##// END OF EJS Templates
jro_apps » redmine
RSS
Enable ability for administrators to delete users (#7296)....
Jean-Philippe Lang -
r4609:e9f62d1209bf
parent child
Show More
Side by Side Unified
Context file:
r4609:e9f62d1209bf Loading diff...:
Show file before | Show file after | Hide comments
@@ -19,8 +19,8 class UsersController < ApplicationController
19 layout 'admin'
19 layout 'admin'
20
20
21 before_filter :require_admin, :except => :show
21 before_filter :require_admin, :except => :show
22 before_filter :find_user, :only => [:show, :edit, :update, :edit_membership, :destroy_membership]
22 before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
23 accept_key_auth :index, :show, :create, :update
23 accept_key_auth :index, :show, :create, :update, :destroy
24
24
25 helper :sort
25 helper :sort
26 include SortHelper
26 include SortHelper
@@ -177,6 +177,15 class UsersController < ApplicationController
177 redirect_to :controller => 'users', :action => 'edit', :id => @user
177 redirect_to :controller => 'users', :action => 'edit', :id => @user
178 end
178 end
179
179
180 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
181 def destroy
182 @user.destroy
183 respond_to do |format|
184 format.html { redirect_to(users_url) }
185 format.api { head :ok }
186 end
187 end
188
180 def edit_membership
189 def edit_membership
181 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
190 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
182 @membership.save if request.post?
191 @membership.save if request.post?
Show file before | Show file after | Hide comments
@@ -1,6 +1,7
1 <div class="contextual">
1 <div class="contextual">
2 <%= link_to l(:label_profile), user_path(@user), :class => 'icon icon-user' %>
2 <%= link_to l(:label_profile), user_path(@user), :class => 'icon icon-user' %>
3 <%= change_status_link(@user) %>
3 <%= change_status_link(@user) %>
4 <%= link_to(l(:button_delete), @user, :confirm => l(:text_are_you_sure), :method => :delete, :class => 'icon icon-del') if User.current != @user %>
4 </div>
5 </div>
5
6
6 <h2><%= link_to l(:label_user_plural), :controller => 'users', :action => 'index' %> &#187; <%=h @user.login %></h2>
7 <h2><%= link_to l(:label_user_plural), :controller => 'users', :action => 'index' %> &#187; <%=h @user.login %></h2>
Show file before | Show file after | Hide comments
@@ -37,7 +37,10
37 <td align="center"><%= checked_image user.admin? %></td>
37 <td align="center"><%= checked_image user.admin? %></td>
38 <td class="created_on" align="center"><%= format_time(user.created_on) %></td>
38 <td class="created_on" align="center"><%= format_time(user.created_on) %></td>
39 <td class="last_login_on" align="center"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td>
39 <td class="last_login_on" align="center"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td>
40 <td><small><%= change_status_link(user) %></small></td>
40 <td class="buttons">
41 <%= change_status_link(user) %>
42 <%= link_to(l(:button_delete), user, :confirm => l(:text_are_you_sure), :method => :delete, :class => 'icon icon-del') unless User.current == user %>
43 </td>
41 </tr>
44 </tr>
42 <% end -%>
45 <% end -%>
43 </tbody>
46 </tbody>
Show file before | Show file after | Hide comments
@@ -122,8 +122,7 ActionController::Routing::Routes.draw do |map|
122 map.resources :users, :member => {
122 map.resources :users, :member => {
123 :edit_membership => :post,
123 :edit_membership => :post,
124 :destroy_membership => :post
124 :destroy_membership => :post
125 },
125 }
126 :except => [:destroy]
127
126
128 # For nice "roadmap" in the url for the index action
127 # For nice "roadmap" in the url for the index action
129 map.connect 'projects/:project_id/roadmap', :controller => 'versions', :action => 'index'
128 map.connect 'projects/:project_id/roadmap', :controller => 'versions', :action => 'index'
Show file before | Show file after | Hide comments
@@ -264,6 +264,30 class UsersControllerTest < ActionController::TestCase
264 assert u.check_password?('newpass')
264 assert u.check_password?('newpass')
265 end
265 end
266
266
267 def test_destroy
268 assert_difference 'User.count', -1 do
269 delete :destroy, :id => 2
270 end
271 assert_redirected_to '/users'
272 assert_nil User.find_by_id(2)
273 end
274
275 def test_destroy_should_not_accept_get_requests
276 assert_no_difference 'User.count' do
277 get :destroy, :id => 2
278 end
279 assert_response 405
280 end
281
282 def test_destroy_should_be_denied_for_non_admin_users
283 @request.session[:user_id] = 3
284
285 assert_no_difference 'User.count' do
286 get :destroy, :id => 2
287 end
288 assert_response 403
289 end
290
267 def test_edit_membership
291 def test_edit_membership
268 post :edit_membership, :id => 2, :membership_id => 1,
292 post :edit_membership, :id => 2, :membership_id => 1,
269 :membership => { :role_ids => [2]}
293 :membership => { :role_ids => [2]}
Show file before | Show file after | Hide comments
@@ -245,26 +245,36 class ApiTest::UsersTest < ActionController::IntegrationTest
245 end
245 end
246 end
246 end
247 end
247 end
248 end
248
249
249 context "DELETE /users/2" do
250 context "DELETE /users/2" do
250 context ".xml" do
251 context ".xml" do
251 should "not be allowed" do
252 should_allow_api_authentication(:delete,
252 assert_no_difference('User.count') do
253 '/users/2.xml',
253 delete '/users/2.xml'
254 {},
254 end
255 {:success_code => :ok})
255
256
256 assert_response :method_not_allowed
257 should "delete user" do
258 assert_difference('User.count', -1) do
259 delete '/users/2.xml', {}, :authorization => credentials('admin')
257 end
260 end
261
262 assert_response :ok
258 end
263 end
259
264 end
260 context ".json" do
265
261 should "not be allowed" do
266 context ".json" do
262 assert_no_difference('User.count') do
267 should_allow_api_authentication(:delete,
263 delete '/users/2.json'
268 '/users/2.xml',
264 end
269 {},
270 {:success_code => :ok})
265
271
266 assert_response :method_not_allowed
272 should "delete user" do
273 assert_difference('User.count', -1) do
274 delete '/users/2.json', {}, :authorization => credentials('admin')
267 end
275 end
276
277 assert_response :ok
268 end
278 end
269 end
279 end
270 end
280 end
Show file before | Show file after | Hide comments
@@ -302,6 +302,9 class RoutingTest < ActionController::IntegrationTest
302
302
303 should_route :put, "/users/444", :controller => 'users', :action => 'update', :id => '444'
303 should_route :put, "/users/444", :controller => 'users', :action => 'update', :id => '444'
304 should_route :put, "/users/444.xml", :controller => 'users', :action => 'update', :id => '444', :format => 'xml'
304 should_route :put, "/users/444.xml", :controller => 'users', :action => 'update', :id => '444', :format => 'xml'
305
306 should_route :delete, "/users/44", :controller => 'users', :action => 'destroy', :id => '44'
307 should_route :delete, "/users/44.xml", :controller => 'users', :action => 'destroy', :id => '44', :format => 'xml'
305 end
308 end
306
309
307 # TODO: should they all be scoped under /projects/:project_id ?
310 # TODO: should they all be scoped under /projects/:project_id ?
General Comments 0
You need to be logged in to leave comments. Login now