Adds the ability for users to delete their own account (#10664). Can be disabled in application settings.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9417 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
638583012a
commit
28f0c4f131
|
@ -131,14 +131,6 @@ class AccountController < ApplicationController
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def logout_user
|
|
||||||
if User.current.logged?
|
|
||||||
cookies.delete :autologin
|
|
||||||
Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
|
|
||||||
self.logged_user = nil
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def authenticate_user
|
def authenticate_user
|
||||||
if Setting.openid? && using_open_id?
|
if Setting.openid? && using_open_id?
|
||||||
open_id_authenticate(params[:openid_url])
|
open_id_authenticate(params[:openid_url])
|
||||||
|
|
|
@ -126,6 +126,15 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Logs out current user
|
||||||
|
def logout_user
|
||||||
|
if User.current.logged?
|
||||||
|
cookies.delete :autologin
|
||||||
|
Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
|
||||||
|
self.logged_user = nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# check if login is globally required to access the application
|
# check if login is globally required to access the application
|
||||||
def check_if_login_required
|
def check_if_login_required
|
||||||
# no check needed if user is already logged in
|
# no check needed if user is already logged in
|
||||||
|
|
|
@ -65,6 +65,24 @@ class MyController < ApplicationController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Destroys user's account
|
||||||
|
def destroy
|
||||||
|
@user = User.current
|
||||||
|
unless @user.own_account_deletable?
|
||||||
|
redirect_to :action => 'account'
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
if request.post? && params[:confirm]
|
||||||
|
@user.destroy
|
||||||
|
if @user.destroyed?
|
||||||
|
logout_user
|
||||||
|
flash[:notice] = l(:notice_account_deleted)
|
||||||
|
end
|
||||||
|
redirect_to home_path
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# Manage user's password
|
# Manage user's password
|
||||||
def password
|
def password
|
||||||
@user = User.current
|
@user = User.current
|
||||||
|
|
|
@ -482,6 +482,12 @@ class User < Principal
|
||||||
allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
|
allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Returns true if the user is allowed to delete his own account
|
||||||
|
def own_account_deletable?
|
||||||
|
Setting.unsubscribe? &&
|
||||||
|
(!admin? || User.active.first(:conditions => ["admin = ? AND id <> ?", true, id]).present?)
|
||||||
|
end
|
||||||
|
|
||||||
safe_attributes 'login',
|
safe_attributes 'login',
|
||||||
'firstname',
|
'firstname',
|
||||||
'lastname',
|
'lastname',
|
||||||
|
|
|
@ -3,6 +3,9 @@
|
||||||
<p><%=l(:field_login)%>: <strong><%= link_to_user(@user, :format => :username) %></strong><br />
|
<p><%=l(:field_login)%>: <strong><%= link_to_user(@user, :format => :username) %></strong><br />
|
||||||
<%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
|
<%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
|
||||||
|
|
||||||
|
<% if @user.own_account_deletable? %>
|
||||||
|
<p><%= link_to(l(:button_delete_my_account), {:action => 'destroy'}, :class => 'icon icon-del') %></p>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
<h4><%= l(:label_feeds_access_key) %></h4>
|
<h4><%= l(:label_feeds_access_key) %></h4>
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
<h2><%=l(:label_confirmation)%></h2>
|
||||||
|
<div class="warning">
|
||||||
|
<p><%= simple_format l(:text_account_destroy_confirmation)%></p>
|
||||||
|
<p>
|
||||||
|
<% form_tag({}) do %>
|
||||||
|
<label><%= check_box_tag 'confirm', 1 %> <%= l(:general_text_Yes) %></label>
|
||||||
|
<%= submit_tag l(:button_delete_my_account) %> |
|
||||||
|
<%= link_to l(:button_cancel), :action => 'account' %>
|
||||||
|
<% end %>
|
||||||
|
</p>
|
||||||
|
</div>
|
|
@ -10,6 +10,8 @@
|
||||||
[l(:label_registration_manual_activation), "2"],
|
[l(:label_registration_manual_activation), "2"],
|
||||||
[l(:label_registration_automatic_activation), "3"]] %></p>
|
[l(:label_registration_automatic_activation), "3"]] %></p>
|
||||||
|
|
||||||
|
<p><%= setting_check_box :unsubscribe %></p>
|
||||||
|
|
||||||
<p><%= setting_text_field :password_min_length, :size => 6 %></p>
|
<p><%= setting_text_field :password_min_length, :size => 6 %></p>
|
||||||
|
|
||||||
<p><%= setting_check_box :lost_password, :label => :label_password_lost %></p>
|
<p><%= setting_check_box :lost_password, :label => :label_password_lost %></p>
|
||||||
|
|
|
@ -173,6 +173,7 @@ en:
|
||||||
notice_gantt_chart_truncated: "The chart was truncated because it exceeds the maximum number of items that can be displayed (%{max})"
|
notice_gantt_chart_truncated: "The chart was truncated because it exceeds the maximum number of items that can be displayed (%{max})"
|
||||||
notice_issue_successful_create: "Issue %{id} created."
|
notice_issue_successful_create: "Issue %{id} created."
|
||||||
notice_issue_update_conflict: "The issue has been updated by an other user while you were editing it."
|
notice_issue_update_conflict: "The issue has been updated by an other user while you were editing it."
|
||||||
|
notice_account_deleted: "Your account has been permanently deleted."
|
||||||
|
|
||||||
error_can_t_load_default_data: "Default configuration could not be loaded: %{value}"
|
error_can_t_load_default_data: "Default configuration could not be loaded: %{value}"
|
||||||
error_scm_not_found: "The entry or revision was not found in the repository."
|
error_scm_not_found: "The entry or revision was not found in the repository."
|
||||||
|
@ -383,6 +384,7 @@ en:
|
||||||
setting_issue_group_assignment: Allow issue assignment to groups
|
setting_issue_group_assignment: Allow issue assignment to groups
|
||||||
setting_default_issue_start_date_to_creation_date: Use current date as start date for new issues
|
setting_default_issue_start_date_to_creation_date: Use current date as start date for new issues
|
||||||
setting_commit_cross_project_ref: Allow issues of all the other projects to be referenced and fixed
|
setting_commit_cross_project_ref: Allow issues of all the other projects to be referenced and fixed
|
||||||
|
setting_unsubscribe: Allow users to unsubscribe
|
||||||
|
|
||||||
permission_add_project: Create project
|
permission_add_project: Create project
|
||||||
permission_add_subprojects: Create subprojects
|
permission_add_subprojects: Create subprojects
|
||||||
|
@ -894,6 +896,7 @@ en:
|
||||||
button_show: Show
|
button_show: Show
|
||||||
button_edit_section: Edit this section
|
button_edit_section: Edit this section
|
||||||
button_export: Export
|
button_export: Export
|
||||||
|
button_delete_my_account: Delete my account
|
||||||
|
|
||||||
status_active: active
|
status_active: active
|
||||||
status_registered: registered
|
status_registered: registered
|
||||||
|
@ -978,6 +981,7 @@ en:
|
||||||
text_issue_conflict_resolution_overwrite: "Apply my changes anyway (previous notes will be kept but some changes may be overwritten)"
|
text_issue_conflict_resolution_overwrite: "Apply my changes anyway (previous notes will be kept but some changes may be overwritten)"
|
||||||
text_issue_conflict_resolution_add_notes: "Add my notes and discard my other changes"
|
text_issue_conflict_resolution_add_notes: "Add my notes and discard my other changes"
|
||||||
text_issue_conflict_resolution_cancel: "Discard all my changes and redisplay %{link}"
|
text_issue_conflict_resolution_cancel: "Discard all my changes and redisplay %{link}"
|
||||||
|
text_account_destroy_confirmation: "Are you sure you want to proceed?\nYour account will be permanently deleted, with no way to reactivate it."
|
||||||
|
|
||||||
default_role_manager: Manager
|
default_role_manager: Manager
|
||||||
default_role_developer: Developer
|
default_role_developer: Developer
|
||||||
|
|
|
@ -188,6 +188,7 @@ fr:
|
||||||
notice_gantt_chart_truncated: "Le diagramme a été tronqué car il excède le nombre maximal d'éléments pouvant être affichés (%{max})"
|
notice_gantt_chart_truncated: "Le diagramme a été tronqué car il excède le nombre maximal d'éléments pouvant être affichés (%{max})"
|
||||||
notice_issue_successful_create: "La demande %{id} a été créée."
|
notice_issue_successful_create: "La demande %{id} a été créée."
|
||||||
notice_issue_update_conflict: "La demande a été mise à jour par un autre utilisateur pendant que vous la modifiez."
|
notice_issue_update_conflict: "La demande a été mise à jour par un autre utilisateur pendant que vous la modifiez."
|
||||||
|
notice_account_deleted: "Votre compte a été définitivement supprimé."
|
||||||
|
|
||||||
error_can_t_load_default_data: "Une erreur s'est produite lors du chargement du paramétrage : %{value}"
|
error_can_t_load_default_data: "Une erreur s'est produite lors du chargement du paramétrage : %{value}"
|
||||||
error_scm_not_found: "L'entrée et/ou la révision demandée n'existe pas dans le dépôt."
|
error_scm_not_found: "L'entrée et/ou la révision demandée n'existe pas dans le dépôt."
|
||||||
|
@ -379,6 +380,7 @@ fr:
|
||||||
setting_issue_group_assignment: Permettre l'assignement des demandes aux groupes
|
setting_issue_group_assignment: Permettre l'assignement des demandes aux groupes
|
||||||
setting_default_issue_start_date_to_creation_date: Donner à la date de début d'une nouvelle demande la valeur de la date du jour
|
setting_default_issue_start_date_to_creation_date: Donner à la date de début d'une nouvelle demande la valeur de la date du jour
|
||||||
setting_commit_cross_project_ref: Permettre le référencement et la résolution des demandes de tous les autres projets
|
setting_commit_cross_project_ref: Permettre le référencement et la résolution des demandes de tous les autres projets
|
||||||
|
setting_unsubscribe: Permettre aux utilisateurs de se désinscrire
|
||||||
|
|
||||||
permission_add_project: Créer un projet
|
permission_add_project: Créer un projet
|
||||||
permission_add_subprojects: Créer des sous-projets
|
permission_add_subprojects: Créer des sous-projets
|
||||||
|
@ -868,6 +870,7 @@ fr:
|
||||||
button_show: Afficher
|
button_show: Afficher
|
||||||
button_edit_section: Modifier cette section
|
button_edit_section: Modifier cette section
|
||||||
button_export: Exporter
|
button_export: Exporter
|
||||||
|
button_delete_my_account: Supprimer mon compte
|
||||||
|
|
||||||
status_active: actif
|
status_active: actif
|
||||||
status_registered: enregistré
|
status_registered: enregistré
|
||||||
|
@ -934,6 +937,7 @@ fr:
|
||||||
text_issue_conflict_resolution_overwrite: "Appliquer quand même ma mise à jour (les notes précédentes seront conservées mais des changements pourront être écrasés)"
|
text_issue_conflict_resolution_overwrite: "Appliquer quand même ma mise à jour (les notes précédentes seront conservées mais des changements pourront être écrasés)"
|
||||||
text_issue_conflict_resolution_add_notes: "Ajouter mes notes et ignorer mes autres changements"
|
text_issue_conflict_resolution_add_notes: "Ajouter mes notes et ignorer mes autres changements"
|
||||||
text_issue_conflict_resolution_cancel: "Annuler ma mise à jour et réafficher %{link}"
|
text_issue_conflict_resolution_cancel: "Annuler ma mise à jour et réafficher %{link}"
|
||||||
|
text_account_destroy_confirmation: "Êtes-vous sûr de vouloir continuer ?\nVotre compte sera définitivement supprimé, sans aucune possibilité de le réactiver."
|
||||||
|
|
||||||
default_role_manager: "Manager "
|
default_role_manager: "Manager "
|
||||||
default_role_developer: "Développeur "
|
default_role_developer: "Développeur "
|
||||||
|
|
|
@ -78,6 +78,8 @@ ActionController::Routing::Routes.draw do |map|
|
||||||
|
|
||||||
map.connect 'my/account', :controller => 'my', :action => 'account',
|
map.connect 'my/account', :controller => 'my', :action => 'account',
|
||||||
:conditions => {:method => [:get, :post]}
|
:conditions => {:method => [:get, :post]}
|
||||||
|
map.connect 'my/account/destroy', :controller => 'my', :action => 'destroy',
|
||||||
|
:conditions => {:method => [:get, :post]}
|
||||||
map.connect 'my/page', :controller => 'my', :action => 'page',
|
map.connect 'my/page', :controller => 'my', :action => 'page',
|
||||||
:conditions => {:method => :get}
|
:conditions => {:method => :get}
|
||||||
# Redirects to my/page
|
# Redirects to my/page
|
||||||
|
|
|
@ -31,6 +31,8 @@ self_registration:
|
||||||
default: '2'
|
default: '2'
|
||||||
lost_password:
|
lost_password:
|
||||||
default: 1
|
default: 1
|
||||||
|
unsubscribe:
|
||||||
|
default: 1
|
||||||
password_min_length:
|
password_min_length:
|
||||||
format: int
|
format: int
|
||||||
default: 4
|
default: 4
|
||||||
|
|
|
@ -84,6 +84,45 @@ class MyControllerTest < ActionController::TestCase
|
||||||
assert user.groups.empty?
|
assert user.groups.empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_my_account_should_show_destroy_link
|
||||||
|
get :account
|
||||||
|
assert_select 'a[href=/my/account/destroy]'
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_get_destroy_should_display_the_destroy_confirmation
|
||||||
|
get :destroy
|
||||||
|
assert_response :success
|
||||||
|
assert_template 'destroy'
|
||||||
|
assert_select 'form[action=/my/account/destroy]' do
|
||||||
|
assert_select 'input[name=confirm]'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_post_destroy_without_confirmation_should_not_destroy_account
|
||||||
|
assert_no_difference 'User.count' do
|
||||||
|
post :destroy
|
||||||
|
end
|
||||||
|
assert_response :success
|
||||||
|
assert_template 'destroy'
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_post_destroy_without_confirmation_should_destroy_account
|
||||||
|
assert_difference 'User.count', -1 do
|
||||||
|
post :destroy, :confirm => '1'
|
||||||
|
end
|
||||||
|
assert_redirected_to '/'
|
||||||
|
assert_match /deleted/i, flash[:notice]
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_post_destroy_with_unsubscribe_not_allowed_should_not_destroy_account
|
||||||
|
User.any_instance.stubs(:own_account_deletable?).returns(false)
|
||||||
|
|
||||||
|
assert_no_difference 'User.count' do
|
||||||
|
post :destroy, :confirm => '1'
|
||||||
|
end
|
||||||
|
assert_redirected_to '/my/account'
|
||||||
|
end
|
||||||
|
|
||||||
def test_change_password
|
def test_change_password
|
||||||
get :password
|
get :password
|
||||||
assert_response :success
|
assert_response :success
|
||||||
|
|
|
@ -25,6 +25,12 @@ class RoutingMyTest < ActionController::IntegrationTest
|
||||||
{ :controller => 'my', :action => 'account' }
|
{ :controller => 'my', :action => 'account' }
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
["get", "post"].each do |method|
|
||||||
|
assert_routing(
|
||||||
|
{ :method => method, :path => "/my/account/destroy" },
|
||||||
|
{ :controller => 'my', :action => 'destroy' }
|
||||||
|
)
|
||||||
|
end
|
||||||
assert_routing(
|
assert_routing(
|
||||||
{ :method => 'get', :path => "/my/page" },
|
{ :method => 'get', :path => "/my/page" },
|
||||||
{ :controller => 'my', :action => 'page' }
|
{ :controller => 'my', :action => 'page' }
|
||||||
|
|
|
@ -770,7 +770,34 @@ class UserTest < ActiveSupport::TestCase
|
||||||
user.auth_source = denied_auth_source
|
user.auth_source = denied_auth_source
|
||||||
assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
|
assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_own_account_deletable_should_be_true_with_unsubscrive_enabled
|
||||||
|
with_settings :unsubscribe => '1' do
|
||||||
|
assert_equal true, User.find(2).own_account_deletable?
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_own_account_deletable_should_be_false_with_unsubscrive_disabled
|
||||||
|
with_settings :unsubscribe => '0' do
|
||||||
|
assert_equal false, User.find(2).own_account_deletable?
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_own_account_deletable_should_be_false_for_a_single_admin
|
||||||
|
User.delete_all(["admin = ? AND id <> ?", true, 1])
|
||||||
|
|
||||||
|
with_settings :unsubscribe => '1' do
|
||||||
|
assert_equal false, User.find(1).own_account_deletable?
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_own_account_deletable_should_be_true_for_an_admin_if_other_admin_exists
|
||||||
|
User.generate_with_protected(:admin => true)
|
||||||
|
|
||||||
|
with_settings :unsubscribe => '1' do
|
||||||
|
assert_equal true, User.find(1).own_account_deletable?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context "#allowed_to?" do
|
context "#allowed_to?" do
|
||||||
|
|
Loading…
Reference in New Issue