Feature #37674 » 0002-user-bulk-destroy.patch
| app/controllers/users_controller.rb | ||
|---|---|---|
| 218 | 218 |
end |
| 219 | 219 |
end |
| 220 | 220 | |
| 221 |
def bulk_destroy |
|
| 222 |
@users = User.logged.where(id: params[:ids]).where.not(id: User.current) |
|
| 223 |
(render_404; return) unless @users.any? |
|
| 224 | ||
| 225 |
if params[:lock] |
|
| 226 |
@users.update_all status: User::STATUS_LOCKED |
|
| 227 |
flash[:notice] = l(:notice_successful_update) |
|
| 228 |
redirect_to users_path |
|
| 229 |
elsif params[:confirm] == I18n.t(:general_text_Yes) |
|
| 230 |
@users.destroy_all |
|
| 231 |
flash[:notice] = l(:notice_successful_delete) |
|
| 232 |
redirect_to users_path |
|
| 233 |
end |
|
| 234 |
end |
|
| 235 | ||
| 221 | 236 |
private |
| 222 | 237 | |
| 223 | 238 |
def find_user(logged = true) |
| app/views/context_menus/users.html.erb | ||
|---|---|---|
| 20 | 20 |
method: :delete, class: 'icon icon-del' %> |
| 21 | 21 |
</li> |
| 22 | 22 |
<% end %> |
| 23 |
<% else %> |
|
| 24 |
<li> |
|
| 25 |
<%= context_menu_link l(:button_delete), |
|
| 26 |
{controller: 'users', action: 'bulk_destroy', ids: @users.map(&:id)},
|
|
| 27 |
method: :delete, class: 'icon icon-del' %> |
|
| 28 |
</li> |
|
| 23 | 29 |
<% end %> |
| 24 | 30 |
</ul> |
| app/views/users/bulk_destroy.html.erb | ||
|---|---|---|
| 1 |
<%= title l(:label_confirmation) %> |
|
| 2 | ||
| 3 |
<%= form_tag(bulk_destroy_users_path(ids: @users.map(&:id)), method: :delete) do %> |
|
| 4 |
<div class="warning"> |
|
| 5 | ||
| 6 |
<p><%= simple_format l :text_users_bulk_destroy_head %></p> |
|
| 7 | ||
| 8 |
<% @users.each do |user| %> |
|
| 9 |
<p><strong><%= user.name %></strong> (<%= user.login %>)</p> |
|
| 10 |
<% end %> |
|
| 11 | ||
| 12 |
<p><%= l :text_users_bulk_destroy_confirm, yes: l(:general_text_Yes) %></p> |
|
| 13 |
<p><%= text_field_tag 'confirm' %></p> |
|
| 14 | ||
| 15 |
</div> |
|
| 16 | ||
| 17 |
<p> |
|
| 18 |
<%= submit_tag l(:button_delete), class: 'btn-alert btn-small' %> |
|
| 19 |
<%= submit_tag l(:button_lock), class: 'btn', name: 'lock' %> |
|
| 20 |
<%= link_to l(:button_cancel), users_path %> |
|
| 21 |
</p> |
|
| 22 |
<% end %> |
|
| 23 | ||
| 24 | ||
| config/locales/en.yml | ||
|---|---|---|
| 1230 | 1230 |
text_project_close_confirmation: Are you sure you want to close the '%{value}' project to make it read-only?
|
| 1231 | 1231 |
text_project_reopen_confirmation: Are you sure you want to reopen the '%{value}' project?
|
| 1232 | 1232 |
text_project_archive_confirmation: Are you sure you want to archive the '%{value}' project?
|
| 1233 |
text_users_bulk_destroy_head: 'You are about to delete the following users and remove all references to them. This cannot be undone. Often, locking users instead of deleting them is the better solution.' |
|
| 1234 |
text_users_bulk_destroy_confirm: 'To confirm, please enter "%{yes}" below.'
|
|
| 1233 | 1235 |
text_workflow_edit: Select a role and a tracker to edit the workflow |
| 1234 | 1236 |
text_are_you_sure: Are you sure? |
| 1235 | 1237 |
text_journal_changed: "%{label} changed from %{old} to %{new}"
|
| config/routes.rb | ||
|---|---|---|
| 110 | 110 | |
| 111 | 111 |
match '/users/context_menu', to: 'context_menus#users', as: :users_context_menu, via: [:get, :post] |
| 112 | 112 |
resources :users do |
| 113 |
collection do |
|
| 114 |
delete 'bulk_destroy' |
|
| 115 |
end |
|
| 113 | 116 |
resources :memberships, :controller => 'principal_memberships' |
| 114 | 117 |
resources :email_addresses, :only => [:index, :create, :update, :destroy] |
| 115 | 118 |
end |
| test/functional/users_controller_test.rb | ||
|---|---|---|
| 1085 | 1085 |
assert_response 422 |
| 1086 | 1086 |
end |
| 1087 | 1087 |
end |
| 1088 | ||
| 1089 |
def test_bulk_destroy |
|
| 1090 |
assert_difference 'User.count', -1 do |
|
| 1091 |
delete :bulk_destroy, :params => {:ids => [2], :confirm => 'Yes'}
|
|
| 1092 |
end |
|
| 1093 |
assert_redirected_to '/users' |
|
| 1094 |
assert_nil User.find_by_id(2) |
|
| 1095 |
end |
|
| 1096 | ||
| 1097 |
def test_bulk_destroy_should_not_destroy_current_user |
|
| 1098 |
assert_difference 'User.count', -1 do |
|
| 1099 |
delete :bulk_destroy, :params => {:ids => [2, 1], :confirm => 'Yes'}
|
|
| 1100 |
end |
|
| 1101 |
assert_redirected_to '/users' |
|
| 1102 |
assert_nil User.find_by_id(2) |
|
| 1103 |
end |
|
| 1104 | ||
| 1105 |
def test_bulk_destroy_with_lock_param_should_lock_instead |
|
| 1106 |
assert_no_difference 'User.count' do |
|
| 1107 |
delete :bulk_destroy, :params => {:ids => [2], :lock => 'lock'}
|
|
| 1108 |
end |
|
| 1109 |
assert_redirected_to '/users' |
|
| 1110 |
assert User.find_by_id(2).locked? |
|
| 1111 |
end |
|
| 1112 | ||
| 1113 |
def test_bulk_destroy_should_require_confirmation |
|
| 1114 |
assert_no_difference 'User.count' do |
|
| 1115 |
delete :bulk_destroy, :params => {:ids => [2]}
|
|
| 1116 |
end |
|
| 1117 |
assert_response :success |
|
| 1118 |
assert_select '.warning', :text => /You are about to delete the following users/ |
|
| 1119 |
end |
|
| 1120 | ||
| 1121 |
def test_bulk_destroy_should_require_correct_confirmation |
|
| 1122 |
assert_no_difference 'User.count' do |
|
| 1123 |
delete :bulk_destroy, :params => {:ids => [2], :confirm => 'wrong'}
|
|
| 1124 |
end |
|
| 1125 |
assert_response :success |
|
| 1126 |
assert_select '.warning', :text => /You are about to delete the following users/ |
|
| 1127 |
end |
|
| 1128 | ||
| 1129 |
def test_bulk_destroy_should_be_denied_for_non_admin_users |
|
| 1130 |
@request.session[:user_id] = 3 |
|
| 1131 | ||
| 1132 |
assert_no_difference 'User.count' do |
|
| 1133 |
delete :bulk_destroy, :params => {:ids => [2], :confirm => 'Yes'}
|
|
| 1134 |
end |
|
| 1135 |
assert_response 403 |
|
| 1136 |
end |
|
| 1137 | ||
| 1138 |
def test_bulk_destroy_should_be_denied_for_anonymous |
|
| 1139 |
assert User.find(6).anonymous? |
|
| 1140 |
assert_no_difference 'User.count' do |
|
| 1141 |
delete :bulk_destroy, :params => {:ids => [6], :confirm => "Yes"}
|
|
| 1142 |
end |
|
| 1143 |
assert_response 404 |
|
| 1144 |
end |
|
| 1088 | 1145 |
end |
