[#124] Allow to delete users with STATE_REGISTERED
This commit is contained in:
parent
fc84783de1
commit
54b4fdf1aa
|
@ -15,8 +15,8 @@ class UsersController < ApplicationController
|
|||
layout 'admin'
|
||||
|
||||
before_filter :require_admin, :except => :show
|
||||
before_filter :find_user, :only => [:show, :edit, :update, :edit_membership, :destroy_membership]
|
||||
accept_key_auth :index, :show, :create, :update
|
||||
before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
|
||||
accept_key_auth :index, :show, :create, :update, :destroy
|
||||
|
||||
include SortHelper
|
||||
include CustomFieldsHelper
|
||||
|
@ -177,6 +177,24 @@ class UsersController < ApplicationController
|
|||
redirect_to :controller => 'users', :action => 'edit', :id => @user
|
||||
end
|
||||
|
||||
verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
|
||||
def destroy
|
||||
# Only allow to delete users with STATUS_REGISTERED for now
|
||||
# It is assumed that these users are not yet references in any way
|
||||
# from other objects.
|
||||
return render_403 unless @user.deletable?
|
||||
|
||||
@user.destroy
|
||||
respond_to do |format|
|
||||
format.html {
|
||||
flash[:notice] = l(:notice_successful_delete)
|
||||
redirect_back_or_default(:action => 'index')
|
||||
}
|
||||
format.api { head :ok }
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def edit_membership
|
||||
@membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
|
||||
@membership.save if request.post?
|
||||
|
|
|
@ -36,13 +36,26 @@ module UsersHelper
|
|||
def change_status_link(user)
|
||||
url = {:controller => 'users', :action => 'update', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
|
||||
|
||||
links = []
|
||||
if user.locked?
|
||||
link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
|
||||
links << link_to(l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock')
|
||||
elsif user.registered?
|
||||
link_to l(:button_activate), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
|
||||
links << link_to(l(:button_activate), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock')
|
||||
elsif user != User.current
|
||||
link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :put, :class => 'icon icon-lock'
|
||||
links << link_to(l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :put, :class => 'icon icon-lock')
|
||||
end
|
||||
|
||||
if user.deletable?
|
||||
links << link_to(
|
||||
l(:button_delete), {:controller => 'users', :action => 'destroy', :id => user},
|
||||
:method => :delete,
|
||||
:confirm => l(:text_are_you_sure),
|
||||
:title => l(:button_delete),
|
||||
:class => 'icon icon-del'
|
||||
)
|
||||
end
|
||||
|
||||
links.join(" ")
|
||||
end
|
||||
|
||||
def user_settings_tabs
|
||||
|
|
|
@ -207,6 +207,11 @@ class User < Principal
|
|||
update_attribute(:status, STATUS_LOCKED)
|
||||
end
|
||||
|
||||
def deletable?
|
||||
registered? && last_login_on.nil?
|
||||
end
|
||||
|
||||
|
||||
# Returns true if +clear_password+ is the correct user's password, otherwise false
|
||||
def check_password?(clear_password)
|
||||
if auth_source_id.present?
|
||||
|
|
|
@ -136,8 +136,7 @@ ActionController::Routing::Routes.draw do |map|
|
|||
map.resources :users, :member => {
|
||||
:edit_membership => :post,
|
||||
:destroy_membership => :post
|
||||
},
|
||||
:except => [:destroy]
|
||||
}
|
||||
|
||||
# For nice "roadmap" in the url for the index action
|
||||
map.connect 'projects/:project_id/roadmap', :controller => 'versions', :action => 'index'
|
||||
|
|
|
@ -269,6 +269,31 @@ class UsersControllerTest < ActionController::TestCase
|
|||
assert u.check_password?('newpass')
|
||||
end
|
||||
|
||||
def test_destroy
|
||||
u = User.new(:firstname => 'Death', :lastname => 'Row', :mail => 'death.row@example.com', :language => 'en')
|
||||
u.login = 'death.row'
|
||||
u.status = User::STATUS_REGISTERED
|
||||
u.save!
|
||||
|
||||
delete :destroy, :id => u.id
|
||||
assert_redirected_to :action => 'index'
|
||||
# make sure that the user was actually destroyed
|
||||
assert_raises(ActiveRecord::RecordNotFound) { u.reload }
|
||||
end
|
||||
|
||||
def test_failing_destroy
|
||||
u = User.new(:firstname => 'Surviving', :lastname => 'Patient', :mail => 'surviving.patient@example.com', :language => 'en')
|
||||
u.login = 'surviving.patient'
|
||||
u.status = User::STATUS_ACTIVE
|
||||
u.save!
|
||||
|
||||
delete :destroy, :id => u.id
|
||||
assert_response :forbidden
|
||||
# make sure the user is still around
|
||||
assert !u.reload.destroyed?
|
||||
end
|
||||
|
||||
|
||||
def test_edit_membership
|
||||
post :edit_membership, :id => 2, :membership_id => 1,
|
||||
:membership => { :role_ids => [2]}
|
||||
|
|
|
@ -240,26 +240,52 @@ class ApiTest::UsersTest < ActionController::IntegrationTest
|
|||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context "DELETE /users/2" do
|
||||
context ".xml" do
|
||||
should "not be allowed" do
|
||||
assert_no_difference('User.count') do
|
||||
delete '/users/2.xml'
|
||||
end
|
||||
context "DELETE /users/:temp:" do
|
||||
context ".xml" do
|
||||
should "delete the user" do
|
||||
u = User.new(:firstname => 'Death', :lastname => 'Row', :mail => 'death.row@example.com', :language => 'en')
|
||||
u.login = 'death.row'
|
||||
u.status = User::STATUS_REGISTERED
|
||||
u.save!
|
||||
|
||||
assert_response :method_not_allowed
|
||||
assert_difference('User.count',-1) do
|
||||
delete "/users/#{u.id}.xml", {}, :authorization => credentials('admin')
|
||||
end
|
||||
|
||||
assert_response :success
|
||||
assert_nil User.find_by_id(u.id)
|
||||
end
|
||||
|
||||
context ".json" do
|
||||
should "not be allowed" do
|
||||
assert_no_difference('User.count') do
|
||||
delete '/users/2.json'
|
||||
end
|
||||
|
||||
assert_response :method_not_allowed
|
||||
should "not delete active user" do
|
||||
assert_difference('User.count',0) do
|
||||
delete "/users/2.xml", {}, :authorization => credentials('jsmith')
|
||||
end
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
context ".json" do
|
||||
should "delete the user" do
|
||||
u = User.new(:firstname => 'Death', :lastname => 'Row', :mail => 'death.row@example.com', :language => 'en')
|
||||
u.login = 'death.row'
|
||||
u.status = User::STATUS_REGISTERED
|
||||
u.save!
|
||||
|
||||
assert_difference('User.count',-1) do
|
||||
delete "/users/#{u.id}.json", {}, :authorization => credentials('admin')
|
||||
end
|
||||
|
||||
assert_response :success
|
||||
assert_nil User.find_by_id(u.id)
|
||||
end
|
||||
|
||||
should "not delete active user" do
|
||||
assert_difference('User.count',0) do
|
||||
delete "/users/2.json", {}, :authorization => credentials('jsmith')
|
||||
end
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue