0003-Implement-explicit-confirmation-when-removing-user-s.patch - Redmine

       end
       def remove_users
         @users = User.where(:id => (params[:user_id] || params[:user_ids])).to_a
         @group.users.delete(@users) if request.delete?
         respond_to do |format|
           format.html {redirect_back_or_default edit_group_path(@group, :tab => 'users')}
           format.js
           format.api {render_api_ok}
         @users = @group.users.where(:id => (params[:user_id] || params[:user_ids])).to_a
         if @users.empty?
           render_404
           return
         end
         if request.delete? && (api_request? || params[:confirm] == I18n.t(:general_text_Yes))
           @group.users.delete(@users)
           respond_to do |format|
             format.html do
               flash[:notice] = l(:notice_successful_delete)
               redirect_back_or_default edit_group_path(@group, :tab => 'users')
             end
             format.api {render_api_ok}
           end
         end
       end

           <tr id="user-<%= user.id %>">
             <td class="name"><%= link_to_user user %></td>
             <td class="buttons">
               <%= remove_link group_users_path(@group, :user_id => user), :remote => true %>
               <%= link_to sprite_icon('link-break', l(:button_remove)), group_users_path(@group, :user_id => user), :method => :delete, :class => 'icon icon-link-break' %>
             </td>
           </tr>
         <% end %>

     <%= title l(:label_confirmation) %>
     <%= form_tag(group_users_path(@group, :user_ids => @users.map(&:id)), method: :delete) do %>
       <div class="warning">
         <p><%= simple_format l :text_users_remove_from_group_confirmation, group: "<strong>#{@group.name}</strong>".html_safe %></p>
         <% @users.each do |user| %>
           <p><strong><%= user.name %></strong> (<%= user.login %>)</p>
         <% end %>
         <p><%= l :text_users_bulk_destroy_confirm, yes: l(:general_text_Yes) %></p>
         <p><%= text_field_tag 'confirm' %></p>
       </div>
       <p>
         <%= submit_tag l(:button_delete) %>
         <%= link_to l(:button_cancel), @back_url || users_path %>
       </p>
     <% end %>

app/views/groups/remove_users.js.erb
1		$('#tab-content-users').html('<%= escape_javascript(render :partial => 'groups/users') %>');

config/locales/en.yml
1478	1478	twofa_text_group_required: "This setting is only effective when the global two factor authentication setting is set to 'optional'. Currently, two factor authentication is required for all users."
1479	1479	twofa_text_group_disabled: "This setting is only effective when the global two factor authentication setting is set to 'optional'. Currently, two factor authentication is disabled."
1480	1480	text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below."
	1481	text_users_remove_from_group_confirmation: "You are about to remove the following user(s) from group %{group}."
1481	1482	text_project_destroy_enter_identifier: "To confirm, please enter the project's identifier (%{identifier}) below."
1482	1483	field_name_or_email_or_login: Name, email or login
1483	1484	setting_wiki_tablesort_enabled: JavaScript based table sorting in wiki content

             :remove_users,
             :params => {
               :id => 10,
               :user_id => '8'
               :user_id => '8',
               :confirm => I18n.t(:general_text_Yes)
+            }
+          )
         end
       end
       def test_remove_users_plural
         group = Group.find(10)
         group.users << User.find(2)
         assert_difference 'group.users.count', -2 do
       def test_remove_users_without_confirmation
         assert_no_difference 'Group.find(10).users.count' do
           delete(
             :remove_users,
             :params => {
               :id => 10,
               :user_ids => ['2', '8']
               :user_id => '8'
+            }
+          )
         end
         assert_response :success
         assert_select 'input[name=confirm]'
       end
       def test_xhr_remove_users
         assert_difference 'Group.find(10).users.count', -1 do
       def test_remove_users_plural
         group = Group.find(10)
         group.users << User.find(2)
         assert_difference 'group.users.count', -2 do
           delete(
             :remove_users,
             :params => {
               :id => 10,
               :user_id => '8'
             },
             :xhr => true
               :user_ids => ['2', '8'],
               :confirm => I18n.t(:general_text_Yes)
+            }
+          )
           assert_response :success
           assert_equal 'text/javascript', response.media_type
         end
       end
       def test_remove_users_should_only_include_group_members
         assert !Group.find(10).users.include?(User.find(3))
         get(
           :remove_users,
           :params => {
             :id => 10,
             :user_ids => ['3', '8']
+          }
+        )
         assert_response :success
         assert_select 'input[name=confirm]'
         # Should show user 8 but not user 3
         assert_select 'p strong', :text => 'User Misc'
         assert_select 'p strong', :text => 'Dave Lopper', :count => 0
       end
       def test_remove_user_should_be_deprecated
         Rails.application.deprecators[:redmine].expects(:warn).with(regexp_matches(/GroupsController#remove_user is deprecated/))
         delete(

Project

General

Profile

Redmine

Patch #43640 » 0003-Implement-explicit-confirmation-when-removing-user-s.patch