users: move account deletion endpoint to /users/:id/deactivate.
Move the account deletion endpoint from /maintenance/users/deletion to either: * https://danbooru.donmai.us/users/deactivate * https://danbooru.donmai.us/users/:id/deactivate This incidentally allows the Owner-level user to deactivate accounts belonging to other users. This is meant for things like deactivating inactive accounts with invalid or abusive names. This is limited to accounts below Gold level for security.
This commit is contained in:
evazion
@@ -1,42 +0,0 @@
|
||||
require "test_helper"
|
||||
|
||||
module Maintenance
|
||||
module User
|
||||
class DeletionsControllerTest < ActionDispatch::IntegrationTest
|
||||
context "in all cases" do
|
||||
setup do
|
||||
@user = create(:user)
|
||||
end
|
||||
|
||||
context "#show" do
|
||||
should "render" do
|
||||
get_auth maintenance_user_deletion_path, @user
|
||||
assert_response :success
|
||||
end
|
||||
end
|
||||
|
||||
context "#destroy" do
|
||||
should "delete the user when given the correct password" do
|
||||
delete_auth maintenance_user_deletion_path, @user, params: { user: { password: "password" }}
|
||||
|
||||
assert_redirected_to posts_path
|
||||
assert_equal(true, @user.reload.is_deleted?)
|
||||
assert_equal("Your account has been deactivated", flash[:notice])
|
||||
assert_nil(session[:user_id])
|
||||
assert_equal(true, @user.user_events.user_deletion.exists?)
|
||||
end
|
||||
|
||||
should "not delete the user when given an incorrect password" do
|
||||
delete_auth maintenance_user_deletion_path, @user, params: { user: { password: "hunter2" }}
|
||||
|
||||
assert_redirected_to maintenance_user_deletion_path
|
||||
assert_equal(false, @user.reload.is_deleted?)
|
||||
assert_equal("Password is incorrect", flash[:notice])
|
||||
assert_equal(@user.id, session[:user_id])
|
||||
assert_equal(false, @user.user_events.user_deletion.exists?)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user