Project

General

Profile

Feature #34417 » 0002-require-to-enter-project-s-identifier-to-confirm-pro.patch

Jens Krämer, 2020-12-09 04:12

View differences:

app/controllers/projects_controller.rb
275 275
    end
276 276

  
277 277
    @project_to_destroy = @project
278
    if api_request? || params[:confirm]
278
    if api_request? || params[:confirm] == @project_to_destroy.identifier
279 279
      @project_to_destroy.destroy
280 280
      respond_to do |format|
281 281
        format.html do
app/views/projects/destroy.html.erb
12 12
          content_tag('strong', @project_to_destroy.descendants.collect{|p| p.to_s}.join(', '))).html_safe %>
13 13
<% end %>
14 14
</p>
15

  
15 16
<p>
16
  <label><%= check_box_tag 'confirm', 1 %> <%= l(:general_text_Yes) %></label>
17
  <%= l :text_project_destroy_enter_identifier, identifier: @project_to_destroy.identifier %>
17 18
</p>
19

  
20
<p>
21
  <label for="confirm"><%= l :field_identifier %></label>
22
  <%= text_field_tag 'confirm' %>
23
</p>
24

  
18 25
</div>
19 26

  
20 27
<p>
config/locales/de.yml
1371 1371
  field_twofa_scheme: Two-factor authentication scheme
1372 1372

  
1373 1373
  text_user_destroy_confirmation: "Wollen Sie diesen Benutzer inklusive aller Referenzen darauf wirklich löschen? Dies kann nicht rückgängig gemacht werden. Oftmals ist es besser, einen Benutzer lediglich zu sperren. Geben Sie bitte zur Bestätigung den Login des Benutzers (%{login}) ein."
1374
  text_project_destroy_enter_identifier: "Zur Bestätigung bitte die Projektkennung (%{identifier}) eingeben."
config/locales/en.yml
1346 1346
  twofa_backup_codes_already_shown: Backup codes cannot be shown again, please <a data-method="post" href="%{bc_path}">generate new backup codes</a> if required.
1347 1347

  
1348 1348
  text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below."
1349
  text_project_destroy_enter_identifier: "To confirm, please enter the project's identifier (%{identifier}) below."
test/functional/projects_controller_test.rb
1028 1028
    assert_select '.warning', :text => /Are you sure you want to delete this project/
1029 1029
  end
1030 1030

  
1031
  def test_destroy_leaf_project_with_wrong_confirmation_should_show_confirmation
1032
    @request.session[:user_id] = 1 # admin
1033

  
1034
    assert_no_difference 'Project.count' do
1035
      delete(:destroy, :params => {:id => 2, :confirm => 'wrong'})
1036
      assert_response :success
1037
    end
1038
    assert_select '.warning', :text => /Are you sure you want to delete this project/
1039
  end
1040

  
1031 1041
  def test_destroy_without_confirmation_should_show_confirmation_with_subprojects
1032 1042
    set_tmp_attachments_directory
1033 1043
    @request.session[:user_id] = 1 # admin
......
1051 1061
        :destroy,
1052 1062
        :params => {
1053 1063
          :id => 1,
1054
          :confirm => 1
1064
          :confirm => 'ecookbook'
1055 1065
        }
1056 1066
      )
1057 1067
      assert_redirected_to '/admin/projects'
......
1068 1078
        :destroy,
1069 1079
        :params => {
1070 1080
          :id => 2,
1071
          :confirm => 1
1081
          :confirm => 'onlinestore'
1072 1082
        }
1073 1083
      )
1074 1084
      assert_redirected_to '/projects'
......
1085 1095
        :destroy,
1086 1096
        :params => {
1087 1097
          :id => 1,
1088
          :confirm => 1
1098
          :confirm => 'ecookbook'
1089 1099
        }
1090 1100
      )
1091 1101
      assert_response 403
(1-1/4)