Fix the admin users UI.

1. The edit user page allows making a user an admin or an auditor. This creates
   a virtual attribute called `access_level` which can have `regular`, `admin`,
   or `auditor` as valid values.

2. The `access_level=` method was broken, which led to the page not accepting
   changes to a user's access level.

3. This commit fixes the issue and adds specs for `access_level=`

app/controllers/admin/users_controller.rb

@@ -175,7 +175,6 @@ class Admin::UsersController < Admin::ApplicationController
 
   def user_params_ce
     [
-      :access_level,
       :avatar,
       :bio,
       :can_create_group,
@@ -203,7 +202,8 @@ class Admin::UsersController < Admin::ApplicationController
 
   def user_params_ee
     [
-      :note
+      :note,
+      :access_level
     ]
   end
 end

app/models/ee/user.rb

@@ -17,10 +17,13 @@ module EE
     end
 
     def access_level=(new_level)
-      # new_level can be a symbol or a string
-      new_level = new_level.to_s
-      self.admin = (new_level == :admin)
-      self.auditor = (new_level == :auditor)
+      new_level = new_level.to_sym
+      return unless [:admin, :auditor, :regular].include?(new_level)
+
+      self.admin = self.auditor = false
+
+      self.admin = true if new_level == :admin
+      self.auditor = true if new_level == :auditor
     end
   end
 end

spec/models/user_spec.rb

@@ -1545,5 +1545,76 @@ describe User, models: true do
         expect(build(:user)).not_to be_auditor
       end
     end
+
+    context 'access_level=' do
+      let(:user) { build(:user) }
+
+      it 'does nothing for an invalid access level' do
+        user.access_level = :invalid_access_level
+
+        expect(user.access_level).to eq(:regular)
+        expect(user.admin).to be false
+        expect(user.auditor).to be false
+      end
+
+      it "assigns the 'admin' access level" do
+        user.access_level = :admin
+
+        expect(user.access_level).to eq(:admin)
+        expect(user.admin).to be true
+        expect(user.auditor).to be false
+      end
+
+      it "assigns the 'auditor' access level" do
+        user.access_level = :auditor
+
+        expect(user.access_level).to eq(:auditor)
+        expect(user.admin).to be false
+        expect(user.auditor).to be true
+      end
+
+      it "assigns the 'auditor' access level" do
+        user.access_level = :regular
+
+        expect(user.access_level).to eq(:regular)
+        expect(user.admin).to be false
+        expect(user.auditor).to be false
+      end
+
+      it "clears the 'admin' access level when a user is made an auditor" do
+        user.access_level = :admin
+        user.access_level = :auditor
+
+        expect(user.access_level).to eq(:auditor)
+        expect(user.admin).to be false
+        expect(user.auditor).to be true
+      end
+
+      it "clears the 'auditor' access level when a user is made an admin" do
+        user.access_level = :auditor
+        user.access_level = :admin
+
+        expect(user.access_level).to eq(:admin)
+        expect(user.admin).to be true
+        expect(user.auditor).to be false
+      end
+
+      it "doesn't clear existing access levels when an invalid access level is passed in" do
+        user.access_level = :admin
+        user.access_level = :invalid_access_level
+
+        expect(user.access_level).to eq(:admin)
+        expect(user.admin).to be true
+        expect(user.auditor).to be false
+      end
+
+      it "accepts string values in addition to symbols" do
+        user.access_level = 'admin'
+
+        expect(user.access_level).to eq(:admin)
+        expect(user.admin).to be true
+        expect(user.auditor).to be false
+      end
+    end
   end
 end