From 8eab47dde85a04d23e2303f2d99110182cfb56b1 Mon Sep 17 00:00:00 2001
From: Thiago Ribeiro <thiagitosouza@hotmail.com>
Date: Mon, 3 Aug 2015 20:25:37 +0000
Subject: [PATCH] Environment permisson to delete a profile.

---
 app/controllers/my_profile/profile_editor_controller.rb |  7 +++++++
 app/models/environment.rb                               |  1 +
 app/views/profile_editor/edit.html.erb                  | 17 +++++++++++++----
 app/views/shared/_list_groups.html.erb                  | 54 +++++++++++++++++++++++++++++-------------------------
 test/functional/memberships_controller_test.rb          |  4 ++--
 test/functional/profile_editor_controller_test.rb       | 32 ++++++++++++++++++++++++++++++++
 6 files changed, 84 insertions(+), 31 deletions(-)

diff --git a/app/controllers/my_profile/profile_editor_controller.rb b/app/controllers/my_profile/profile_editor_controller.rb
index 2eb3014..86e6f33 100644
--- a/app/controllers/my_profile/profile_editor_controller.rb
+++ b/app/controllers/my_profile/profile_editor_controller.rb
@@ -5,6 +5,7 @@ class ProfileEditorController < MyProfileController
 
   before_filter :access_welcome_page, :only => [:welcome_page]
   before_filter :back_to
+  before_filter :forbid_destroy_profile, :only => [:destroy_profile]
   helper_method :has_welcome_page
 
   def index
@@ -155,4 +156,10 @@ class ProfileEditorController < MyProfileController
     end
   end
 
+  def forbid_destroy_profile
+    if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
+      session[:notice] = _('You can not destroy the profile.')
+      redirect_to_previous_location
+    end
+  end
 end
diff --git a/app/models/environment.rb b/app/models/environment.rb
index 321551d..cfeb6cd 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -128,6 +128,7 @@ class Environment < ActiveRecord::Base
       'disable_select_city_for_contact' => _('Disable state/city select for contact form'),
       'disable_contact_person' => _('Disable contact for people'),
       'disable_contact_community' => _('Disable contact for groups/communities'),
+      'forbid_destroy_profile' => _('Forbid users of removing profiles'),
 
       'products_for_enterprises' => _('Enable products for enterprises'),
       'enterprise_registration' => _('Enterprise registration'),
diff --git a/app/views/profile_editor/edit.html.erb b/app/views/profile_editor/edit.html.erb
index a02ed3c..daeb8cd 100644
--- a/app/views/profile_editor/edit.html.erb
+++ b/app/views/profile_editor/edit.html.erb
@@ -75,14 +75,23 @@
 
   <% if user && user.has_permission?('destroy_profile', profile) %>
     <% button_bar(:id => 'delete-profile') do %>
-      <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
 
-      <% if environment.admins.include?(current_person) %>
+      <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %>
+        <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
+      <% end %>
 
+      <% if user.is_admin?(environment) %>
         <% if profile.visible? %>
-          <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
+          <%= button(:remove, _('Deactivate profile'),
+            {:action => :deactivate_profile, :id=>profile.id},
+            :id=>'deactivate_profile_button',
+            :data => {:confirm=>_("Are you sure you want to deactivate this profile?")})
+          %>
         <% else %>
-          <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
+          <%= button(:add, _('Activate profile'),
+            {:action => :activate_profile, :id=>profile.id},
+            :data => {:confirm=>_("Are you sure you want to deactivate this profile?")})
+          %>
         <% end %>
       <% end %>
     <% end %>
diff --git a/app/views/shared/_list_groups.html.erb b/app/views/shared/_list_groups.html.erb
index 6ec3108..05466a7 100644
--- a/app/views/shared/_list_groups.html.erb
+++ b/app/views/shared/_list_groups.html.erb
@@ -1,28 +1,32 @@
 <ul id="groups-list">
-<% for group in groups %>
-  <li>
-    <div class='common-profile-list-block'>
-      <%= profile_image_link(group, :portrait, 'div') %>
-    </div>
-    <span class='profile-details'>
-      <strong><%= group.name %></strong><br/>
-      <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %>
-      <%= _('Type: %s') % _(group.class.identification) %> <br/>
-      <%= _('Description: %s') % group.description  + '<br/>' if group.community? %>
-      <%= _('Members: %s') % group.members_count.to_s %> <br/>
-      <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
-      <% button_bar do %>
-        <% if user.has_permission?(:edit_profile, group) %>
-          <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
-        <% end %>
-        <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
-        <% if (group.community? && user.has_permission?(:destroy_profile, group)) %>
-          <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %>
+  <% for group in groups %>
+    <li>
+      <div class='common-profile-list-block'>
+        <%= profile_image_link(group, :portrait, 'div') %>
+      </div>
+      <span class='profile-details'>
+        <strong><%= group.name %></strong><br/>
+        <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %>
+        <%= _('Type: %s') % _(group.class.identification) %> <br/>
+        <%= _('Description: %s') % group.description  + '<br/>' if group.community? %>
+        <%= _('Members: %s') % group.members_count.to_s %> <br/>
+        <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
+        <% button_bar do %>
+          <% if user.has_permission?(:edit_profile, group) %>
+            <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
+          <% end %>
+          <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
+
+          <% if (user.has_permission?(:destroy_profile, group) && !environment.enabled?('forbid_destroy_profile')) || user.is_admin?(environment) %>
+            <%= button 'delete', _('Remove'),
+              { :controller => 'profile_editor',
+                :action => 'destroy_profile',
+                :profile => group.identifier }
+            %>
+          <% end %>
         <% end %>
-      <% end %>
-    </span>
-    <br class="may-clear" />
-  </li>
-<% end %>
+      </span>
+      <br class="may-clear" />
+    </li>
+  <% end %>
 </ul>
-
diff --git a/test/functional/memberships_controller_test.rb b/test/functional/memberships_controller_test.rb
index 28a3de1..3142fcd 100644
--- a/test/functional/memberships_controller_test.rb
+++ b/test/functional/memberships_controller_test.rb
@@ -95,7 +95,7 @@ class MembershipsControllerTest < ActionController::TestCase
     assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" }
   end
 
-  should 'display destroy link only to communities' do
+  should 'display destroy link to communities and enterprise' do
     community = Community.create!(:name => 'A community to destroy')
     enterprise = fast_create(Enterprise, :name => 'A enterprise test')
 
@@ -106,7 +106,7 @@ class MembershipsControllerTest < ActionController::TestCase
     get :index, :profile => 'testuser'
 
     assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
-    assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" }
+    assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" }
   end
 
   should 'not display destroy link to normal members' do
diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb
index fde38e3..d035014 100644
--- a/test/functional/profile_editor_controller_test.rb
+++ b/test/functional/profile_editor_controller_test.rb
@@ -824,6 +824,38 @@ class ProfileEditorControllerTest < ActionController::TestCase
     assert_template 'destroy_profile'
   end
 
+  should 'not be able to destroy profile if forbid_destroy_profile is enabled' do
+    environment = Environment.default
+    user = create_user('user').person
+    login_as('user')
+    environment.enable('forbid_destroy_profile')
+    assert_no_difference 'Profile.count' do
+      post :destroy_profile, :profile => user.identifier
+    end
+  end
+
+  should 'display destroy_profile button' do
+    environment = Environment.default
+    user = create_user_with_permission('user', 'destroy_profile')
+    login_as('user')
+    community = fast_create(Community)
+    community.add_admin(user)
+    get :edit, :profile => community.identifier
+    assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
+  end
+
+  should 'not display destroy_profile button' do
+    environment = Environment.default
+    environment.enable('forbid_destroy_profile')
+    environment.save!
+    user = create_user_with_permission('user', 'destroy_profile')
+    login_as('user')
+    community = fast_create(Community)
+    community.add_admin(user)
+    get :edit, :profile => community.identifier
+    assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
+  end
+
   should 'be able to destroy a person' do
     person = fast_create(Person)
 
--
libgit2 0.21.2