end
end
+ def bulk_destroy
+ @users = User.logged.where(id: params[:ids]).where.not(id: User.current)
+ (render_404; return) unless @users.any?
+
+ if params[:lock]
+ @users.update_all status: User::STATUS_LOCKED
+ flash[:notice] = l(:notice_successful_update)
+ redirect_to users_path
+ elsif params[:confirm] == I18n.t(:general_text_Yes)
+ @users.destroy_all
+ flash[:notice] = l(:notice_successful_delete)
+ redirect_to users_path
+ end
+ end
+
private
def find_user(logged = true)
method: :delete, class: 'icon icon-del' %>
</li>
<% end %>
+ <% else %>
+ <li>
+ <%= context_menu_link l(:button_delete),
+ {controller: 'users', action: 'bulk_destroy', ids: @users.map(&:id)},
+ method: :delete, class: 'icon icon-del' %>
+ </li>
<% end %>
</ul>
--- /dev/null
+<%= title l(:label_confirmation) %>
+
+<%= form_tag(bulk_destroy_users_path(ids: @users.map(&:id)), method: :delete) do %>
+<div class="warning">
+
+<p><%= simple_format l :text_users_bulk_destroy_head %></p>
+
+<% @users.each do |user| %>
+ <p><strong><%= user.name %></strong> (<%= user.login %>)</p>
+<% end %>
+
+<p><%= l :text_users_bulk_destroy_confirm, yes: l(:general_text_Yes) %></p>
+<p><%= text_field_tag 'confirm' %></p>
+
+</div>
+
+<p>
+ <%= submit_tag l(:button_delete), class: 'btn-alert btn-small' %>
+ <%= submit_tag l(:button_lock), class: 'btn', name: 'lock' %>
+ <%= link_to l(:button_cancel), users_path %>
+</p>
+<% end %>
text_project_close_confirmation: Are you sure you want to close the '%{value}' project to make it read-only?
text_project_reopen_confirmation: Are you sure you want to reopen the '%{value}' project?
text_project_archive_confirmation: Are you sure you want to archive the '%{value}' project?
+ text_users_bulk_destroy_head: 'You are about to delete the following users and remove all references to them. This cannot be undone. Often, locking users instead of deleting them is the better solution.'
+ text_users_bulk_destroy_confirm: 'To confirm, please enter "%{yes}" below.'
text_workflow_edit: Select a role and a tracker to edit the workflow
text_are_you_sure: Are you sure?
text_journal_changed: "%{label} changed from %{old} to %{new}"
match '/users/context_menu', to: 'context_menus#users', as: :users_context_menu, via: [:get, :post]
resources :users do
+ collection do
+ delete 'bulk_destroy'
+ end
resources :memberships, :controller => 'principal_memberships'
resources :email_addresses, :only => [:index, :create, :update, :destroy]
end
assert_response 422
end
end
+
+ def test_bulk_destroy
+ assert_difference 'User.count', -1 do
+ delete :bulk_destroy, :params => {:ids => [2], :confirm => 'Yes'}
+ end
+ assert_redirected_to '/users'
+ assert_nil User.find_by_id(2)
+ end
+
+ def test_bulk_destroy_should_not_destroy_current_user
+ assert_difference 'User.count', -1 do
+ delete :bulk_destroy, :params => {:ids => [2, 1], :confirm => 'Yes'}
+ end
+ assert_redirected_to '/users'
+ assert_nil User.find_by_id(2)
+ end
+
+ def test_bulk_destroy_with_lock_param_should_lock_instead
+ assert_no_difference 'User.count' do
+ delete :bulk_destroy, :params => {:ids => [2], :lock => 'lock'}
+ end
+ assert_redirected_to '/users'
+ assert User.find_by_id(2).locked?
+ end
+
+ def test_bulk_destroy_should_require_confirmation
+ assert_no_difference 'User.count' do
+ delete :bulk_destroy, :params => {:ids => [2]}
+ end
+ assert_response :success
+ assert_select '.warning', :text => /You are about to delete the following users/
+ end
+
+ def test_bulk_destroy_should_require_correct_confirmation
+ assert_no_difference 'User.count' do
+ delete :bulk_destroy, :params => {:ids => [2], :confirm => 'wrong'}
+ end
+ assert_response :success
+ assert_select '.warning', :text => /You are about to delete the following users/
+ end
+
+ def test_bulk_destroy_should_be_denied_for_non_admin_users
+ @request.session[:user_id] = 3
+
+ assert_no_difference 'User.count' do
+ delete :bulk_destroy, :params => {:ids => [2], :confirm => 'Yes'}
+ end
+ assert_response 403
+ end
+
+ def test_bulk_destroy_should_be_denied_for_anonymous
+ assert User.find(6).anonymous?
+ assert_no_difference 'User.count' do
+ delete :bulk_destroy, :params => {:ids => [6], :confirm => "Yes"}
+ end
+ assert_response 404
+ end
end
projects / redmine.git / commitdiff