Commit 6573492abf02c36843d8eb23a8e1da2e05777471
Committed by
Daniela Feitosa
Daniela Feitosa
1 parent
9f253807
Exists in
master
and in
29 other branches
Environment permisson to delete a profile.
Add environment permission to not allow user to delete a profile Signed-off-by: Gabriela Navarro <navarro1703@gmail.com> Signed-off-by: Thiago Ribeiro <thiagitosouza@gmail.com>
Showing
6 changed files
with
84 additions
and
31 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
| @@ -5,6 +5,7 @@ class ProfileEditorController < MyProfileController | @@ -5,6 +5,7 @@ class ProfileEditorController < MyProfileController | ||
| 5 | 5 | ||
| 6 | before_filter :access_welcome_page, :only => [:welcome_page] | 6 | before_filter :access_welcome_page, :only => [:welcome_page] |
| 7 | before_filter :back_to | 7 | before_filter :back_to |
| 8 | + before_filter :forbid_destroy_profile, :only => [:destroy_profile] | ||
| 8 | helper_method :has_welcome_page | 9 | helper_method :has_welcome_page |
| 9 | 10 | ||
| 10 | def index | 11 | def index |
| @@ -155,4 +156,10 @@ class ProfileEditorController < MyProfileController | @@ -155,4 +156,10 @@ class ProfileEditorController < MyProfileController | ||
| 155 | end | 156 | end |
| 156 | end | 157 | end |
| 157 | 158 | ||
| 159 | + def forbid_destroy_profile | ||
| 160 | + if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment) | ||
| 161 | + session[:notice] = _('You can not destroy the profile.') | ||
| 162 | + redirect_to_previous_location | ||
| 163 | + end | ||
| 164 | + end | ||
| 158 | end | 165 | end |
app/models/environment.rb
| @@ -128,6 +128,7 @@ class Environment < ActiveRecord::Base | @@ -128,6 +128,7 @@ class Environment < ActiveRecord::Base | ||
| 128 | 'disable_select_city_for_contact' => _('Disable state/city select for contact form'), | 128 | 'disable_select_city_for_contact' => _('Disable state/city select for contact form'), |
| 129 | 'disable_contact_person' => _('Disable contact for people'), | 129 | 'disable_contact_person' => _('Disable contact for people'), |
| 130 | 'disable_contact_community' => _('Disable contact for groups/communities'), | 130 | 'disable_contact_community' => _('Disable contact for groups/communities'), |
| 131 | + 'forbid_destroy_profile' => _('Forbid users of removing profiles'), | ||
| 131 | 132 | ||
| 132 | 'products_for_enterprises' => _('Enable products for enterprises'), | 133 | 'products_for_enterprises' => _('Enable products for enterprises'), |
| 133 | 'enterprise_registration' => _('Enterprise registration'), | 134 | 'enterprise_registration' => _('Enterprise registration'), |
app/views/profile_editor/edit.html.erb
| @@ -75,14 +75,23 @@ | @@ -75,14 +75,23 @@ | ||
| 75 | 75 | ||
| 76 | <% if user && user.has_permission?('destroy_profile', profile) %> | 76 | <% if user && user.has_permission?('destroy_profile', profile) %> |
| 77 | <% button_bar(:id => 'delete-profile') do %> | 77 | <% button_bar(:id => 'delete-profile') do %> |
| 78 | - <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %> | ||
| 79 | 78 | ||
| 80 | - <% if environment.admins.include?(current_person) %> | 79 | + <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %> |
| 80 | + <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %> | ||
| 81 | + <% end %> | ||
| 81 | 82 | ||
| 83 | + <% if user.is_admin?(environment) %> | ||
| 82 | <% if profile.visible? %> | 84 | <% if profile.visible? %> |
| 83 | - <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %> | 85 | + <%= button(:remove, _('Deactivate profile'), |
| 86 | + {:action => :deactivate_profile, :id=>profile.id}, | ||
| 87 | + :id=>'deactivate_profile_button', | ||
| 88 | + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) | ||
| 89 | + %> | ||
| 84 | <% else %> | 90 | <% else %> |
| 85 | - <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %> | 91 | + <%= button(:add, _('Activate profile'), |
| 92 | + {:action => :activate_profile, :id=>profile.id}, | ||
| 93 | + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) | ||
| 94 | + %> | ||
| 86 | <% end %> | 95 | <% end %> |
| 87 | <% end %> | 96 | <% end %> |
| 88 | <% end %> | 97 | <% end %> |
app/views/shared/_list_groups.html.erb
| 1 | <ul id="groups-list"> | 1 | <ul id="groups-list"> |
| 2 | -<% for group in groups %> | ||
| 3 | - <li> | ||
| 4 | - <div class='common-profile-list-block'> | ||
| 5 | - <%= profile_image_link(group, :portrait, 'div') %> | ||
| 6 | - </div> | ||
| 7 | - <span class='profile-details'> | ||
| 8 | - <strong><%= group.name %></strong><br/> | ||
| 9 | - <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %> | ||
| 10 | - <%= _('Type: %s') % _(group.class.identification) %> <br/> | ||
| 11 | - <%= _('Description: %s') % group.description + '<br/>' if group.community? %> | ||
| 12 | - <%= _('Members: %s') % group.members_count.to_s %> <br/> | ||
| 13 | - <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | ||
| 14 | - <% button_bar do %> | ||
| 15 | - <% if user.has_permission?(:edit_profile, group) %> | ||
| 16 | - <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | ||
| 17 | - <% end %> | ||
| 18 | - <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | ||
| 19 | - <% if (group.community? && user.has_permission?(:destroy_profile, group)) %> | ||
| 20 | - <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %> | 2 | + <% for group in groups %> |
| 3 | + <li> | ||
| 4 | + <div class='common-profile-list-block'> | ||
| 5 | + <%= profile_image_link(group, :portrait, 'div') %> | ||
| 6 | + </div> | ||
| 7 | + <span class='profile-details'> | ||
| 8 | + <strong><%= group.name %></strong><br/> | ||
| 9 | + <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %> | ||
| 10 | + <%= _('Type: %s') % _(group.class.identification) %> <br/> | ||
| 11 | + <%= _('Description: %s') % group.description + '<br/>' if group.community? %> | ||
| 12 | + <%= _('Members: %s') % group.members_count.to_s %> <br/> | ||
| 13 | + <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | ||
| 14 | + <% button_bar do %> | ||
| 15 | + <% if user.has_permission?(:edit_profile, group) %> | ||
| 16 | + <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | ||
| 17 | + <% end %> | ||
| 18 | + <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | ||
| 19 | + | ||
| 20 | + <% if (user.has_permission?(:destroy_profile, group) && !environment.enabled?('forbid_destroy_profile')) || user.is_admin?(environment) %> | ||
| 21 | + <%= button 'delete', _('Remove'), | ||
| 22 | + { :controller => 'profile_editor', | ||
| 23 | + :action => 'destroy_profile', | ||
| 24 | + :profile => group.identifier } | ||
| 25 | + %> | ||
| 26 | + <% end %> | ||
| 21 | <% end %> | 27 | <% end %> |
| 22 | - <% end %> | ||
| 23 | - </span> | ||
| 24 | - <br class="may-clear" /> | ||
| 25 | - </li> | ||
| 26 | -<% end %> | 28 | + </span> |
| 29 | + <br class="may-clear" /> | ||
| 30 | + </li> | ||
| 31 | + <% end %> | ||
| 27 | </ul> | 32 | </ul> |
| 28 | - |
test/functional/memberships_controller_test.rb
| @@ -95,7 +95,7 @@ class MembershipsControllerTest < ActionController::TestCase | @@ -95,7 +95,7 @@ class MembershipsControllerTest < ActionController::TestCase | ||
| 95 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" } | 95 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" } |
| 96 | end | 96 | end |
| 97 | 97 | ||
| 98 | - should 'display destroy link only to communities' do | 98 | + should 'display destroy link to communities and enterprise' do |
| 99 | community = Community.create!(:name => 'A community to destroy') | 99 | community = Community.create!(:name => 'A community to destroy') |
| 100 | enterprise = fast_create(Enterprise, :name => 'A enterprise test') | 100 | enterprise = fast_create(Enterprise, :name => 'A enterprise test') |
| 101 | 101 | ||
| @@ -106,7 +106,7 @@ class MembershipsControllerTest < ActionController::TestCase | @@ -106,7 +106,7 @@ class MembershipsControllerTest < ActionController::TestCase | ||
| 106 | get :index, :profile => 'testuser' | 106 | get :index, :profile => 'testuser' |
| 107 | 107 | ||
| 108 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | 108 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } |
| 109 | - assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" } | 109 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" } |
| 110 | end | 110 | end |
| 111 | 111 | ||
| 112 | should 'not display destroy link to normal members' do | 112 | should 'not display destroy link to normal members' do |
test/functional/profile_editor_controller_test.rb
| @@ -824,6 +824,38 @@ class ProfileEditorControllerTest < ActionController::TestCase | @@ -824,6 +824,38 @@ class ProfileEditorControllerTest < ActionController::TestCase | ||
| 824 | assert_template 'destroy_profile' | 824 | assert_template 'destroy_profile' |
| 825 | end | 825 | end |
| 826 | 826 | ||
| 827 | + should 'not be able to destroy profile if forbid_destroy_profile is enabled' do | ||
| 828 | + environment = Environment.default | ||
| 829 | + user = create_user('user').person | ||
| 830 | + login_as('user') | ||
| 831 | + environment.enable('forbid_destroy_profile') | ||
| 832 | + assert_no_difference 'Profile.count' do | ||
| 833 | + post :destroy_profile, :profile => user.identifier | ||
| 834 | + end | ||
| 835 | + end | ||
| 836 | + | ||
| 837 | + should 'display destroy_profile button' do | ||
| 838 | + environment = Environment.default | ||
| 839 | + user = create_user_with_permission('user', 'destroy_profile') | ||
| 840 | + login_as('user') | ||
| 841 | + community = fast_create(Community) | ||
| 842 | + community.add_admin(user) | ||
| 843 | + get :edit, :profile => community.identifier | ||
| 844 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | ||
| 845 | + end | ||
| 846 | + | ||
| 847 | + should 'not display destroy_profile button' do | ||
| 848 | + environment = Environment.default | ||
| 849 | + environment.enable('forbid_destroy_profile') | ||
| 850 | + environment.save! | ||
| 851 | + user = create_user_with_permission('user', 'destroy_profile') | ||
| 852 | + login_as('user') | ||
| 853 | + community = fast_create(Community) | ||
| 854 | + community.add_admin(user) | ||
| 855 | + get :edit, :profile => community.identifier | ||
| 856 | + assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | ||
| 857 | + end | ||
| 858 | + | ||
| 827 | should 'be able to destroy a person' do | 859 | should 'be able to destroy a person' do |
| 828 | person = fast_create(Person) | 860 | person = fast_create(Person) |
| 829 | 861 |