Commit 8eab47dde85a04d23e2303f2d99110182cfb56b1
Committed by
David Silva
David Silva
1 parent
5063822a
Environment permisson to delete a profile.
Add environment permission to not allow user to delete a profile Signed-off-by: Gabriela Navarro <navarro1703@gmail.com> Signed-off-by: Thiago Ribeiro <thiagitosouza@gmail.com>
Showing
6 changed files
with
84 additions
and
31 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
| ... | ... | @@ -5,6 +5,7 @@ class ProfileEditorController < MyProfileController |
| 5 | 5 | |
| 6 | 6 | before_filter :access_welcome_page, :only => [:welcome_page] |
| 7 | 7 | before_filter :back_to |
| 8 | + before_filter :forbid_destroy_profile, :only => [:destroy_profile] | |
| 8 | 9 | helper_method :has_welcome_page |
| 9 | 10 | |
| 10 | 11 | def index |
| ... | ... | @@ -155,4 +156,10 @@ class ProfileEditorController < MyProfileController |
| 155 | 156 | end |
| 156 | 157 | end |
| 157 | 158 | |
| 159 | + def forbid_destroy_profile | |
| 160 | + if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment) | |
| 161 | + session[:notice] = _('You can not destroy the profile.') | |
| 162 | + redirect_to_previous_location | |
| 163 | + end | |
| 164 | + end | |
| 158 | 165 | end | ... | ... |
app/models/environment.rb
| ... | ... | @@ -128,6 +128,7 @@ class Environment < ActiveRecord::Base |
| 128 | 128 | 'disable_select_city_for_contact' => _('Disable state/city select for contact form'), |
| 129 | 129 | 'disable_contact_person' => _('Disable contact for people'), |
| 130 | 130 | 'disable_contact_community' => _('Disable contact for groups/communities'), |
| 131 | + 'forbid_destroy_profile' => _('Forbid users of removing profiles'), | |
| 131 | 132 | |
| 132 | 133 | 'products_for_enterprises' => _('Enable products for enterprises'), |
| 133 | 134 | 'enterprise_registration' => _('Enterprise registration'), | ... | ... |
app/views/profile_editor/edit.html.erb
| ... | ... | @@ -75,14 +75,23 @@ |
| 75 | 75 | |
| 76 | 76 | <% if user && user.has_permission?('destroy_profile', profile) %> |
| 77 | 77 | <% button_bar(:id => 'delete-profile') do %> |
| 78 | - <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %> | |
| 79 | 78 | |
| 80 | - <% if environment.admins.include?(current_person) %> | |
| 79 | + <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %> | |
| 80 | + <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %> | |
| 81 | + <% end %> | |
| 81 | 82 | |
| 83 | + <% if user.is_admin?(environment) %> | |
| 82 | 84 | <% if profile.visible? %> |
| 83 | - <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %> | |
| 85 | + <%= button(:remove, _('Deactivate profile'), | |
| 86 | + {:action => :deactivate_profile, :id=>profile.id}, | |
| 87 | + :id=>'deactivate_profile_button', | |
| 88 | + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) | |
| 89 | + %> | |
| 84 | 90 | <% else %> |
| 85 | - <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %> | |
| 91 | + <%= button(:add, _('Activate profile'), | |
| 92 | + {:action => :activate_profile, :id=>profile.id}, | |
| 93 | + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) | |
| 94 | + %> | |
| 86 | 95 | <% end %> |
| 87 | 96 | <% end %> |
| 88 | 97 | <% end %> | ... | ... |
app/views/shared/_list_groups.html.erb
| 1 | 1 | <ul id="groups-list"> |
| 2 | -<% for group in groups %> | |
| 3 | - <li> | |
| 4 | - <div class='common-profile-list-block'> | |
| 5 | - <%= profile_image_link(group, :portrait, 'div') %> | |
| 6 | - </div> | |
| 7 | - <span class='profile-details'> | |
| 8 | - <strong><%= group.name %></strong><br/> | |
| 9 | - <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %> | |
| 10 | - <%= _('Type: %s') % _(group.class.identification) %> <br/> | |
| 11 | - <%= _('Description: %s') % group.description + '<br/>' if group.community? %> | |
| 12 | - <%= _('Members: %s') % group.members_count.to_s %> <br/> | |
| 13 | - <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | |
| 14 | - <% button_bar do %> | |
| 15 | - <% if user.has_permission?(:edit_profile, group) %> | |
| 16 | - <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | |
| 17 | - <% end %> | |
| 18 | - <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | |
| 19 | - <% if (group.community? && user.has_permission?(:destroy_profile, group)) %> | |
| 20 | - <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %> | |
| 2 | + <% for group in groups %> | |
| 3 | + <li> | |
| 4 | + <div class='common-profile-list-block'> | |
| 5 | + <%= profile_image_link(group, :portrait, 'div') %> | |
| 6 | + </div> | |
| 7 | + <span class='profile-details'> | |
| 8 | + <strong><%= group.name %></strong><br/> | |
| 9 | + <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %> | |
| 10 | + <%= _('Type: %s') % _(group.class.identification) %> <br/> | |
| 11 | + <%= _('Description: %s') % group.description + '<br/>' if group.community? %> | |
| 12 | + <%= _('Members: %s') % group.members_count.to_s %> <br/> | |
| 13 | + <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | |
| 14 | + <% button_bar do %> | |
| 15 | + <% if user.has_permission?(:edit_profile, group) %> | |
| 16 | + <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | |
| 17 | + <% end %> | |
| 18 | + <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | |
| 19 | + | |
| 20 | + <% if (user.has_permission?(:destroy_profile, group) && !environment.enabled?('forbid_destroy_profile')) || user.is_admin?(environment) %> | |
| 21 | + <%= button 'delete', _('Remove'), | |
| 22 | + { :controller => 'profile_editor', | |
| 23 | + :action => 'destroy_profile', | |
| 24 | + :profile => group.identifier } | |
| 25 | + %> | |
| 26 | + <% end %> | |
| 21 | 27 | <% end %> |
| 22 | - <% end %> | |
| 23 | - </span> | |
| 24 | - <br class="may-clear" /> | |
| 25 | - </li> | |
| 26 | -<% end %> | |
| 28 | + </span> | |
| 29 | + <br class="may-clear" /> | |
| 30 | + </li> | |
| 31 | + <% end %> | |
| 27 | 32 | </ul> |
| 28 | - | ... | ... |
test/functional/memberships_controller_test.rb
| ... | ... | @@ -95,7 +95,7 @@ class MembershipsControllerTest < ActionController::TestCase |
| 95 | 95 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" } |
| 96 | 96 | end |
| 97 | 97 | |
| 98 | - should 'display destroy link only to communities' do | |
| 98 | + should 'display destroy link to communities and enterprise' do | |
| 99 | 99 | community = Community.create!(:name => 'A community to destroy') |
| 100 | 100 | enterprise = fast_create(Enterprise, :name => 'A enterprise test') |
| 101 | 101 | |
| ... | ... | @@ -106,7 +106,7 @@ class MembershipsControllerTest < ActionController::TestCase |
| 106 | 106 | get :index, :profile => 'testuser' |
| 107 | 107 | |
| 108 | 108 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } |
| 109 | - assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" } | |
| 109 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" } | |
| 110 | 110 | end |
| 111 | 111 | |
| 112 | 112 | should 'not display destroy link to normal members' do | ... | ... |
test/functional/profile_editor_controller_test.rb
| ... | ... | @@ -824,6 +824,38 @@ class ProfileEditorControllerTest < ActionController::TestCase |
| 824 | 824 | assert_template 'destroy_profile' |
| 825 | 825 | end |
| 826 | 826 | |
| 827 | + should 'not be able to destroy profile if forbid_destroy_profile is enabled' do | |
| 828 | + environment = Environment.default | |
| 829 | + user = create_user('user').person | |
| 830 | + login_as('user') | |
| 831 | + environment.enable('forbid_destroy_profile') | |
| 832 | + assert_no_difference 'Profile.count' do | |
| 833 | + post :destroy_profile, :profile => user.identifier | |
| 834 | + end | |
| 835 | + end | |
| 836 | + | |
| 837 | + should 'display destroy_profile button' do | |
| 838 | + environment = Environment.default | |
| 839 | + user = create_user_with_permission('user', 'destroy_profile') | |
| 840 | + login_as('user') | |
| 841 | + community = fast_create(Community) | |
| 842 | + community.add_admin(user) | |
| 843 | + get :edit, :profile => community.identifier | |
| 844 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | |
| 845 | + end | |
| 846 | + | |
| 847 | + should 'not display destroy_profile button' do | |
| 848 | + environment = Environment.default | |
| 849 | + environment.enable('forbid_destroy_profile') | |
| 850 | + environment.save! | |
| 851 | + user = create_user_with_permission('user', 'destroy_profile') | |
| 852 | + login_as('user') | |
| 853 | + community = fast_create(Community) | |
| 854 | + community.add_admin(user) | |
| 855 | + get :edit, :profile => community.identifier | |
| 856 | + assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | |
| 857 | + end | |
| 858 | + | |
| 827 | 859 | should 'be able to destroy a person' do |
| 828 | 860 | person = fast_create(Person) |
| 829 | 861 | ... | ... |