end
@project_to_destroy = @project
- if api_request? || params[:confirm]
+ if api_request? || params[:confirm] == @project_to_destroy.identifier
@project_to_destroy.destroy
respond_to do |format|
format.html do
content_tag('strong', @project_to_destroy.descendants.collect{|p| p.to_s}.join(', '))).html_safe %>
<% end %>
</p>
+
<p>
- <label><%= check_box_tag 'confirm', 1 %> <%= l(:general_text_Yes) %></label>
+ <%= l :text_project_destroy_enter_identifier, identifier: @project_to_destroy.identifier %>
</p>
+
+<p>
+ <label for="confirm"><%= l :field_identifier %></label>
+ <%= text_field_tag 'confirm' %>
+</p>
+
</div>
<p>
field_twofa_scheme: Two-factor authentication scheme
text_user_destroy_confirmation: "Wollen Sie diesen Benutzer inklusive aller Referenzen darauf wirklich löschen? Dies kann nicht rückgängig gemacht werden. Oftmals ist es besser, einen Benutzer lediglich zu sperren. Geben Sie bitte zur Bestätigung den Login des Benutzers (%{login}) ein."
+ text_project_destroy_enter_identifier: "Zur Bestätigung bitte die Projektkennung (%{identifier}) eingeben."
twofa_backup_codes_already_shown: Backup codes cannot be shown again, please <a data-method="post" href="%{bc_path}">generate new backup codes</a> if required.
text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below."
+ text_project_destroy_enter_identifier: "To confirm, please enter the project's identifier (%{identifier}) below."
assert_select '.warning', :text => /Are you sure you want to delete this project/
end
+ def test_destroy_leaf_project_with_wrong_confirmation_should_show_confirmation
+ @request.session[:user_id] = 1 # admin
+
+ assert_no_difference 'Project.count' do
+ delete(:destroy, :params => {:id => 2, :confirm => 'wrong'})
+ assert_response :success
+ end
+ assert_select '.warning', :text => /Are you sure you want to delete this project/
+ end
+
def test_destroy_without_confirmation_should_show_confirmation_with_subprojects
set_tmp_attachments_directory
@request.session[:user_id] = 1 # admin
:destroy,
:params => {
:id => 1,
- :confirm => 1
+ :confirm => 'ecookbook'
}
)
assert_redirected_to '/admin/projects'
:destroy,
:params => {
:id => 2,
- :confirm => 1
+ :confirm => 'onlinestore'
}
)
assert_redirected_to '/projects'
:destroy,
:params => {
:id => 1,
- :confirm => 1
+ :confirm => 'ecookbook'
}
)
assert_response 403
projects / redmine.git / commitdiff