Commit 8eab47dde85a04d23e2303f2d99110182cfb56b1
Committed by
David Silva
1 parent
5063822a
Environment permisson to delete a profile.
Add environment permission to not allow user to delete a profile Signed-off-by: Gabriela Navarro <navarro1703@gmail.com> Signed-off-by: Thiago Ribeiro <thiagitosouza@gmail.com>
Showing
6 changed files
with
84 additions
and
31 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
... | ... | @@ -5,6 +5,7 @@ class ProfileEditorController < MyProfileController |
5 | 5 | |
6 | 6 | before_filter :access_welcome_page, :only => [:welcome_page] |
7 | 7 | before_filter :back_to |
8 | + before_filter :forbid_destroy_profile, :only => [:destroy_profile] | |
8 | 9 | helper_method :has_welcome_page |
9 | 10 | |
10 | 11 | def index |
... | ... | @@ -155,4 +156,10 @@ class ProfileEditorController < MyProfileController |
155 | 156 | end |
156 | 157 | end |
157 | 158 | |
159 | + def forbid_destroy_profile | |
160 | + if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment) | |
161 | + session[:notice] = _('You can not destroy the profile.') | |
162 | + redirect_to_previous_location | |
163 | + end | |
164 | + end | |
158 | 165 | end | ... | ... |
app/models/environment.rb
... | ... | @@ -128,6 +128,7 @@ class Environment < ActiveRecord::Base |
128 | 128 | 'disable_select_city_for_contact' => _('Disable state/city select for contact form'), |
129 | 129 | 'disable_contact_person' => _('Disable contact for people'), |
130 | 130 | 'disable_contact_community' => _('Disable contact for groups/communities'), |
131 | + 'forbid_destroy_profile' => _('Forbid users of removing profiles'), | |
131 | 132 | |
132 | 133 | 'products_for_enterprises' => _('Enable products for enterprises'), |
133 | 134 | 'enterprise_registration' => _('Enterprise registration'), | ... | ... |
app/views/profile_editor/edit.html.erb
... | ... | @@ -75,14 +75,23 @@ |
75 | 75 | |
76 | 76 | <% if user && user.has_permission?('destroy_profile', profile) %> |
77 | 77 | <% button_bar(:id => 'delete-profile') do %> |
78 | - <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %> | |
79 | 78 | |
80 | - <% if environment.admins.include?(current_person) %> | |
79 | + <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %> | |
80 | + <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %> | |
81 | + <% end %> | |
81 | 82 | |
83 | + <% if user.is_admin?(environment) %> | |
82 | 84 | <% if profile.visible? %> |
83 | - <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %> | |
85 | + <%= button(:remove, _('Deactivate profile'), | |
86 | + {:action => :deactivate_profile, :id=>profile.id}, | |
87 | + :id=>'deactivate_profile_button', | |
88 | + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) | |
89 | + %> | |
84 | 90 | <% else %> |
85 | - <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %> | |
91 | + <%= button(:add, _('Activate profile'), | |
92 | + {:action => :activate_profile, :id=>profile.id}, | |
93 | + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) | |
94 | + %> | |
86 | 95 | <% end %> |
87 | 96 | <% end %> |
88 | 97 | <% end %> | ... | ... |
app/views/shared/_list_groups.html.erb
1 | 1 | <ul id="groups-list"> |
2 | -<% for group in groups %> | |
3 | - <li> | |
4 | - <div class='common-profile-list-block'> | |
5 | - <%= profile_image_link(group, :portrait, 'div') %> | |
6 | - </div> | |
7 | - <span class='profile-details'> | |
8 | - <strong><%= group.name %></strong><br/> | |
9 | - <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %> | |
10 | - <%= _('Type: %s') % _(group.class.identification) %> <br/> | |
11 | - <%= _('Description: %s') % group.description + '<br/>' if group.community? %> | |
12 | - <%= _('Members: %s') % group.members_count.to_s %> <br/> | |
13 | - <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | |
14 | - <% button_bar do %> | |
15 | - <% if user.has_permission?(:edit_profile, group) %> | |
16 | - <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | |
17 | - <% end %> | |
18 | - <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | |
19 | - <% if (group.community? && user.has_permission?(:destroy_profile, group)) %> | |
20 | - <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %> | |
2 | + <% for group in groups %> | |
3 | + <li> | |
4 | + <div class='common-profile-list-block'> | |
5 | + <%= profile_image_link(group, :portrait, 'div') %> | |
6 | + </div> | |
7 | + <span class='profile-details'> | |
8 | + <strong><%= group.name %></strong><br/> | |
9 | + <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %> | |
10 | + <%= _('Type: %s') % _(group.class.identification) %> <br/> | |
11 | + <%= _('Description: %s') % group.description + '<br/>' if group.community? %> | |
12 | + <%= _('Members: %s') % group.members_count.to_s %> <br/> | |
13 | + <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | |
14 | + <% button_bar do %> | |
15 | + <% if user.has_permission?(:edit_profile, group) %> | |
16 | + <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | |
17 | + <% end %> | |
18 | + <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | |
19 | + | |
20 | + <% if (user.has_permission?(:destroy_profile, group) && !environment.enabled?('forbid_destroy_profile')) || user.is_admin?(environment) %> | |
21 | + <%= button 'delete', _('Remove'), | |
22 | + { :controller => 'profile_editor', | |
23 | + :action => 'destroy_profile', | |
24 | + :profile => group.identifier } | |
25 | + %> | |
26 | + <% end %> | |
21 | 27 | <% end %> |
22 | - <% end %> | |
23 | - </span> | |
24 | - <br class="may-clear" /> | |
25 | - </li> | |
26 | -<% end %> | |
28 | + </span> | |
29 | + <br class="may-clear" /> | |
30 | + </li> | |
31 | + <% end %> | |
27 | 32 | </ul> |
28 | - | ... | ... |
test/functional/memberships_controller_test.rb
... | ... | @@ -95,7 +95,7 @@ class MembershipsControllerTest < ActionController::TestCase |
95 | 95 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" } |
96 | 96 | end |
97 | 97 | |
98 | - should 'display destroy link only to communities' do | |
98 | + should 'display destroy link to communities and enterprise' do | |
99 | 99 | community = Community.create!(:name => 'A community to destroy') |
100 | 100 | enterprise = fast_create(Enterprise, :name => 'A enterprise test') |
101 | 101 | |
... | ... | @@ -106,7 +106,7 @@ class MembershipsControllerTest < ActionController::TestCase |
106 | 106 | get :index, :profile => 'testuser' |
107 | 107 | |
108 | 108 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } |
109 | - assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" } | |
109 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" } | |
110 | 110 | end |
111 | 111 | |
112 | 112 | should 'not display destroy link to normal members' do | ... | ... |
test/functional/profile_editor_controller_test.rb
... | ... | @@ -824,6 +824,38 @@ class ProfileEditorControllerTest < ActionController::TestCase |
824 | 824 | assert_template 'destroy_profile' |
825 | 825 | end |
826 | 826 | |
827 | + should 'not be able to destroy profile if forbid_destroy_profile is enabled' do | |
828 | + environment = Environment.default | |
829 | + user = create_user('user').person | |
830 | + login_as('user') | |
831 | + environment.enable('forbid_destroy_profile') | |
832 | + assert_no_difference 'Profile.count' do | |
833 | + post :destroy_profile, :profile => user.identifier | |
834 | + end | |
835 | + end | |
836 | + | |
837 | + should 'display destroy_profile button' do | |
838 | + environment = Environment.default | |
839 | + user = create_user_with_permission('user', 'destroy_profile') | |
840 | + login_as('user') | |
841 | + community = fast_create(Community) | |
842 | + community.add_admin(user) | |
843 | + get :edit, :profile => community.identifier | |
844 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | |
845 | + end | |
846 | + | |
847 | + should 'not display destroy_profile button' do | |
848 | + environment = Environment.default | |
849 | + environment.enable('forbid_destroy_profile') | |
850 | + environment.save! | |
851 | + user = create_user_with_permission('user', 'destroy_profile') | |
852 | + login_as('user') | |
853 | + community = fast_create(Community) | |
854 | + community.add_admin(user) | |
855 | + get :edit, :profile => community.identifier | |
856 | + assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" } | |
857 | + end | |
858 | + | |
827 | 859 | should 'be able to destroy a person' do |
828 | 860 | person = fast_create(Person) |
829 | 861 | ... | ... |