Feature #40913 » feature-40913.patch
| app/controllers/users_controller.rb | ||
|---|---|---|
| 231 | 231 |
@users = User.logged.where(id: params[:ids]).where.not(id: User.current) |
| 232 | 232 |
(render_404; return) unless @users.any? |
| 233 | 233 | |
| 234 |
if params[:lock] |
|
| 235 |
@users.update_all status: User::STATUS_LOCKED |
|
| 236 |
flash[:notice] = l(:notice_successful_update) |
|
| 237 |
redirect_to users_path |
|
| 238 |
elsif params[:confirm] == I18n.t(:general_text_Yes) |
|
| 234 |
if params[:confirm] == I18n.t(:general_text_Yes) |
|
| 239 | 235 |
@users.destroy_all |
| 240 | 236 |
flash[:notice] = l(:notice_successful_delete) |
| 241 | 237 |
redirect_to users_path |
| 242 | 238 |
end |
| 243 | 239 |
end |
| 244 | 240 | |
| 241 |
def bulk_lock |
|
| 242 |
@users = User.logged.where(id: params[:ids]).where.not(id: User.current) |
|
| 243 |
(render_404; return) unless @users.any? |
|
| 244 | ||
| 245 |
@users.update_all status: User::STATUS_LOCKED |
|
| 246 |
flash[:notice] = l(:notice_successful_update) |
|
| 247 |
redirect_to users_path |
|
| 248 |
end |
|
| 249 | ||
| 245 | 250 |
private |
| 246 | 251 | |
| 247 | 252 |
def find_user(logged = true) |
| app/views/context_menus/users.html.erb | ||
|---|---|---|
| 21 | 21 |
</li> |
| 22 | 22 |
<% end %> |
| 23 | 23 |
<% else %> |
| 24 |
<% unless @users.all?(&:locked?) %> |
|
| 25 |
<li> |
|
| 26 |
<%= context_menu_link l(:button_lock), bulk_lock_users_path(ids: @users.map(&:id)), method: :post, class: 'icon icon-lock' %> |
|
| 27 |
</li> |
|
| 28 |
<% end %> |
|
| 24 | 29 |
<li> |
| 25 | 30 |
<%= context_menu_link l(:button_delete), |
| 26 | 31 |
{controller: 'users', action: 'bulk_destroy', ids: @users.map(&:id)},
|
| app/views/users/bulk_destroy.html.erb | ||
|---|---|---|
| 14 | 14 | |
| 15 | 15 |
</div> |
| 16 | 16 | |
| 17 |
<p> |
|
| 18 |
<%= submit_tag l(:button_delete), class: 'btn-alert btn-small' %> |
|
| 19 |
<%= submit_tag l(:button_lock), class: 'btn', name: 'lock' %> |
|
| 20 |
<%= link_to l(:button_cancel), users_path %> |
|
| 21 |
</p> |
|
| 17 |
<%= submit_tag l(:button_delete), class: 'btn-alert btn-small' %> |
|
| 22 | 18 |
<% end %> |
| 19 |
<%= button_to l(:button_lock), bulk_lock_users_path(ids: @users.map(&:id)), method: :post, class: 'btn', name: 'lock' %> |
|
| 20 |
<%= link_to l(:button_cancel), users_path %> |
|
| app/views/users/destroy.html.erb | ||
|---|---|---|
| 12 | 12 |
</p> |
| 13 | 13 |
</div> |
| 14 | 14 | |
| 15 |
<p> |
|
| 16 |
<%= submit_tag l(:button_delete) %> |
|
| 17 |
<%= submit_tag l(:button_lock), name: 'lock' unless @user.locked? %> |
|
| 18 |
<%= link_to l(:button_cancel), users_path %> |
|
| 19 |
</p> |
|
| 15 |
<%= submit_tag l(:button_delete) %> |
|
| 20 | 16 |
<% end %> |
| 17 |
<%= button_to l(:button_lock), bulk_lock_users_path(ids: [@user.id]), method: :post, class: 'btn', name: 'lock' unless @user.locked? %> |
|
| 18 |
<%= link_to l(:button_cancel), users_path %> |
|
| config/routes.rb | ||
|---|---|---|
| 112 | 112 |
resources :users do |
| 113 | 113 |
collection do |
| 114 | 114 |
delete 'bulk_destroy' |
| 115 |
post :bulk_lock |
|
| 115 | 116 |
end |
| 116 | 117 |
resources :memberships, :controller => 'principal_memberships' |
| 117 | 118 |
resources :email_addresses, :only => [:index, :create, :update, :destroy] |
| test/functional/users_controller_test.rb | ||
|---|---|---|
| 1145 | 1145 |
assert_nil User.find_by_id(2) |
| 1146 | 1146 |
end |
| 1147 | 1147 | |
| 1148 |
def test_bulk_destroy_with_lock_param_should_lock_instead |
|
| 1149 |
assert_no_difference 'User.count' do |
|
| 1150 |
delete :bulk_destroy, :params => {:ids => [2], :lock => 'lock'}
|
|
| 1151 |
end |
|
| 1152 |
assert_redirected_to '/users' |
|
| 1153 |
assert User.find_by_id(2).locked? |
|
| 1154 |
end |
|
| 1155 | ||
| 1156 | 1148 |
def test_bulk_destroy_should_require_confirmation |
| 1157 | 1149 |
assert_no_difference 'User.count' do |
| 1158 | 1150 |
delete :bulk_destroy, :params => {:ids => [2]}
|
| ... | ... | |
| 1185 | 1177 |
end |
| 1186 | 1178 |
assert_response :not_found |
| 1187 | 1179 |
end |
| 1180 | ||
| 1181 |
def test_bulk_lock |
|
| 1182 |
assert_difference 'User.status(User::STATUS_LOCKED).count', 1 do |
|
| 1183 |
delete :bulk_lock, :params => {:ids => [2]}
|
|
| 1184 |
end |
|
| 1185 |
assert_redirected_to '/users' |
|
| 1186 |
assert User.find_by_id(2).locked? |
|
| 1187 |
end |
|
| 1188 | ||
| 1189 |
def test_bulk_lock_should_not_lock_current_user |
|
| 1190 |
assert_difference 'User.status(User::STATUS_LOCKED).count', 1 do |
|
| 1191 |
delete :bulk_lock, :params => {:ids => [2, 1]}
|
|
| 1192 |
end |
|
| 1193 |
assert_redirected_to '/users' |
|
| 1194 |
assert_not User.find_by_id(1).locked? |
|
| 1195 |
assert User.find_by_id(2).locked? |
|
| 1196 |
end |
|
| 1197 | ||
| 1198 |
def test_bulk_lock_should_be_denied_for_non_admin_users |
|
| 1199 |
@request.session[:user_id] = 3 |
|
| 1200 | ||
| 1201 |
assert_no_difference 'User.status(User::STATUS_LOCKED).count' do |
|
| 1202 |
delete :bulk_lock, :params => {:ids => [2]}
|
|
| 1203 |
end |
|
| 1204 |
assert_response :forbidden |
|
| 1205 |
end |
|
| 1206 | ||
| 1207 |
def test_bulk_lock_should_be_denied_for_anonymous |
|
| 1208 |
assert User.find(6).anonymous? |
|
| 1209 |
assert_no_difference 'User.status(User::STATUS_LOCKED).count' do |
|
| 1210 |
delete :bulk_lock, :params => {:ids => [6]}
|
|
| 1211 |
end |
|
| 1212 |
assert_response :not_found |
|
| 1213 |
end |
|
| 1188 | 1214 |
end |
