From 725b8b79df5adca87262f990fab0541a988e1fc5 Mon Sep 17 00:00:00 2001 From: Ryan Bigg Date: Mon, 8 Dec 2014 08:39:58 +1100 Subject: [PATCH] Section 7.4.9: Add feature for deleting users, including protection against self-deletion --- .../app/controllers/admin/users_controller.rb | 11 ++++++++ ticketee/app/views/admin/users/show.html.erb | 3 ++ .../features/admin/deleting_users_spec.rb | 28 +++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 ticketee/spec/features/admin/deleting_users_spec.rb diff --git a/ticketee/app/controllers/admin/users_controller.rb b/ticketee/app/controllers/admin/users_controller.rb index 760a97c..7aa62ae 100644 --- a/ticketee/app/controllers/admin/users_controller.rb +++ b/ticketee/app/controllers/admin/users_controller.rb @@ -45,6 +45,17 @@ def update end end + def destroy + if @user == current_user + flash[:alert] = "You cannot delete yourself!" + else + @user.destroy + flash[:notice] = "User has been deleted." + end + + redirect_to admin_users_path + end + private def user_params params.require(:user).permit(:name, diff --git a/ticketee/app/views/admin/users/show.html.erb b/ticketee/app/views/admin/users/show.html.erb index 0948a6f..780b1fc 100644 --- a/ticketee/app/views/admin/users/show.html.erb +++ b/ticketee/app/views/admin/users/show.html.erb @@ -1,3 +1,6 @@

<%= @user %>

<%= link_to "Edit User", edit_admin_user_path(@user), class: "edit" %> +<%= link_to "Delete User", admin_user_path(@user), method: :delete, + data: { confirm: "Are you sure you want to delete this user?"}, + class: "delete" %> diff --git a/ticketee/spec/features/admin/deleting_users_spec.rb b/ticketee/spec/features/admin/deleting_users_spec.rb new file mode 100644 index 0000000..dd09196 --- /dev/null +++ b/ticketee/spec/features/admin/deleting_users_spec.rb @@ -0,0 +1,28 @@ +require "rails_helper" + +feature "Deleting users" do + let!(:admin_user) { FactoryGirl.create(:user, :admin) } + let!(:user) { FactoryGirl.create(:user) } + + before do + login_as(admin_user) + visit "/" + + click_link "Admin" + click_link "Users" + end + + scenario "Deleting a user" do + click_link user.email + click_link "Delete User" + + expect(page).to have_content("User has been deleted") + end + + scenario "Users cannot delete themselves" do + click_link admin_user.email + click_link "Delete User" + + expect(page).to have_content("You cannot delete yourself!") + end +end