lino.jorzick
/
greenlight
forked from External/greenlight
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-247: Added Active Pending Banned Deleted tabs to manage users (#816) 

* Added Active Pending Banned Deleted tabs to manage users

* Removed hard coded strings

* Fixed issues with sign in flow

* Fixed issues with rooms not deleting
This commit is contained in:
Ahmad Farhat 2019-10-10 16:10:23 -04:00 committed by Jesus Federico
parent 03bde37a2b
commit 49def8f405
22 changed files with 411 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.rubocop.yml
View File

@ -9,6 +9,9 @@ AllCops:
Bundler/OrderedGems:
Enabled: false
Style/BlockDelimiters:
Enabled: false
# Checks if uses of quotes match the configured preference.
Style/StringLiterals:
Enabled: false
@ -97,6 +100,9 @@ Layout/AlignArguments:
Layout/IndentationWidth:
Enabled: false
Layout/CaseIndentation:
Enabled: false
# Checks for ambiguous block association with method when param passed without parentheses.
Lint/AmbiguousBlockAssociation:
Enabled: false

33
app/assets/javascripts/admins.js
View File

@ -21,17 +21,6 @@ $(document).on('turbolinks:load', function(){
// Only run on the admins page.
if (controller == "admins") {
if(action == "index") {
// show the modal with the correct form action url
$(".delete-user").click(function(data){
var uid = $(data.target).closest("tr").data("user-uid")
var url = $("body").data("relative-root")
if (!url.endsWith("/")) {
url += "/"
}
url += "u/" + uid
$("#delete-confirm").parent().attr("action", url)
})
//clear the role filter if user clicks on the x
$(".clear-role").click(function() {
var search = new URL(location.href).searchParams.get('search')
@ -44,6 +33,14 @@ $(document).on('turbolinks:load', function(){
window.location.replace(url);
})
// Handle selected user tags
$(".manage-users-tab").click(function() {
$(".manage-users-tab").removeClass("selected")
$(this).addClass("selected")
updateTabParams(this.id)
})
}
else if(action == "site_settings"){
loadColourSelectors()
@ -95,6 +92,20 @@ function filterRole(role) {
window.location.replace(url);
}
function updateTabParams(tab) {
var search_params = new URLSearchParams(window.location.search)
if (window.location.href.includes("tab=")) {
search_params.set("tab", tab)
} else {
search_params.append("tab", tab)
}
search_params.delete("page")
window.location.search = search_params.toString()
}
function loadColourSelectors() {
const pickrRegular = new Pickr({
el: '#colorinput-regular',

57
app/assets/javascripts/delete.js Normal file
View File

@ -0,0 +1,57 @@
// BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
//
// Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
//
// This program is free software; you can redistribute it and/or modify it under the
// terms of the GNU Lesser General Public License as published by the Free Software
// Foundation; either version 3.0 of the License, or (at your option) any later
// version.
//
// BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
// PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License along
// with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
$(document).on('turbolinks:load', function(){
var controller = $("body").data('controller');
var action = $("body").data('action');
// Only run on the admins page.
if (controller == "admins" && action == "index") {
// show the modal with the correct form action url
$(".delete-user").click(function(){
$("#delete-confirm").parent().attr("action", $(this).data("path"))
if ($(this).data("delete") == "temp-delete") {
$("#perm-delete").hide()
$("#delete-warning").show()
} else {
$("#perm-delete").show()
$("#delete-warning").hide()
}
})
}
$(".delete-user").click(function(data){
document.getElementById("delete-checkbox").checked = false
$("#delete-confirm").prop("disabled", "disabled")
if ($(data.target).data("delete") == "temp-delete") {
$("#perm-delete").hide()
$("#delete-warning").show()
} else {
$("#perm-delete").show()
$("#delete-warning").hide()
}
})
$("#delete-checkbox").click(function(data){
if (document.getElementById("delete-checkbox").checked) {
$("#delete-confirm").removeAttr("disabled")
} else {
$("#delete-confirm").prop("disabled", "disabled")
}
})
})

6
app/assets/javascripts/search.js
View File

@ -69,10 +69,12 @@ function searchPage() {
// Check if the user filtered by role
var role = new URL(location.href).searchParams.get('role')
var tab = new URL(location.href).searchParams.get('tab')
var url = window.location.pathname + "?page=1&search=" + search
if (role) { url += "&role=" + role }
if (tab) { url += "&tab=" + tab }
window.location.replace(addRecordingTable(url));
}
@ -80,12 +82,16 @@ function searchPage() {
// Clears the search bar
function clearSearch() {
var role = new URL(location.href).searchParams.get('role')
var tab = new URL(location.href).searchParams.get('tab')
var url = window.location.pathname + "?page=1"
if (role) { url += "&role=" + role }
if (tab) { url += "&tab=" + tab }
window.location.replace(addRecordingTable(url));
var search_params = new URLSearchParams(window.location.search)
}
function addRecordingTable(url) {

9
app/assets/stylesheets/admins.scss
View File

@ -75,8 +75,17 @@
.custom-role-tag{
color: white !important;
// Make it consistent with the manage users tab tags
padding-top: 1px;
padding-bottom: 1px;
}
.user-role-tag{
color: white !important;
}
.manage-users-tab {
&:hover {
cursor: pointer;
}
}

4
app/assets/stylesheets/application.scss
View File

@ -175,3 +175,7 @@ table {
.cursor-pointer{
cursor: pointer;
}
#delete-confirm:disabled {
cursor: not-allowed;
}

10
app/assets/stylesheets/utilities/_primary_themes.scss
View File

@ -182,4 +182,14 @@ input:focus, select:focus {
.custom-switch-input:focus ~ .custom-switch-indicator {
box-shadow: 0 0 0 2px $primary-color-lighten;
border-color: $primary-color-darken !important;
}
.custom-control-label::before {
border-color: $primary-color-darken !important;
}
.manage-users-tab {
&.selected {
@extend .btn-primary;
}
}

40
app/controllers/admins_controller.rb
View File

@ -24,10 +24,11 @@ class AdminsController < ApplicationController
include Rolify
manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve, :reset]
manage_deleted_users = [:undelete]
authorize_resource class: false
before_action :find_user, only: manage_users
before_action :verify_admin_of_user, only: manage_users
before_action :find_deleted_user, only: manage_deleted_users
before_action :verify_admin_of_user, only: [manage_users, manage_deleted_users]
# GET /admins
def index
@ -37,6 +38,7 @@ class AdminsController < ApplicationController
@order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
@role = params[:role] ? Role.find_by(name: params[:role], provider: @user_domain) : nil
@tab = params[:tab] || "active"
@pagy, @users = pagy(user_list)
end
@ -88,6 +90,15 @@ class AdminsController < ApplicationController
redirect_to admins_path, flash: { success: I18n.t("administrator.flash.approved") }
end
# POST /admins/approve/:user_uid
def undelete
# Undelete the user and all of his rooms
@user.undelete!
@user.rooms.deleted.each(&:undelete!)
redirect_to admins_path, flash: { success: I18n.t("administrator.flash.restored") }
end
# POST /admins/invite
def invite
emails = params[:invite_user][:email].split(",")
@ -208,6 +219,10 @@ class AdminsController < ApplicationController
@user = User.where(uid: params[:user_uid]).includes(:roles).first
end
def find_deleted_user
@user = User.deleted.where(uid: params[:user_uid]).includes(:roles).first
end
# Verifies that admin is an administrator of the user in the action
def verify_admin_of_user
redirect_to admins_path,
@ -216,18 +231,31 @@ class AdminsController < ApplicationController
# Gets the list of users based on your configuration
def user_list
current_role = @role
initial_user = case @tab
when "active"
User.without_role(:pending).without_role(:denied)
when "deleted"
User.deleted
else
User
end
current_role = Role.find_by(name: @tab, provider: @user_domain) if @tab == "pending" || @tab == "denied"
initial_list = if current_user.has_role? :super_admin
User.where.not(id: current_user.id)
initial_user.where.not(id: current_user.id)
else
User.without_role(:super_admin).where.not(id: current_user.id)
initial_user.without_role(:super_admin).where.not(id: current_user.id)
end
if Rails.configuration.loadbalanced_configuration
initial_list.where(provider: @user_domain)
.admins_search(@search, @role)
.admins_search(@search, current_role)
.admins_order(@order_column, @order_direction)
else
initial_list.admins_search(@search, @role)
initial_list.admins_search(@search, current_role)
.admins_order(@order_column, @order_direction)
end
end

43
app/controllers/sessions_controller.rb
View File

@ -63,17 +63,22 @@ class SessionsController < ApplicationController
def create
logger.info "Support: #{session_params[:email]} is attempting to login."
admin = User.find_by(email: session_params[:email])
if admin&.has_role? :super_admin
user = admin
else
user = User.find_by(email: session_params[:email], provider: @user_domain)
redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user
redirect_to(root_path, alert: I18n.t("invalid_login_method")) && return unless user.greenlight_account?
redirect_to(account_activation_path(email: user.email)) && return unless user.activated?
end
redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user.try(:authenticate,
user = User.include_deleted.find_by(email: session_params[:email], provider: @user_domain)
# Check user with that email exists
return redirect_to(signin_path, alert: I18n.t("invalid_credentials")) unless user
# Check correct password was entered
return redirect_to(signin_path, alert: I18n.t("invalid_credentials")) unless user.try(:authenticate,
session_params[:password])
# Check that the user is not deleted
return redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") } if user.deleted?
unless user.has_role? :super_admin
# Check that the user is a Greenlight account
return redirect_to(root_path, alert: I18n.t("invalid_login_method")) unless user.greenlight_account?
# Check that the user has verified their account
return redirect_to(account_activation_path(email: user.email)) unless user.activated?
end
login(user)
end
@ -153,8 +158,19 @@ class SessionsController < ApplicationController
end
def check_user_exists
provider = @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
User.exists?(social_uid: @auth['uid'], provider: provider)
User.exists?(social_uid: @auth['uid'], provider: current_provider)
end
def check_user_deleted(email)
User.deleted.exists?(email: email, provider: @user_domain)
end
def check_auth_deleted
User.deleted.exists?(social_uid: @auth['uid'], provider: current_provider)
end
def current_provider
@auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
end
# Check if the user already exists, if not then check for invitation
@ -172,6 +188,9 @@ class SessionsController < ApplicationController
return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
end
# Check if user is deleted
return redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") } if check_auth_deleted
# If using invitation registration method, make sure user is invited
return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs

27
app/controllers/users_controller.rb
View File

@ -24,7 +24,7 @@ class UsersController < ApplicationController
include Recorder
include Rolify
before_action :find_user, only: [:edit, :change_password, :delete_account, :update, :destroy]
before_action :find_user, only: [:edit, :change_password, :delete_account, :update]
before_action :ensure_unauthenticated_except_twitter, only: [:create]
before_action :check_user_signup_allowed, only: [:create]
before_action :check_admin_of, only: [:edit, :change_password, :delete_account]
@ -122,22 +122,41 @@ class UsersController < ApplicationController
# DELETE /u/:user_uid
def destroy
# Include deleted users in the check
@user = User.include_deleted.find_by(uid: params[:user_uid])
logger.info "Support: #{current_user.email} is deleting #{@user.email}."
self_delete = current_user == @user
redirect_url = self_delete ? root_path : admins_path
begin
if current_user && (self_delete || current_user.admin_of?(@user))
@user.destroy
# Permanently delete if the user is deleting themself
perm_delete = self_delete || (params[:permanent].present? && params[:permanent] == "true")
# Permanently delete the rooms under the user if they have not been reassigned
if perm_delete
@user.rooms.include_deleted.each do |room|
room.destroy(true)
end
end
@user.destroy(perm_delete)
# Log the user out if they are deleting themself
session.delete(:user_id) if self_delete
return redirect_to admins_path, flash: { success: I18n.t("administrator.flash.delete") } unless self_delete
return redirect_to redirect_url, flash: { success: I18n.t("administrator.flash.delete") } unless self_delete
else
flash[:alert] = I18n.t("administrator.flash.delete_fail")
end
rescue => e
logger.error "Support: Error in user deletion: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("administrator.flash.delete_fail"))
end
redirect_to root_path
redirect_to redirect_url
end
# GET /u/:user_uid/recordings

2
app/models/ability.rb
View File

@ -36,7 +36,7 @@ class Ability
if highest_role.get_permission("can_manage_users")
can [:index, :roles, :edit_user, :promote, :demote, :ban_user, :unban_user,
:approve, :invite, :reset], :admin
:approve, :invite, :reset, :undelete], :admin
end
if !highest_role.get_permission("can_edit_site_settings") && !highest_role.get_permission("can_edit_roles") &&

26
app/models/concerns/deleteable.rb
View File

@ -26,20 +26,28 @@ module Deleteable
scope :deleted, -> { include_deleted.where(deleted: true) }
end
def destroy
run_callbacks :destroy
update_attribute(:deleted, true)
def destroy(permanent = false)
if permanent
super()
else
run_callbacks :destroy do end
update_attribute(:deleted, true)
end
end
def delete
destroy
end
def undelete
assign_attributes(deleted: false)
def delete(permanent = false)
destroy(permanent)
end
def undelete!
update_attribute(:deleted, false)
end
def permanent_delete
destroy(true)
end
def deleted?
deleted
end
end

2
app/views/admins/components/_admins_tags.html.erb
View File

@ -13,7 +13,7 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="form-group">
<div class="form-group mt-n3">
<div class="row">
<div class="col-12 tags">
<span style="<%= "background-color: #{role_colour(@role)};border-color: #{role_colour(@role)};" %>" class="tag custom-role-tag">

33
app/views/admins/components/_manage_users_tags.html.erb Normal file
View File

@ -0,0 +1,33 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluespan.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="form-group mt-n3">
<div class="row">
<div class="col-12 tags">
<span id="active" class="btn btn-sm tag manage-users-tab <%= 'selected' if @tab == 'active' %>">
<%= t("roles.active") %>
</span>
<span id="pending" class="btn btn-sm tag manage-users-tab <%= 'selected' if @tab == 'pending' %>">
<%= t("roles.pending") %>
</span>
<span id="denied" class="btn btn-sm tag manage-users-tab <%= 'selected' if @tab == 'denied' %>">
<%= t("roles.banned") %>
</span>
<span id="deleted" class="btn btn-sm tag manage-users-tab <%= 'selected' if @tab == 'deleted' %>">
<%= t("roles.deleted") %>
</span>
</div>
</div>
</div>

45
app/views/admins/components/_users.html.erb
View File

@ -28,7 +28,9 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<% unless @role.nil? %>
<% if @role.nil? %>
<%= render "admins/components/manage_users_tags" %>
<% else %>
<%= render "admins/components/admins_tags" %>
<% end %>
@ -91,40 +93,43 @@
<%= render "admins/components/admins_role", role: user.highest_priority_role %>
</td>
<td>
<% if roles.include?("pending") %>
<% if !roles.include?("super_admin") %>
<div class="item-action dropdown">
<a href="javascript:void(0)" data-toggle="dropdown" class="icon">
<i class="fas fa-ellipsis-v px-4"></i>
</a>
<div class="dropdown-menu dropdown-menu">
<%= button_to admin_approve_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon far fa-check-circle"></i> <%= t("administrator.users.settings.approve") %>
<% end %>
<%= button_to admin_ban_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon far fa-times-circle"></i> <%= t("administrator.users.settings.decline") %>
<% end %>
</div>
</div>
<% elsif !roles.include?("super_admin") %>
<div class="item-action dropdown">
<a href="javascript:void(0)" data-toggle="dropdown" class="icon">
<i class="fas fa-ellipsis-v px-4"></i>
</a>
<div class="dropdown-menu dropdown-menu">
<% if roles.include?("denied") %>
<% if user.deleted? %>
<%= button_to admin_undelete_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-recycle"></i> <%= t("administrator.users.settings.undelete") %>
<% end %>
<button class="delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid, permanent: "true") %>" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-skull-crossbones"></i> <%= t("administrator.users.settings.perm_delete") %>
</button>
<% elsif roles.include?("denied") %>
<%= button_to admin_unban_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-lock-open"></i> <%= t("administrator.users.settings.unban") %>
<% end %>
<button class= "delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid) %>" data-delete="temp-delete" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-user-minus"></i> <%= t("administrator.users.settings.delete") %>
</button>
<% elsif roles.include?("pending") %>
<%= button_to admin_approve_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon far fa-check-circle"></i> <%= t("administrator.users.settings.approve") %>
<% end %>
<%= button_to admin_ban_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon far fa-times-circle"></i> <%= t("administrator.users.settings.decline") %>
<% end %>
<% else %>
<%= link_to admin_edit_user_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-edit"></i> <%= t("administrator.users.settings.edit") %>
<% end %>
<button class= "delete-user dropdown-item" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-user-minus"></i> <%= t("administrator.users.settings.delete") %>
</button>
<%= button_to admin_ban_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-lock"></i> <%= t("administrator.users.settings.ban") %>
<% end %>
<button class= "delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid) %>" data-delete="temp-delete" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-user-minus"></i> <%= t("administrator.users.settings.delete") %>
</button>
<% end %>
</div>
</div>

8
app/views/shared/modals/_delete_account_modal.html.erb
View File

@ -26,13 +26,17 @@
<%= t("modal.delete_account.keep") %>
</button>
<%= button_to delete_location, method: :delete, id: "delete-confirm", class: "btn btn-danger my-1 btn-del-room" do %>
<%= button_to delete_location, method: :delete, id: "delete-confirm", class: "btn btn-danger my-1 btn-del-room", disabled:"" do %>
<%= t("modal.delete_account.delete") %>
<% end %>
</div>
<div class="card-footer">
<p><%= t("modal.delete_account.warning").html_safe %></p>
<label class="custom-control custom-checkbox">
<input id="delete-checkbox" type="checkbox" class="custom-control-input">
<p id="perm-delete" class="custom-control-label"><%= t("modal.delete_account.warning").html_safe %></p>
<p id="delete-warning" class="custom-control-label"><%= t("modal.delete_account.delete_warning").html_safe %></p>
</label>
</div>
</div>
</div>

2
app/views/users/components/_delete.html.erb
View File

@ -19,7 +19,7 @@
<center>
<%= t("settings.delete.disclaimer").html_safe %>
<br>
<a href="" data-toggle="modal" data-target="#deleteAccountModal" class="btn btn-danger mt-6">
<a href="" data-toggle="modal" data-path="<%= delete_user_path(user_uid: current_user.uid) %>" data-target="#deleteAccountModal" class="btn btn-danger mt-6 delete-user">
<%= t("settings.delete.button") %>
</a>
</center>

7
config/locales/en.yml
View File

@ -77,9 +77,11 @@ en:
demoted: User has been successfully demoted
invite: Invite successfully sent to %{email}
invite_email_verification: Emails must be enabled in order to use this method. Please contact your system administrator.
perm_deleted: User has been permanently deleted
promoted: User has been successfully promoted
registration_method_updated: Registration method successfully updated
reset_password: The user has been sent an email to reset their password. (Please ask them to check their spam folder if they haven't received it)
restored: User has been successfully restored
settings: Site Settings successfully changed
unauthorized: You are not authorized to perform actions on this user
recordings:
@ -116,7 +118,9 @@ en:
delete: Delete
edit: Edit
edit_roles: Edit the user roles
perm_delete: Permanently Delete
unban: Unban User
undelete: Undelete
table:
authenticator: Authenticator
created: Created
@ -307,6 +311,7 @@ en:
confirm: Are you sure you want to delete this account?
delete: I'm sure, delete this account.
keep: Actually, I'll keep it.
delete_warning: This will deactivate the user's account. All deactived users can be found under the deleted tab.
warning: This decision is final. You will <b>not</b> be able to recover associated data.
delete_room:
confirm: Are you sure you want to delete %{room}?
@ -401,8 +406,10 @@ en:
confirm: New Password Confirmation
update: Update Password
roles:
active: Active
admin: Admin
banned: Banned
deleted: Deleted
pending: Pending
user: User
room:

1
config/routes.rb
View File

@ -48,6 +48,7 @@ Rails.application.routes.draw do
post '/invite', to: 'admins#invite', as: :invite_user
post '/approve/:user_uid', to: 'admins#approve', as: :admin_approve
get '/reset', to: 'admins#reset', as: :admin_reset
post '/undelete', to: 'admins#undelete', as: :admin_undelete
# Site Settings
post '/update_settings', to: 'admins#update_settings', as: :admin_update_settings
post '/registration_method', to: 'admins#registration_method', as: :admin_change_registration

31
spec/controllers/admins_controller_spec.rb
View File

@ -166,6 +166,37 @@ describe AdminsController, type: :controller do
expect { post :approve, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
end
end
context "POST #undelete" do
it "undeletes a user" do
@request.session[:user_id] = @admin.id
@user.delete
expect(User.find_by(uid: @user.uid)).to be_nil
post :undelete, params: { user_uid: @user.uid }
expect(User.find_by(uid: @user.uid)).to be_present
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
it "undeletes the users rooms" do
@request.session[:user_id] = @admin.id
@user.main_room.delete
@user.delete
expect(Room.find_by(uid: @user.main_room.uid)).to be_nil
post :undelete, params: { user_uid: @user.uid }
expect(Room.find_by(uid: @user.main_room.uid)).to be_present
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
end
end
describe "User Design" do

41
spec/controllers/sessions_controller_spec.rb
View File

@ -134,6 +134,26 @@ describe SessionsController, type: :controller do
expect(response).to redirect_to(account_activation_path(email: @user3.email))
end
it "should not login user if account is deleted" do
user = create(:user, provider: "greenlight",
password: "example", password_confirmation: 'example')
user.delete
user.reload
expect(user.deleted?).to be true
post :create, params: {
session: {
email: user.email,
password: 'example',
},
}
expect(@request.session[:user_id]).to be_nil
expect(flash[:alert]).to eq(I18n.t("registration.banned.fail"))
expect(response).to redirect_to(root_path)
end
it "redirects the user to the page they clicked sign in from" do
user = create(:user, provider: "greenlight",
password: "example", password_confirmation: 'example')
@ -289,6 +309,27 @@ describe SessionsController, type: :controller do
expect(@request.session[:user_id]).to eql(u.id)
end
it "redirects a deleted user to the root page" do
# Create the user first
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
get :omniauth, params: { provider: 'bn_launcher' }
# Delete the user
user = User.find_by(social_uid: "bn-launcher-user")
@request.session[:user_id] = nil
user.delete
user.reload
expect(user.deleted?).to be true
# Try to sign back in
get :omniauth, params: { provider: 'bn_launcher' }
expect(@request.session[:user_id]).to be_nil
expect(flash[:alert]).to eq(I18n.t("registration.banned.fail"))
expect(response).to redirect_to(root_path)
end
it "should redirect to root on invalid omniauth login" do
request.env["omniauth.auth"] = :invalid_credentials
get :omniauth, params: { provider: :google }

48
spec/controllers/users_controller_spec.rb
View File

@ -396,16 +396,17 @@ describe UsersController, type: :controller do
describe "DELETE #user" do
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
it "properly deletes user" do
it "permanently deletes user" do
user = create(:user)
@request.session[:user_id] = user.id
delete :destroy, params: { user_uid: user.uid }
expect(User.include_deleted.find_by(uid: user.uid)).to be_nil
expect(response).to redirect_to(root_path)
end
it "allows admins to delete users" do
it "allows admins to tombstone users" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
@ -418,6 +419,46 @@ describe UsersController, type: :controller do
delete :destroy, params: { user_uid: user.uid }
expect(User.deleted.find_by(uid: user.uid)).to be_present
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
it "allows admins to permanently delete users" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
user = create(:user, provider: "provider1")
admin = create(:user, provider: "provider1")
admin.add_role :admin
@request.session[:user_id] = admin.id
delete :destroy, params: { user_uid: user.uid, permanent: "true" }
expect(User.include_deleted.find_by(uid: user.uid)).to be_nil
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
it "permanently deletes the users rooms if the user is permanently deleted" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
user = create(:user, provider: "provider1")
admin = create(:user, provider: "provider1")
admin.add_role :admin
@request.session[:user_id] = admin.id
uid = user.main_room.uid
expect(Room.find_by(uid: uid)).to be_present
delete :destroy, params: { user_uid: user.uid, permanent: "true" }
expect(Room.include_deleted.find_by(uid: uid)).to be_nil
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
@ -435,7 +476,8 @@ describe UsersController, type: :controller do
delete :destroy, params: { user_uid: user.uid }
expect(response).to redirect_to(root_path)
expect(flash[:alert]).to be_present
expect(response).to redirect_to(admins_path)
end
end