forked from fixin.me/fixin.me
Compare commits
1 Commits
pr70-sole-
...
seed-defau
| Author | SHA1 | Date | |
|---|---|---|---|
| fd9d2b791a |
@@ -1,10 +1,6 @@
|
|||||||
class User::ProfilesController < Devise::RegistrationsController
|
class User::ProfilesController < Devise::RegistrationsController
|
||||||
def destroy
|
def destroy
|
||||||
if current_user.sole_admin?
|
# TODO: Disallow/disable deletion for last admin account; update :edit view
|
||||||
redirect_back fallback_location: edit_user_registration_path,
|
|
||||||
alert: t(".sole_admin")
|
|
||||||
return
|
|
||||||
end
|
|
||||||
super
|
super
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -29,11 +29,4 @@ class User < ApplicationRecord
|
|||||||
def at_least(status)
|
def at_least(status)
|
||||||
User.statuses[self.status] >= User.statuses[status]
|
User.statuses[self.status] >= User.statuses[status]
|
||||||
end
|
end
|
||||||
|
|
||||||
# Returns true when this user is the only admin account in the system.
|
|
||||||
# Used to block actions that would leave the application without an admin
|
|
||||||
# (account deletion, status demotion).
|
|
||||||
def sole_admin?
|
|
||||||
admin? && !User.admin.where.not(id: id).exists?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -4,8 +4,9 @@
|
|||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<div class="rightside-area buttongrid">
|
<div class="rightside-area buttongrid">
|
||||||
<%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
|
<%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
|
||||||
user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
|
<%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
|
||||||
|
form_class: 'tools-area', method: :delete, data: {turbo: false},
|
||||||
onclick: {confirm: t('.confirm_delete')} %>
|
onclick: {confirm: t('.confirm_delete')} %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
@@ -162,9 +162,6 @@ en:
|
|||||||
New password:
|
New password:
|
||||||
<br><em>leave blank to keep unchanged</em>
|
<br><em>leave blank to keep unchanged</em>
|
||||||
%{password_length_hint_html}
|
%{password_length_hint_html}
|
||||||
registrations:
|
|
||||||
destroy:
|
|
||||||
sole_admin: You cannot delete the only admin account.
|
|
||||||
actions: Actions
|
actions: Actions
|
||||||
add: Add
|
add: Add
|
||||||
apply: Apply
|
apply: Apply
|
||||||
|
|||||||
@@ -21,3 +21,4 @@ end
|
|||||||
#[Source, Quantity, Unit].each { |model| model.defaults.delete_all }
|
#[Source, Quantity, Unit].each { |model| model.defaults.delete_all }
|
||||||
|
|
||||||
require_relative 'seeds/units.rb'
|
require_relative 'seeds/units.rb'
|
||||||
|
require_relative 'seeds/quantities.rb'
|
||||||
|
|||||||
9
db/seeds/quantities.rb
Normal file
9
db/seeds/quantities.rb
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
Quantity.transaction do
|
||||||
|
Quantity.defaults.delete_all
|
||||||
|
|
||||||
|
quantities = {}
|
||||||
|
|
||||||
|
quantities['Body weight'] =
|
||||||
|
Quantity.create name: 'Body weight',
|
||||||
|
description: 'body weight measurement'
|
||||||
|
end
|
||||||
@@ -1,18 +0,0 @@
|
|||||||
require "test_helper"
|
|
||||||
|
|
||||||
class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
||||||
test "sole admin cannot delete account" do
|
|
||||||
sign_in users(:admin)
|
|
||||||
delete user_registration_path
|
|
||||||
assert_redirected_to edit_user_registration_path
|
|
||||||
assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
|
|
||||||
assert User.exists?(users(:admin).id)
|
|
||||||
end
|
|
||||||
|
|
||||||
test "non-admin can delete account" do
|
|
||||||
sign_in users(:alice)
|
|
||||||
assert_difference ->{ User.count }, -1 do
|
|
||||||
delete user_registration_path
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
@@ -182,8 +182,8 @@ class UsersTest < ApplicationSystemTestCase
|
|||||||
assert_title 'Access is forbidden to this page (403)'
|
assert_title 'Access is forbidden to this page (403)'
|
||||||
end
|
end
|
||||||
|
|
||||||
test "delete profile" do
|
test 'delete profile' do
|
||||||
user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
|
user = sign_in
|
||||||
# TODO: remove condition after root_url changed to different path than
|
# TODO: remove condition after root_url changed to different path than
|
||||||
# profile in routes.rb
|
# profile in routes.rb
|
||||||
unless has_current_path?(edit_user_registration_path)
|
unless has_current_path?(edit_user_registration_path)
|
||||||
@@ -196,15 +196,7 @@ class UsersTest < ApplicationSystemTestCase
|
|||||||
assert_text t("devise.registrations.destroyed")
|
assert_text t("devise.registrations.destroyed")
|
||||||
end
|
end
|
||||||
|
|
||||||
test "sole admin cannot delete profile" do
|
test 'index forbidden for non admin' do
|
||||||
sign_in user: users(:admin)
|
|
||||||
unless has_current_path?(edit_user_registration_path)
|
|
||||||
first(:link_or_button, users(:admin).email).click
|
|
||||||
end
|
|
||||||
assert find(:button, t("users.registrations.edit.delete"))[:disabled]
|
|
||||||
end
|
|
||||||
|
|
||||||
test "index forbidden for non admin" do
|
|
||||||
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
|
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
|
||||||
visit users_path
|
visit users_path
|
||||||
assert_title "Access is forbidden to this page (403)"
|
assert_title "Access is forbidden to this page (403)"
|
||||||
|
|||||||
Reference in New Issue
Block a user