Feature #34417 » 0002-require-to-enter-project-s-identifier-to-confirm-pro.patch
app/controllers/projects_controller.rb | ||
---|---|---|
275 | 275 |
end |
276 | 276 | |
277 | 277 |
@project_to_destroy = @project |
278 |
if api_request? || params[:confirm] |
|
278 |
if api_request? || params[:confirm] == @project_to_destroy.identifier
|
|
279 | 279 |
@project_to_destroy.destroy |
280 | 280 |
respond_to do |format| |
281 | 281 |
format.html do |
app/views/projects/destroy.html.erb | ||
---|---|---|
12 | 12 |
content_tag('strong', @project_to_destroy.descendants.collect{|p| p.to_s}.join(', '))).html_safe %> |
13 | 13 |
<% end %> |
14 | 14 |
</p> |
15 | ||
15 | 16 |
<p> |
16 |
<label><%= check_box_tag 'confirm', 1 %> <%= l(:general_text_Yes) %></label>
|
|
17 |
<%= l :text_project_destroy_enter_identifier, identifier: @project_to_destroy.identifier %>
|
|
17 | 18 |
</p> |
19 | ||
20 |
<p> |
|
21 |
<label for="confirm"><%= l :field_identifier %></label> |
|
22 |
<%= text_field_tag 'confirm' %> |
|
23 |
</p> |
|
24 | ||
18 | 25 |
</div> |
19 | 26 | |
20 | 27 |
<p> |
config/locales/de.yml | ||
---|---|---|
1371 | 1371 |
field_twofa_scheme: Two-factor authentication scheme |
1372 | 1372 | |
1373 | 1373 |
text_user_destroy_confirmation: "Wollen Sie diesen Benutzer inklusive aller Referenzen darauf wirklich löschen? Dies kann nicht rückgängig gemacht werden. Oftmals ist es besser, einen Benutzer lediglich zu sperren. Geben Sie bitte zur Bestätigung den Login des Benutzers (%{login}) ein." |
1374 |
text_project_destroy_enter_identifier: "Zur Bestätigung bitte die Projektkennung (%{identifier}) eingeben." |
config/locales/en.yml | ||
---|---|---|
1346 | 1346 |
twofa_backup_codes_already_shown: Backup codes cannot be shown again, please <a data-method="post" href="%{bc_path}">generate new backup codes</a> if required. |
1347 | 1347 | |
1348 | 1348 |
text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below." |
1349 |
text_project_destroy_enter_identifier: "To confirm, please enter the project's identifier (%{identifier}) below." |
test/functional/projects_controller_test.rb | ||
---|---|---|
1028 | 1028 |
assert_select '.warning', :text => /Are you sure you want to delete this project/ |
1029 | 1029 |
end |
1030 | 1030 | |
1031 |
def test_destroy_leaf_project_with_wrong_confirmation_should_show_confirmation |
|
1032 |
@request.session[:user_id] = 1 # admin |
|
1033 | ||
1034 |
assert_no_difference 'Project.count' do |
|
1035 |
delete(:destroy, :params => {:id => 2, :confirm => 'wrong'}) |
|
1036 |
assert_response :success |
|
1037 |
end |
|
1038 |
assert_select '.warning', :text => /Are you sure you want to delete this project/ |
|
1039 |
end |
|
1040 | ||
1031 | 1041 |
def test_destroy_without_confirmation_should_show_confirmation_with_subprojects |
1032 | 1042 |
set_tmp_attachments_directory |
1033 | 1043 |
@request.session[:user_id] = 1 # admin |
... | ... | |
1051 | 1061 |
:destroy, |
1052 | 1062 |
:params => { |
1053 | 1063 |
:id => 1, |
1054 |
:confirm => 1
|
|
1064 |
:confirm => 'ecookbook'
|
|
1055 | 1065 |
} |
1056 | 1066 |
) |
1057 | 1067 |
assert_redirected_to '/admin/projects' |
... | ... | |
1068 | 1078 |
:destroy, |
1069 | 1079 |
:params => { |
1070 | 1080 |
:id => 2, |
1071 |
:confirm => 1
|
|
1081 |
:confirm => 'onlinestore'
|
|
1072 | 1082 |
} |
1073 | 1083 |
) |
1074 | 1084 |
assert_redirected_to '/projects' |
... | ... | |
1085 | 1095 |
:destroy, |
1086 | 1096 |
:params => { |
1087 | 1097 |
:id => 1, |
1088 |
:confirm => 1
|
|
1098 |
:confirm => 'ecookbook'
|
|
1089 | 1099 |
} |
1090 | 1100 |
) |
1091 | 1101 |
assert_response 403 |