Browse Source
Require to enter project's identifier to confirm project deletion (#34417).
Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@20601 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.2.0
Go MAEDA
3 years ago
5 changed files with 24 additions and 5 deletions
+ 1
- 1
app/controllers/projects_controller.rb
View File
| end | end | ||||
| @project_to_destroy = @project | @project_to_destroy = @project | ||||
| if api_request? || params[:confirm] | |||||
| if api_request? || params[:confirm] == @project_to_destroy.identifier | |||||
| @project_to_destroy.destroy | @project_to_destroy.destroy | ||||
| respond_to do |format| | respond_to do |format| | ||||
| format.html do | format.html do |
+ 8
- 1
app/views/projects/destroy.html.erb
View File
| content_tag('strong', @project_to_destroy.descendants.collect{|p| p.to_s}.join(', '))).html_safe %> | content_tag('strong', @project_to_destroy.descendants.collect{|p| p.to_s}.join(', '))).html_safe %> | ||||
| <% end %> | <% end %> | ||||
| </p> | </p> | ||||
| <p> | <p> | ||||
| <label><%= check_box_tag 'confirm', 1 %> <%= l(:general_text_Yes) %></label> | |||||
| <%= l :text_project_destroy_enter_identifier, identifier: @project_to_destroy.identifier %> | |||||
| </p> | </p> | ||||
| <p> | |||||
| <label for="confirm"><%= l :field_identifier %></label> | |||||
| <%= text_field_tag 'confirm' %> | |||||
| </p> | |||||
| </div> | </div> | ||||
| <p> | <p> |
+ 1
- 0
config/locales/de.yml
View File
| field_twofa_scheme: Two-factor authentication scheme | field_twofa_scheme: Two-factor authentication scheme | ||||
| text_user_destroy_confirmation: "Wollen Sie diesen Benutzer inklusive aller Referenzen darauf wirklich löschen? Dies kann nicht rückgängig gemacht werden. Oftmals ist es besser, einen Benutzer lediglich zu sperren. Geben Sie bitte zur Bestätigung den Login des Benutzers (%{login}) ein." | text_user_destroy_confirmation: "Wollen Sie diesen Benutzer inklusive aller Referenzen darauf wirklich löschen? Dies kann nicht rückgängig gemacht werden. Oftmals ist es besser, einen Benutzer lediglich zu sperren. Geben Sie bitte zur Bestätigung den Login des Benutzers (%{login}) ein." | ||||
| text_project_destroy_enter_identifier: "Zur Bestätigung bitte die Projektkennung (%{identifier}) eingeben." |
+ 1
- 0
config/locales/en.yml
View File
| twofa_backup_codes_already_shown: Backup codes cannot be shown again, please <a data-method="post" href="%{bc_path}">generate new backup codes</a> if required. | twofa_backup_codes_already_shown: Backup codes cannot be shown again, please <a data-method="post" href="%{bc_path}">generate new backup codes</a> if required. | ||||
| text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below." | text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below." | ||||
| text_project_destroy_enter_identifier: "To confirm, please enter the project's identifier (%{identifier}) below." |
+ 13
- 3
test/functional/projects_controller_test.rb
View File
| assert_select '.warning', :text => /Are you sure you want to delete this project/ | assert_select '.warning', :text => /Are you sure you want to delete this project/ | ||||
| end | end | ||||
| def test_destroy_leaf_project_with_wrong_confirmation_should_show_confirmation | |||||
| @request.session[:user_id] = 1 # admin | |||||
| assert_no_difference 'Project.count' do | |||||
| delete(:destroy, :params => {:id => 2, :confirm => 'wrong'}) | |||||
| assert_response :success | |||||
| end | |||||
| assert_select '.warning', :text => /Are you sure you want to delete this project/ | |||||
| end | |||||
| def test_destroy_without_confirmation_should_show_confirmation_with_subprojects | def test_destroy_without_confirmation_should_show_confirmation_with_subprojects | ||||
| set_tmp_attachments_directory | set_tmp_attachments_directory | ||||
| @request.session[:user_id] = 1 # admin | @request.session[:user_id] = 1 # admin | ||||
| :destroy, | :destroy, | ||||
| :params => { | :params => { | ||||
| :id => 1, | :id => 1, | ||||
| :confirm => 1 | |||||
| :confirm => 'ecookbook' | |||||
| } | } | ||||
| ) | ) | ||||
| assert_redirected_to '/admin/projects' | assert_redirected_to '/admin/projects' | ||||
| :destroy, | :destroy, | ||||
| :params => { | :params => { | ||||
| :id => 2, | :id => 2, | ||||
| :confirm => 1 | |||||
| :confirm => 'onlinestore' | |||||
| } | } | ||||
| ) | ) | ||||
| assert_redirected_to '/projects' | assert_redirected_to '/projects' | ||||
| :destroy, | :destroy, | ||||
| :params => { | :params => { | ||||
| :id => 1, | :id => 1, | ||||
| :confirm => 1 | |||||
| :confirm => 'ecookbook' | |||||
| } | } | ||||
| ) | ) | ||||
| assert_response 403 | assert_response 403 |
Loading…