Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
O
OHR Support
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
97
Issues
97
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
image/svg+xml
Discourse
Discourse
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Projects
OHR Support
Commits
54b4fdf1
Commit
54b4fdf1
authored
Aug 02, 2011
by
Holger Just
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[
#124
] Allow to delete users with STATE_REGISTERED
parent
fc84783d
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
106 additions
and
20 deletions
+106
-20
users_controller.rb
app/controllers/users_controller.rb
+20
-2
users_helper.rb
app/helpers/users_helper.rb
+16
-3
user.rb
app/models/user.rb
+5
-0
routes.rb
config/routes.rb
+1
-2
users_controller_test.rb
test/functional/users_controller_test.rb
+25
-0
users_test.rb
test/integration/api_test/users_test.rb
+39
-13
No files found.
app/controllers/users_controller.rb
View file @
54b4fdf1
...
...
@@ -15,8 +15,8 @@ class UsersController < ApplicationController
layout
'admin'
before_filter
:require_admin
,
:except
=>
:show
before_filter
:find_user
,
:only
=>
[
:show
,
:edit
,
:update
,
:edit_membership
,
:destroy_membership
]
accept_key_auth
:index
,
:show
,
:create
,
:update
before_filter
:find_user
,
:only
=>
[
:show
,
:edit
,
:update
,
:
destroy
,
:
edit_membership
,
:destroy_membership
]
accept_key_auth
:index
,
:show
,
:create
,
:update
,
:destroy
include
SortHelper
include
CustomFieldsHelper
...
...
@@ -177,6 +177,24 @@ class UsersController < ApplicationController
redirect_to
:controller
=>
'users'
,
:action
=>
'edit'
,
:id
=>
@user
end
verify
:method
=>
:delete
,
:only
=>
:destroy
,
:render
=>
{
:nothing
=>
true
,
:status
=>
:method_not_allowed
}
def
destroy
# Only allow to delete users with STATUS_REGISTERED for now
# It is assumed that these users are not yet references in any way
# from other objects.
return
render_403
unless
@user
.
deletable?
@user
.
destroy
respond_to
do
|
format
|
format
.
html
{
flash
[
:notice
]
=
l
(
:notice_successful_delete
)
redirect_back_or_default
(
:action
=>
'index'
)
}
format
.
api
{
head
:ok
}
end
end
def
edit_membership
@membership
=
Member
.
edit_membership
(
params
[
:membership_id
],
params
[
:membership
],
@user
)
@membership
.
save
if
request
.
post?
...
...
app/helpers/users_helper.rb
View file @
54b4fdf1
...
...
@@ -36,13 +36,26 @@ module UsersHelper
def
change_status_link
(
user
)
url
=
{
:controller
=>
'users'
,
:action
=>
'update'
,
:id
=>
user
,
:page
=>
params
[
:page
],
:status
=>
params
[
:status
],
:tab
=>
nil
}
links
=
[]
if
user
.
locked?
link
_to
l
(
:button_unlock
),
url
.
merge
(
:user
=>
{
:status
=>
User
::
STATUS_ACTIVE
}),
:method
=>
:put
,
:class
=>
'icon icon-unlock'
link
s
<<
link_to
(
l
(
:button_unlock
),
url
.
merge
(
:user
=>
{
:status
=>
User
::
STATUS_ACTIVE
}),
:method
=>
:put
,
:class
=>
'icon icon-unlock'
)
elsif
user
.
registered?
link
_to
l
(
:button_activate
),
url
.
merge
(
:user
=>
{
:status
=>
User
::
STATUS_ACTIVE
}),
:method
=>
:put
,
:class
=>
'icon icon-unlock'
link
s
<<
link_to
(
l
(
:button_activate
),
url
.
merge
(
:user
=>
{
:status
=>
User
::
STATUS_ACTIVE
}),
:method
=>
:put
,
:class
=>
'icon icon-unlock'
)
elsif
user
!=
User
.
current
link
_to
l
(
:button_lock
),
url
.
merge
(
:user
=>
{
:status
=>
User
::
STATUS_LOCKED
}),
:method
=>
:put
,
:class
=>
'icon icon-lock'
link
s
<<
link_to
(
l
(
:button_lock
),
url
.
merge
(
:user
=>
{
:status
=>
User
::
STATUS_LOCKED
}),
:method
=>
:put
,
:class
=>
'icon icon-lock'
)
end
if
user
.
deletable?
links
<<
link_to
(
l
(
:button_delete
),
{
:controller
=>
'users'
,
:action
=>
'destroy'
,
:id
=>
user
},
:method
=>
:delete
,
:confirm
=>
l
(
:text_are_you_sure
),
:title
=>
l
(
:button_delete
),
:class
=>
'icon icon-del'
)
end
links
.
join
(
" "
)
end
def
user_settings_tabs
...
...
app/models/user.rb
View file @
54b4fdf1
...
...
@@ -207,6 +207,11 @@ class User < Principal
update_attribute
(
:status
,
STATUS_LOCKED
)
end
def
deletable?
registered?
&&
last_login_on
.
nil?
end
# Returns true if +clear_password+ is the correct user's password, otherwise false
def
check_password?
(
clear_password
)
if
auth_source_id
.
present?
...
...
config/routes.rb
View file @
54b4fdf1
...
...
@@ -136,8 +136,7 @@ ActionController::Routing::Routes.draw do |map|
map
.
resources
:users
,
:member
=>
{
:edit_membership
=>
:post
,
:destroy_membership
=>
:post
},
:except
=>
[
:destroy
]
}
# For nice "roadmap" in the url for the index action
map
.
connect
'projects/:project_id/roadmap'
,
:controller
=>
'versions'
,
:action
=>
'index'
...
...
test/functional/users_controller_test.rb
View file @
54b4fdf1
...
...
@@ -269,6 +269,31 @@ class UsersControllerTest < ActionController::TestCase
assert
u
.
check_password?
(
'newpass'
)
end
def
test_destroy
u
=
User
.
new
(
:firstname
=>
'Death'
,
:lastname
=>
'Row'
,
:mail
=>
'death.row@example.com'
,
:language
=>
'en'
)
u
.
login
=
'death.row'
u
.
status
=
User
::
STATUS_REGISTERED
u
.
save!
delete
:destroy
,
:id
=>
u
.
id
assert_redirected_to
:action
=>
'index'
# make sure that the user was actually destroyed
assert_raises
(
ActiveRecord
::
RecordNotFound
)
{
u
.
reload
}
end
def
test_failing_destroy
u
=
User
.
new
(
:firstname
=>
'Surviving'
,
:lastname
=>
'Patient'
,
:mail
=>
'surviving.patient@example.com'
,
:language
=>
'en'
)
u
.
login
=
'surviving.patient'
u
.
status
=
User
::
STATUS_ACTIVE
u
.
save!
delete
:destroy
,
:id
=>
u
.
id
assert_response
:forbidden
# make sure the user is still around
assert
!
u
.
reload
.
destroyed?
end
def
test_edit_membership
post
:edit_membership
,
:id
=>
2
,
:membership_id
=>
1
,
:membership
=>
{
:role_ids
=>
[
2
]}
...
...
test/integration/api_test/users_test.rb
View file @
54b4fdf1
...
...
@@ -240,26 +240,52 @@ class ApiTest::UsersTest < ActionController::IntegrationTest
end
end
end
end
context
"DELETE /users/2
"
do
context
"DELETE /users/:temp:
"
do
context
".xml"
do
should
"not be allowed"
do
assert_no_difference
(
'User.count'
)
do
delete
'/users/2.xml'
should
"delete the user"
do
u
=
User
.
new
(
:firstname
=>
'Death'
,
:lastname
=>
'Row'
,
:mail
=>
'death.row@example.com'
,
:language
=>
'en'
)
u
.
login
=
'death.row'
u
.
status
=
User
::
STATUS_REGISTERED
u
.
save!
assert_difference
(
'User.count'
,
-
1
)
do
delete
"/users/
#{
u
.
id
}
.xml"
,
{},
:authorization
=>
credentials
(
'admin'
)
end
assert_response
:success
assert_nil
User
.
find_by_id
(
u
.
id
)
end
assert_response
:method_not_allowed
should
"not delete active user"
do
assert_difference
(
'User.count'
,
0
)
do
delete
"/users/2.xml"
,
{},
:authorization
=>
credentials
(
'jsmith'
)
end
assert_response
:forbidden
end
end
context
".json"
do
should
"not be allowed"
do
assert_no_difference
(
'User.count'
)
do
delete
'/users/2.json'
should
"delete the user"
do
u
=
User
.
new
(
:firstname
=>
'Death'
,
:lastname
=>
'Row'
,
:mail
=>
'death.row@example.com'
,
:language
=>
'en'
)
u
.
login
=
'death.row'
u
.
status
=
User
::
STATUS_REGISTERED
u
.
save!
assert_difference
(
'User.count'
,
-
1
)
do
delete
"/users/
#{
u
.
id
}
.json"
,
{},
:authorization
=>
credentials
(
'admin'
)
end
assert_response
:success
assert_nil
User
.
find_by_id
(
u
.
id
)
end
assert_response
:method_not_allowed
should
"not delete active user"
do
assert_difference
(
'User.count'
,
0
)
do
delete
"/users/2.json"
,
{},
:authorization
=>
credentials
(
'jsmith'
)
end
assert_response
:forbidden
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment