Commit 8eab47dde85a04d23e2303f2d99110182cfb56b1

Authored by Thiago Ribeiro
Committed by David Silva
1 parent 5063822a

Environment permisson to delete a profile.

Add environment permission to not allow user to delete a profile

Signed-off-by: Gabriela Navarro <navarro1703@gmail.com>
Signed-off-by: Thiago Ribeiro <thiagitosouza@gmail.com>
app/controllers/my_profile/profile_editor_controller.rb
... ... @@ -5,6 +5,7 @@ class ProfileEditorController &lt; MyProfileController
5 5  
6 6 before_filter :access_welcome_page, :only => [:welcome_page]
7 7 before_filter :back_to
  8 + before_filter :forbid_destroy_profile, :only => [:destroy_profile]
8 9 helper_method :has_welcome_page
9 10  
10 11 def index
... ... @@ -155,4 +156,10 @@ class ProfileEditorController &lt; MyProfileController
155 156 end
156 157 end
157 158  
  159 + def forbid_destroy_profile
  160 + if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
  161 + session[:notice] = _('You can not destroy the profile.')
  162 + redirect_to_previous_location
  163 + end
  164 + end
158 165 end
... ...
app/models/environment.rb
... ... @@ -128,6 +128,7 @@ class Environment &lt; ActiveRecord::Base
128 128 'disable_select_city_for_contact' => _('Disable state/city select for contact form'),
129 129 'disable_contact_person' => _('Disable contact for people'),
130 130 'disable_contact_community' => _('Disable contact for groups/communities'),
  131 + 'forbid_destroy_profile' => _('Forbid users of removing profiles'),
131 132  
132 133 'products_for_enterprises' => _('Enable products for enterprises'),
133 134 'enterprise_registration' => _('Enterprise registration'),
... ...
app/views/profile_editor/edit.html.erb
... ... @@ -75,14 +75,23 @@
75 75  
76 76 <% if user && user.has_permission?('destroy_profile', profile) %>
77 77 <% button_bar(:id => 'delete-profile') do %>
78   - <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
79 78  
80   - <% if environment.admins.include?(current_person) %>
  79 + <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %>
  80 + <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
  81 + <% end %>
81 82  
  83 + <% if user.is_admin?(environment) %>
82 84 <% if profile.visible? %>
83   - <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
  85 + <%= button(:remove, _('Deactivate profile'),
  86 + {:action => :deactivate_profile, :id=>profile.id},
  87 + :id=>'deactivate_profile_button',
  88 + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")})
  89 + %>
84 90 <% else %>
85   - <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
  91 + <%= button(:add, _('Activate profile'),
  92 + {:action => :activate_profile, :id=>profile.id},
  93 + :data => {:confirm=>_("Are you sure you want to deactivate this profile?")})
  94 + %>
86 95 <% end %>
87 96 <% end %>
88 97 <% end %>
... ...
app/views/shared/_list_groups.html.erb
1 1 <ul id="groups-list">
2   -<% for group in groups %>
3   - <li>
4   - <div class='common-profile-list-block'>
5   - <%= profile_image_link(group, :portrait, 'div') %>
6   - </div>
7   - <span class='profile-details'>
8   - <strong><%= group.name %></strong><br/>
9   - <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %>
10   - <%= _('Type: %s') % _(group.class.identification) %> <br/>
11   - <%= _('Description: %s') % group.description + '<br/>' if group.community? %>
12   - <%= _('Members: %s') % group.members_count.to_s %> <br/>
13   - <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
14   - <% button_bar do %>
15   - <% if user.has_permission?(:edit_profile, group) %>
16   - <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
17   - <% end %>
18   - <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
19   - <% if (group.community? && user.has_permission?(:destroy_profile, group)) %>
20   - <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %>
  2 + <% for group in groups %>
  3 + <li>
  4 + <div class='common-profile-list-block'>
  5 + <%= profile_image_link(group, :portrait, 'div') %>
  6 + </div>
  7 + <span class='profile-details'>
  8 + <strong><%= group.name %></strong><br/>
  9 + <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %>
  10 + <%= _('Type: %s') % _(group.class.identification) %> <br/>
  11 + <%= _('Description: %s') % group.description + '<br/>' if group.community? %>
  12 + <%= _('Members: %s') % group.members_count.to_s %> <br/>
  13 + <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
  14 + <% button_bar do %>
  15 + <% if user.has_permission?(:edit_profile, group) %>
  16 + <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
  17 + <% end %>
  18 + <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
  19 +
  20 + <% if (user.has_permission?(:destroy_profile, group) && !environment.enabled?('forbid_destroy_profile')) || user.is_admin?(environment) %>
  21 + <%= button 'delete', _('Remove'),
  22 + { :controller => 'profile_editor',
  23 + :action => 'destroy_profile',
  24 + :profile => group.identifier }
  25 + %>
  26 + <% end %>
21 27 <% end %>
22   - <% end %>
23   - </span>
24   - <br class="may-clear" />
25   - </li>
26   -<% end %>
  28 + </span>
  29 + <br class="may-clear" />
  30 + </li>
  31 + <% end %>
27 32 </ul>
28   -
... ...
test/functional/memberships_controller_test.rb
... ... @@ -95,7 +95,7 @@ class MembershipsControllerTest &lt; ActionController::TestCase
95 95 assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" }
96 96 end
97 97  
98   - should 'display destroy link only to communities' do
  98 + should 'display destroy link to communities and enterprise' do
99 99 community = Community.create!(:name => 'A community to destroy')
100 100 enterprise = fast_create(Enterprise, :name => 'A enterprise test')
101 101  
... ... @@ -106,7 +106,7 @@ class MembershipsControllerTest &lt; ActionController::TestCase
106 106 get :index, :profile => 'testuser'
107 107  
108 108 assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
109   - assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" }
  109 + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" }
110 110 end
111 111  
112 112 should 'not display destroy link to normal members' do
... ...
test/functional/profile_editor_controller_test.rb
... ... @@ -824,6 +824,38 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
824 824 assert_template 'destroy_profile'
825 825 end
826 826  
  827 + should 'not be able to destroy profile if forbid_destroy_profile is enabled' do
  828 + environment = Environment.default
  829 + user = create_user('user').person
  830 + login_as('user')
  831 + environment.enable('forbid_destroy_profile')
  832 + assert_no_difference 'Profile.count' do
  833 + post :destroy_profile, :profile => user.identifier
  834 + end
  835 + end
  836 +
  837 + should 'display destroy_profile button' do
  838 + environment = Environment.default
  839 + user = create_user_with_permission('user', 'destroy_profile')
  840 + login_as('user')
  841 + community = fast_create(Community)
  842 + community.add_admin(user)
  843 + get :edit, :profile => community.identifier
  844 + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
  845 + end
  846 +
  847 + should 'not display destroy_profile button' do
  848 + environment = Environment.default
  849 + environment.enable('forbid_destroy_profile')
  850 + environment.save!
  851 + user = create_user_with_permission('user', 'destroy_profile')
  852 + login_as('user')
  853 + community = fast_create(Community)
  854 + community.add_admin(user)
  855 + get :edit, :profile => community.identifier
  856 + assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
  857 + end
  858 +
827 859 should 'be able to destroy a person' do
828 860 person = fast_create(Person)
829 861  
... ...