Defect #11870 » fix-11870.patch
| app/controllers/users_controller.rb | ||
|---|---|---|
| 184 | 184 |
end |
| 185 | 185 | |
| 186 | 186 |
def destroy |
| 187 |
return render_error status: 422 if @user == User.current && !@user.own_account_deletable? |
|
| 188 | ||
| 187 | 189 |
@user.destroy |
| 188 | 190 |
respond_to do |format| |
| 189 | 191 |
format.html { redirect_back_or_default(users_path) }
|
| test/functional/users_controller_test.rb | ||
|---|---|---|
| 838 | 838 |
) |
| 839 | 839 |
end |
| 840 | 840 |
end |
| 841 | ||
| 842 |
def test_destroy_without_unsubscribe_is_denied |
|
| 843 |
user = User.find(2) |
|
| 844 |
user.update(admin: true) # Create other admin so self can be deleted |
|
| 845 |
@request.session[:user_id] = user.id |
|
| 846 |
with_settings unsubscribe: 0 do |
|
| 847 |
assert_no_difference 'User.count' do |
|
| 848 |
delete :destroy, params: {id: user.id}
|
|
| 849 |
end |
|
| 850 |
assert_response 422 |
|
| 851 |
end |
|
| 852 |
end |
|
| 853 | ||
| 854 |
def test_destroy_last_admin_is_denied |
|
| 855 |
user = User.find(1) |
|
| 856 |
@request.session[:user_id] = user.id |
|
| 857 |
with_settings unsubscribe: 1 do |
|
| 858 |
assert_no_difference 'User.count' do |
|
| 859 |
delete :destroy, params: {id: user.id}
|
|
| 860 |
end |
|
| 861 |
assert_response 422 |
|
| 862 |
end |
|
| 863 |
end |
|
| 841 | 864 |
end |