Adds the ability for users to delete their own account (#10664). Can be disabled in application settings.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9417 e93f8b46-1217-0410-a6f0-8f06a7374b81

3 files changed, 72 insertions, 0 deletions

diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb
index a89af91a2..644ecb792 100644
--- a/test/functional/my_controller_test.rb
+++ b/test/functional/my_controller_test.rb
@@ -84,6 +84,45 @@ class MyControllerTest < ActionController::TestCase
     assert user.groups.empty?
   end
 
+  def test_my_account_should_show_destroy_link
+    get :account
+    assert_select 'a[href=/my/account/destroy]'
+  end
+
+  def test_get_destroy_should_display_the_destroy_confirmation
+    get :destroy
+    assert_response :success
+    assert_template 'destroy'
+    assert_select 'form[action=/my/account/destroy]' do
+      assert_select 'input[name=confirm]'
+    end
+  end
+
+  def test_post_destroy_without_confirmation_should_not_destroy_account
+    assert_no_difference 'User.count' do
+      post :destroy
+    end
+    assert_response :success
+    assert_template 'destroy'
+  end
+
+  def test_post_destroy_without_confirmation_should_destroy_account
+    assert_difference 'User.count', -1 do
+      post :destroy, :confirm => '1'
+    end
+    assert_redirected_to '/'
+    assert_match /deleted/i, flash[:notice]
+  end
+
+  def test_post_destroy_with_unsubscribe_not_allowed_should_not_destroy_account
+    User.any_instance.stubs(:own_account_deletable?).returns(false)
+
+    assert_no_difference 'User.count' do
+      post :destroy, :confirm => '1'
+    end
+    assert_redirected_to '/my/account'
+  end
+
   def test_change_password
     get :password
     assert_response :success
diff --git a/test/integration/routing/my_test.rb b/test/integration/routing/my_test.rb
index 5537a8b72..11c8a2cfb 100644
--- a/test/integration/routing/my_test.rb
+++ b/test/integration/routing/my_test.rb
@@ -25,6 +25,12 @@ class RoutingMyTest < ActionController::IntegrationTest
           { :controller => 'my', :action => 'account' }
         )
     end
+    ["get", "post"].each do |method|
+      assert_routing(
+          { :method => method, :path => "/my/account/destroy" },
+          { :controller => 'my', :action => 'destroy' }
+        )
+    end
     assert_routing(
         { :method => 'get', :path => "/my/page" },
         { :controller => 'my', :action => 'page' }
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index e698207da..607f23770 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -770,7 +770,34 @@ class UserTest < ActiveSupport::TestCase
       user.auth_source = denied_auth_source
       assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
     end
+  end
+
+  def test_own_account_deletable_should_be_true_with_unsubscrive_enabled
+    with_settings :unsubscribe => '1' do
+      assert_equal true, User.find(2).own_account_deletable?
+    end
+  end
+
+  def test_own_account_deletable_should_be_false_with_unsubscrive_disabled
+    with_settings :unsubscribe => '0' do
+      assert_equal false, User.find(2).own_account_deletable?
+    end
+  end
 
+  def test_own_account_deletable_should_be_false_for_a_single_admin
+    User.delete_all(["admin = ? AND id <> ?", true, 1])
+
+    with_settings :unsubscribe => '1' do
+      assert_equal false, User.find(1).own_account_deletable?
+    end
+  end
+
+  def test_own_account_deletable_should_be_true_for_an_admin_if_other_admin_exists
+    User.generate_with_protected(:admin => true)
+
+    with_settings :unsubscribe => '1' do
+      assert_equal true, User.find(1).own_account_deletable?
+    end
   end
 
   context "#allowed_to?" do