Project

General

Profile

Feature #37674 » 0002-user-bulk-destroy.patch

Jens Krämer, 2022-09-14 04:37

View differences:

app/controllers/users_controller.rb
218 218
    end
219 219
  end
220 220

  
221
  def bulk_destroy
222
    @users = User.logged.where(id: params[:ids]).where.not(id: User.current)
223
    (render_404; return) unless @users.any?
224

  
225
    if params[:lock]
226
      @users.update_all status: User::STATUS_LOCKED
227
      flash[:notice] = l(:notice_successful_update)
228
      redirect_to users_path
229
    elsif params[:confirm] == I18n.t(:general_text_Yes)
230
      @users.destroy_all
231
      flash[:notice] = l(:notice_successful_delete)
232
      redirect_to users_path
233
    end
234
  end
235

  
221 236
  private
222 237

  
223 238
  def find_user(logged = true)
app/views/context_menus/users.html.erb
20 20
          method: :delete, class: 'icon icon-del' %>
21 21
      </li>
22 22
    <% end %>
23
  <% else %>
24
    <li>
25
      <%= context_menu_link l(:button_delete),
26
        {controller: 'users', action: 'bulk_destroy', ids: @users.map(&:id)},
27
        method: :delete, class: 'icon icon-del' %>
28
    </li>
23 29
  <% end %>
24 30
</ul>
app/views/users/bulk_destroy.html.erb
1
<%= title l(:label_confirmation) %>
2

  
3
<%= form_tag(bulk_destroy_users_path(ids: @users.map(&:id)), method: :delete) do %>
4
<div class="warning">
5

  
6
<p><%= simple_format l :text_users_bulk_destroy_head %></p>
7

  
8
<% @users.each do |user| %>
9
  <p><strong><%= user.name %></strong> (<%= user.login %>)</p>
10
<% end %>
11

  
12
<p><%= l :text_users_bulk_destroy_confirm, yes: l(:general_text_Yes) %></p>
13
<p><%= text_field_tag 'confirm' %></p>
14

  
15
</div>
16

  
17
<p>
18
  <%= submit_tag l(:button_delete), class: 'btn-alert btn-small' %>
19
  <%= submit_tag l(:button_lock), class: 'btn', name: 'lock' %>
20
  <%= link_to l(:button_cancel), users_path %>
21
</p>
22
<% end %>
23

  
24

  
config/locales/en.yml
1230 1230
  text_project_close_confirmation: Are you sure you want to close the '%{value}' project to make it read-only?
1231 1231
  text_project_reopen_confirmation: Are you sure you want to reopen the '%{value}' project?
1232 1232
  text_project_archive_confirmation: Are you sure you want to archive the '%{value}' project?
1233
  text_users_bulk_destroy_head: 'You are about to delete the following users and remove all references to them. This cannot be undone. Often, locking users instead of deleting them is the better solution.'
1234
  text_users_bulk_destroy_confirm: 'To confirm, please enter "%{yes}" below.'
1233 1235
  text_workflow_edit: Select a role and a tracker to edit the workflow
1234 1236
  text_are_you_sure: Are you sure?
1235 1237
  text_journal_changed: "%{label} changed from %{old} to %{new}"
config/routes.rb
110 110

  
111 111
  match '/users/context_menu', to: 'context_menus#users', as: :users_context_menu, via: [:get, :post]
112 112
  resources :users do
113
    collection do
114
      delete 'bulk_destroy'
115
    end
113 116
    resources :memberships, :controller => 'principal_memberships'
114 117
    resources :email_addresses, :only => [:index, :create, :update, :destroy]
115 118
  end
test/functional/users_controller_test.rb
1051 1051
      assert_response 422
1052 1052
    end
1053 1053
  end
1054

  
1055
  def test_bulk_destroy
1056
    assert_difference 'User.count', -1 do
1057
      delete :bulk_destroy, :params => {:ids => [2], :confirm => 'Yes'}
1058
    end
1059
    assert_redirected_to '/users'
1060
    assert_nil User.find_by_id(2)
1061
  end
1062

  
1063
  def test_bulk_destroy_should_not_destroy_current_user
1064
    assert_difference 'User.count', -1 do
1065
      delete :bulk_destroy, :params => {:ids => [2, 1], :confirm => 'Yes'}
1066
    end
1067
    assert_redirected_to '/users'
1068
    assert_nil User.find_by_id(2)
1069
  end
1070

  
1071
  def test_bulk_destroy_with_lock_param_should_lock_instead
1072
    assert_no_difference 'User.count' do
1073
      delete :bulk_destroy, :params => {:ids => [2], :lock => 'lock'}
1074
    end
1075
    assert_redirected_to '/users'
1076
    assert User.find_by_id(2).locked?
1077
  end
1078

  
1079
  def test_bulk_destroy_should_require_confirmation
1080
    assert_no_difference 'User.count' do
1081
      delete :bulk_destroy, :params => {:ids => [2]}
1082
    end
1083
    assert_response :success
1084
    assert_select '.warning', :text => /You are about to delete the following users/
1085
  end
1086

  
1087
  def test_bulk_destroy_should_require_correct_confirmation
1088
    assert_no_difference 'User.count' do
1089
      delete :bulk_destroy, :params => {:ids => [2], :confirm => 'wrong'}
1090
    end
1091
    assert_response :success
1092
    assert_select '.warning', :text => /You are about to delete the following users/
1093
  end
1094

  
1095
  def test_bulk_destroy_should_be_denied_for_non_admin_users
1096
    @request.session[:user_id] = 3
1097

  
1098
    assert_no_difference 'User.count' do
1099
      delete :bulk_destroy, :params => {:ids => [2], :confirm => 'Yes'}
1100
    end
1101
    assert_response 403
1102
  end
1103

  
1104
  def test_bulk_destroy_should_be_denied_for_anonymous
1105
    assert User.find(6).anonymous?
1106
    assert_no_difference 'User.count' do
1107
      delete :bulk_destroy, :params => {:ids => [6], :confirm => "Yes"}
1108
    end
1109
    assert_response 404
1110
  end
1054 1111
end
(1-1/11)