017fc81caf
The specs for Settings::DeletesController include an example that sets Settings.open_deletion to false and expects the "if deletion is not available, redirect to root" logic to run. However, this spec does not set up a user, which means that the spec (intentionally or otherwise) expects this redirection to work with unauthenticated access. We should preserve that behavior. To do so, we prepend the deletion check to the action chain set up by Settings::BaseController, so that said check occurs before the authenticate_user! check.
30 lines
756 B
Ruby
30 lines
756 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Settings::DeletesController < Settings::BaseController
|
|
|
|
prepend_before_action :check_enabled_deletion
|
|
|
|
def show
|
|
@confirmation = Form::DeleteConfirmation.new
|
|
end
|
|
|
|
def destroy
|
|
if current_user.valid_password?(delete_params[:password])
|
|
Admin::SuspensionWorker.perform_async(current_user.account_id, true)
|
|
sign_out
|
|
redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')
|
|
else
|
|
redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg')
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def check_enabled_deletion
|
|
redirect_to root_path unless Setting.open_deletion
|
|
end
|
|
|
|
def delete_params
|
|
params.require(:form_delete_confirmation).permit(:password)
|
|
end
|
|
end
|