-
-
Notifications
You must be signed in to change notification settings - Fork 196
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow users to request account closure
- Loading branch information
1 parent
648ad8e
commit 9b0d9f4
Showing
22 changed files
with
282 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
class Users::CloseAccountController < ApplicationController | ||
before_action :authenticate_user! | ||
|
||
def new | ||
# Display a form that explains the process to the users | ||
end | ||
|
||
def create | ||
# If they haven't checked the "confirm" checkbox, then redirect them back to the form | ||
return redirect_to users_close_account_path, error: "You must confirm that you want to close your account" if params[:confirm] == "0" | ||
|
||
# Otherwise, create a record of the user's request to close their account | ||
current_user.create_account_closure_request! | ||
|
||
# Send the user an acknowledgement email | ||
UserMailer.account_closure_requested(current_user).deliver_now | ||
|
||
# TODO: Should the user be logged out here? | ||
|
||
redirect_to root_path, notice: "Your account closure request has been received. We will be in touch." | ||
end | ||
|
||
private | ||
|
||
def authenticate_user! | ||
return if authenticated? | ||
|
||
ask_to_login( | ||
web: _('To close your account on {{site_name}}', site_name: site_name), | ||
email: _('Then you can close your account on {{site_name}}', site_name: site_name), | ||
email_subject: _('Close your account on {{site_name}}', site_name: site_name) | ||
) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# == Schema Information | ||
# Schema version: 20230718062820 | ||
# | ||
# Table name: account_closure_requests | ||
# | ||
# id :bigint not null, primary key | ||
# user_id :bigint not null | ||
# created_at :datetime not null | ||
# updated_at :datetime not null | ||
# | ||
class AccountClosureRequest < ApplicationRecord | ||
belongs_to :user | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<%= form_tag admin_users_account_closing_index_path(user_id: user.id), class: 'span3 form form-inline' do %> | ||
<% disabled = user.closed? %> | ||
<% submit_class = %w(btn btn-danger) %> | ||
<% submit_class << 'disabled' if disabled %> | ||
<%= submit_tag 'Close', | ||
class: submit_class, | ||
disabled: disabled, | ||
data: { confirm: 'Are you sure? This is irreversible.' } %> | ||
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<%= render 'scopes' %> | ||
|
||
<div class="row"> | ||
<div class="span12"> | ||
<% if @account_closure_requests.any? %> | ||
<table class="table table-striped"> | ||
<thead> | ||
<tr> | ||
<th>Request ID</th> | ||
<th>User</th> | ||
<th>Created at</th> | ||
<th>Action</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
<% @account_closure_requests.each do |request| %> | ||
<tr id="account-closure-request-<%= request.id %>"> | ||
<td><%= request.id %></td> | ||
<td> | ||
<%= link_to request.user.name, admin_user_path(request.user) %> | ||
</td> | ||
<td><%= request.created_at.to_fs(:long) %></td> | ||
<td> | ||
<%= render 'close_account_form', { user: request.user } %> | ||
</td> | ||
</tr> | ||
<% end %> | ||
</tbody> | ||
</table> | ||
|
||
<% else %> | ||
<p>No users have requested to close their accounts.</p> | ||
<% end %> | ||
</div> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
<%= raw @name %>, | ||
|
||
<%= _("You've requested to close your account on {{site_name}}." \ | ||
'We will process your request and will be in touch once it has been actioned.', | ||
:site_name => site_name.html_safe) %> | ||
|
||
-- <%= _('the {{site_name}} team', :site_name => site_name.html_safe) %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
<% @title = "Close your account" %> | ||
<h1><%= @title %></h1> | ||
|
||
<p>If you no longer wish to use your WhatDoTheyKnow account, you can ask us to close your account.</p> | ||
|
||
<p>Closing your account will:</p> | ||
|
||
<ul> | ||
<li>Set your user name to [Name Removed]</li> | ||
<li>Reset your email address to something random</li> | ||
<li>Clear your about me text</li> | ||
<li>Disable all email alerts</li> | ||
<li>Hide any requests you have made from your profile page</li> | ||
<li>Make an automatic attempt to remove your name from your requests</li> | ||
</ul> | ||
|
||
<p>Closing your account will prevent you from logging in. If you have any requests that are ongoing, you will not be able to send any follow up messages to public authorities.</p> | ||
|
||
<%= form_with url: users_close_account_path, method: :post do |form| %> | ||
<p> | ||
<%= form.check_box :confirm, class: "checkbox" %> | ||
I understand that closing my account will mean that I <b>will not</b> be able to login or follow up on my requests, and that this cannot be undone. | ||
</p> | ||
|
||
<%= form.submit "Close my account", class: "button alert", data: { confirm: "Are you sure you want to close your account?" } %> | ||
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
class CreateAccountClosureRequests < ActiveRecord::Migration[7.0] | ||
def change | ||
create_table :account_closure_requests do |t| | ||
t.references :user, null: false, foreign_key: true | ||
t.timestamps | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# spec/controllers/users/close_account_controller_spec.rb | ||
require 'spec_helper' | ||
|
||
RSpec.describe Users::CloseAccountController, type: :controller do | ||
describe "POST #create" do | ||
let(:user) { FactoryBot.create(:user) } | ||
|
||
before do | ||
sign_in user | ||
end | ||
|
||
after do | ||
user.account_closure_request&.destroy | ||
end | ||
|
||
it "shows the user a confirmation page" do | ||
get :new | ||
assert_response :success | ||
expect(response).to render_template(:new) | ||
end | ||
|
||
it "asks the user to check the confirmation checkbox" do | ||
post :create, params: { confirm: "0" } | ||
assert_response :redirect | ||
expect(response).to redirect_to(users_close_account_path) | ||
expect(flash[:error]).to eq("You must confirm that you want to close your account") | ||
end | ||
|
||
it "creates a record of the user's request to close their account" do | ||
post :create, params: { confirm: "1" } | ||
|
||
user.reload | ||
expect(user.account_closure_request).to be_present | ||
|
||
# Check email has been sent | ||
expect(ActionMailer::Base.deliveries.count).to eq(1) | ||
email = ActionMailer::Base.deliveries.last | ||
expect(email.to).to eq([user.email]) | ||
expect(email.subject).to eq("Your account closure request on #{site_name}") | ||
|
||
assert_response :redirect | ||
expect(response).to redirect_to(root_path) | ||
expect(flash[:notice]).to eq("Your account closure request has been received. We will be in touch.") | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# == Schema Information | ||
# Schema version: 20230718062820 | ||
# | ||
# Table name: account_closure_requests | ||
# | ||
# id :bigint not null, primary key | ||
# user_id :bigint not null | ||
# created_at :datetime not null | ||
# updated_at :datetime not null | ||
# | ||
FactoryBot.define do | ||
factory :account_closure_request do | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
require 'spec_helper' | ||
require 'integration/alaveteli_dsl' | ||
|
||
RSpec.describe 'Admin Account Closure Requests' do | ||
before do | ||
allow(AlaveteliConfiguration).to receive(:skip_admin_auth).and_return(false) | ||
|
||
confirm(:admin_user) | ||
@admin = login(:admin_user) | ||
@user = FactoryBot.create(:user) | ||
@account_closure_request = FactoryBot.create(:account_closure_request, user: @user) | ||
end | ||
|
||
context 'viewing account closure requests' do | ||
it 'displays link to "Account closure requests" on admin homepage' do | ||
using_session(@admin) do | ||
visit admin_general_index_path | ||
expect(page).to have_link('Account closure requests') | ||
end | ||
end | ||
|
||
it 'can close an account from the "Account closure requests" page' do | ||
using_session(@admin) do | ||
expect(@user).to_not be_closed | ||
|
||
visit account_closure_requests_admin_users_path | ||
within("tr#account-closure-request-#{@account_closure_request.id}") do | ||
click_button 'Close' | ||
end | ||
expect(page).to have_text('The user account was closed.') | ||
|
||
@user.reload | ||
expect(@user).to be_closed | ||
|
||
visit account_closure_requests_admin_users_path | ||
expect(page).to_not have_text(@user.name) | ||
end | ||
end | ||
end | ||
end |