Add ability to create new users in moderation interface

app/controllers/settings/users_controller.rb

@@ -1,5 +1,5 @@
 class Settings::UsersController < ApplicationController
-  before_action :get_user, except: [:index]
+  before_action :get_user, except: [:index, :new, :create]
   respond_to :html
 
   def index
@@ -11,10 +11,33 @@ def show
     render layout: "settings"
   end
 
+  def new
+    authorize(User)
+    @user = User.new
+    @user.send :assign_default_role
+    render layout: "settings"
+  end
+
   def edit
     render layout: "settings"
   end
 
+  def create
+    authorize(User)
+    password = helpers.random_password
+    # Create user with a random password if one isn't provided
+    @user = User.create({
+      password: password,
+      password_confirmation: password
+    }.merge(user_params))
+    if @user.valid?
+      @user.send_reset_password_instructions if SiteSettings.email_configured?
+      redirect_to [:settings, @user], notice: t(".success")
+    else
+      render "new", layout: "settings", status: :unprocessable_entity
+    end
+  end
+
   def update
     if @user.update(user_params)
       redirect_to [:settings, @user], notice: t(".success")

app/controllers/users/sessions_controller.rb

@@ -45,7 +45,7 @@ def auto_login_single_user
   end
 
   def create_admin_user
-    password = (SecureRandom.base64(32) + "!0aB").chars.shuffle.join
+    password = helpers.random_password
     u = User.create!(
       username: SecureRandom.hex(4),
       email: "root@localhost",

app/helpers/application_helper.rb

@@ -195,4 +195,8 @@ def problem_settings
   def needs_hiding?(thing)
     thing.sensitive && (current_user.nil? || current_user.sensitive_content_handling.present?)
   end
+
+  def random_password
+    (SecureRandom.base64(32) + "!0aB").chars.shuffle.join
+  end
 end

app/views/settings/users/_form.html.erb

@@ -3,6 +3,19 @@
   <%= text_input_row form, :username %>
   <%= text_input_row form, :email %>
 
+  <% if !user.persisted? %>
+    <% if SiteSettings.email_configured? %>
+      <div class="row mb-3 input-group">
+        <div class="alert alert-info">
+          <%= t(".password_reset_help") %>
+        </div>
+      </div>
+    <% else %>
+      <%= text_input_row form, :password %>
+      <%= text_input_row form, :password_confirmation %>
+    <% end %>
+  <% end %>
+
   <div class="row mb-3 input-group">
     <%= form.label :roles, class: "col-auto col-form-label" %>
     <div class="form-control col-auto">

app/views/settings/users/index.html.erb

@@ -24,3 +24,5 @@
     </tr>
   <% end %>
 </table>
+
+<%= link_to t(".new"), new_settings_user_path, class: "btn btn-primary" if policy(:user).new? %>

app/views/settings/users/new.html.erb

@@ -0,0 +1,3 @@
+<h3><%= t(".title") %></h3>
+
+<%= render "form", user: @user %>

config/locales/settings/en.yml

@@ -69,16 +69,22 @@ en:
     update:
       success: Settings saved.
     users:
+      create:
+        success: User created successfully.
       edit:
         title: 'Edit user: %{username}'
       form:
+        password_reset_help: A link will be sent automatically to the user for them to set their own password.
         submit: Save
       index:
         description: View and edit registered user accounts.
         fediverse_address: Fediverse address
         local: Local
+        new: New user
         title: Manage Users
         view: View
+      new:
+        title: Create user
       show:
         title: 'User details: %{username}'
       update:

spec/requests/settings/users_spec.rb

@@ -19,6 +19,13 @@
     end
   end
 
+  describe "GET /new", :as_moderator do
+    it "renders a successful response" do
+      get new_settings_user_url
+      expect(response).to be_successful
+    end
+  end
+
   describe "GET /edit", :as_moderator do
     let(:user) { create(:user) }
 
@@ -28,6 +35,36 @@
     end
   end
 
+  describe "POST /create", :as_moderator do
+    context "with valid parameters" do
+      it "creates a new Settings::User" do
+        expect {
+          post "/settings/users", params: {user: attributes_for(:user)}
+        }.to change(User, :count).by(1)
+      end
+
+      it "redirects to the created user" do
+        post "/settings/users", params: {user: attributes_for(:user)}
+        expect(response).to redirect_to(settings_user_url(User.last))
+      end
+    end
+
+    context "with invalid parameters" do
+      let(:invalid_attributes) { {email: "invalid"} }
+
+      it "does not create a new Settings::User" do
+        expect {
+          post "/settings/users", params: {user: invalid_attributes}
+        }.not_to change(User, :count)
+      end
+
+      it "renders a response with 422 status (i.e. to display the 'new' template)" do
+        post "/settings/users", params: {user: invalid_attributes}
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+  end
+
   describe "PATCH /update", :as_moderator do
     let(:user) { create(:user) }