From d1e2faa288b052313618a73c7bc1ec8e84837c3b Mon Sep 17 00:00:00 2001 From: Ryan Bigg Date: Tue, 18 Nov 2014 08:46:18 +1100 Subject: [PATCH] Section 7.4.9: Add feature for deleting users, including protection against self-deletion --- .../app/controllers/admin/users_controller.rb | 11 ++++++++ ticketee/app/views/admin/users/show.html.erb | 5 +++- .../features/admin/deleting_users_spec.rb | 28 +++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 ticketee/spec/features/admin/deleting_users_spec.rb diff --git a/ticketee/app/controllers/admin/users_controller.rb b/ticketee/app/controllers/admin/users_controller.rb index bf80c28..3b47ccc 100644 --- a/ticketee/app/controllers/admin/users_controller.rb +++ b/ticketee/app/controllers/admin/users_controller.rb @@ -40,6 +40,17 @@ def update end end + def destroy + if @user == current_user + flash[:alert] = "You cannot delete yourself!" + else + @user.destroy + flash[:notice] = "User has been deleted." + end + + redirect_to admin_users_path + end + private def set_user diff --git a/ticketee/app/views/admin/users/show.html.erb b/ticketee/app/views/admin/users/show.html.erb index 3aa5356..780b1fc 100644 --- a/ticketee/app/views/admin/users/show.html.erb +++ b/ticketee/app/views/admin/users/show.html.erb @@ -1,3 +1,6 @@

<%= @user %>

-<%= link_to "Edit User", edit_admin_user_path(@user) %> +<%= link_to "Edit User", edit_admin_user_path(@user), class: "edit" %> +<%= link_to "Delete User", admin_user_path(@user), method: :delete, + data: { confirm: "Are you sure you want to delete this user?"}, + class: "delete" %> diff --git a/ticketee/spec/features/admin/deleting_users_spec.rb b/ticketee/spec/features/admin/deleting_users_spec.rb new file mode 100644 index 0000000..f9e4858 --- /dev/null +++ b/ticketee/spec/features/admin/deleting_users_spec.rb @@ -0,0 +1,28 @@ +require "rails_helper" + +feature "Deleting users" do + let!(:admin_user) { FactoryGirl.create(:admin_user) } + let!(:user) { FactoryGirl.create(:user) } + + before do + login_as(admin_user) + visit "/" + + click_link "Admin" + click_link "Users" + end + + scenario "Deleting a user" do + click_link user.email + click_link "Delete User" + + expect(page).to have_content("User has been deleted") + end + + scenario "Users cannot delete themselves" do + click_link admin_user.email + click_link "Delete User" + + expect(page).to have_content("You cannot delete yourself!") + end +end