_changed?
+      case status_was
+      when nil
+        # initial setting is always save
+        true
+      when STATUS_ANONYMOUS
+        # never allow a state change of the anonymous user
+        false
+      when STATUS_REGISTERED
+        [STATUS_ACTIVE, STATUS_LOCKED].include? status
+      when STATUS_ACTIVE
+        [STATUS_LOCKED].include? status
+      when STATUS_LOCKED
+        [STATUS_ACTIVE].include? status
+      end || errors.add(:status, :inclusion)
+    end
   end
 
   private

test/unit/user_test.rb

@@ -173,6 +173,14 @@ class UserTest < ActiveSupport::TestCase
     assert_equal nil, user
   end
 
+  def test_error_on_active_to_registered
+    user = User.try_to_login("jsmith", "jsmith")
+    assert_equal @jsmith, user
+
+    @jsmith.status = User::STATUS_REGISTERED
+    assert !@jsmith.save
+  end
+
   context ".try_to_login" do
     context "with good credentials" do
       should "return the user" do