Defect #11870 » fix-11870-v2.patch
| app/controllers/users_controller.rb | ||
|---|---|---|
| 184 | 184 |
end |
| 185 | 185 | |
| 186 | 186 |
def destroy |
| 187 |
if @user == User.current && !@user.own_account_deletable? |
|
| 188 |
respond_to do |format| |
|
| 189 |
format.html { return render_error message: l(:error_unable_delete_own_account), status: 422 }
|
|
| 190 |
format.api { return render_api_errors(l(:error_unable_delete_own_account)) }
|
|
| 191 |
end |
|
| 192 |
end |
|
| 193 | ||
| 187 | 194 |
@user.destroy |
| 188 | 195 |
respond_to do |format| |
| 189 | 196 |
format.html { redirect_back_or_default(users_path) }
|
| config/locales/en.yml | ||
|---|---|---|
| 233 | 233 |
error_can_not_delete_auth_source: "This authentication mode is in use and cannot be deleted." |
| 234 | 234 |
error_spent_on_future_date: "Cannot log time on a future date" |
| 235 | 235 |
error_not_allowed_to_log_time_for_other_users: "You are not allowed to log time for other users" |
| 236 |
error_unable_delete_own_account: "This user is your own user and cannot be deleted" |
|
| 236 | 237 | |
| 237 | 238 |
mail_subject_lost_password: "Your %{value} password"
|
| 238 | 239 |
mail_body_lost_password: 'To change your password, click on the following link:' |
| test/functional/users_controller_test.rb | ||
|---|---|---|
| 852 | 852 |
) |
| 853 | 853 |
end |
| 854 | 854 |
end |
| 855 | ||
| 856 |
def test_destroy_without_unsubscribe_is_denied |
|
| 857 |
user = User.find(2) |
|
| 858 |
user.update(admin: true) # Create other admin so self can be deleted |
|
| 859 |
@request.session[:user_id] = user.id |
|
| 860 |
with_settings unsubscribe: 0 do |
|
| 861 |
assert_no_difference 'User.count' do |
|
| 862 |
delete :destroy, params: {id: user.id}
|
|
| 863 |
end |
|
| 864 |
assert_response 422 |
|
| 865 |
assert_select '#errorExplanation', :text => I18n.t(:error_unable_delete_own_account) |
|
| 866 |
end |
|
| 867 |
end |
|
| 868 | ||
| 869 |
def test_destroy_last_admin_is_denied |
|
| 870 |
user = User.find(1) |
|
| 871 |
@request.session[:user_id] = user.id |
|
| 872 |
with_settings unsubscribe: 1 do |
|
| 873 |
assert_no_difference 'User.count' do |
|
| 874 |
delete :destroy, params: {id: user.id}
|
|
| 875 |
end |
|
| 876 |
assert_response 422 |
|
| 877 |
assert_select '#errorExplanation', :text => I18n.t(:error_unable_delete_own_account) |
|
| 878 |
end |
|
| 879 |
end |
|
| 855 | 880 |
end |
| test/integration/api_test/users_test.rb | ||
|---|---|---|
| 348 | 348 |
assert_response :no_content |
| 349 | 349 |
assert_equal '', @response.body |
| 350 | 350 |
end |
| 351 | ||
| 352 |
test "DELETE /users/:id.xml without unsubscribe should fail delete the own user" do |
|
| 353 |
assert_no_difference('User.count') do
|
|
| 354 |
delete '/users/1.xml', :headers => credentials('admin')
|
|
| 355 |
end |
|
| 356 | ||
| 357 |
assert_response 422 |
|
| 358 |
assert_select 'errors error', :text => I18n.t('error_unable_delete_own_account')
|
|
| 359 |
end |
|
| 360 | ||
| 361 |
test "DELETE /users/:id.json without unsubscribe should fail delete the own user" do |
|
| 362 |
assert_no_difference('User.count') do
|
|
| 363 |
delete '/users/1.json', :headers => credentials('admin')
|
|
| 364 |
end |
|
| 365 | ||
| 366 |
assert_response 422 |
|
| 367 |
assert_equal({ 'errors' => [I18n.t('error_unable_delete_own_account')] }, ActiveSupport::JSON.decode(response.body))
|
|
| 368 |
end |
|
| 351 | 369 |
end |