Fixes #2605 - Deletion via API impossible when user logged in at some point.

This commit is contained in:
Rolf Schmidt 2020-12-08 13:32:52 +01:00 committed by Thorsten Eckel
parent 149e622a1a
commit 0242c05165
5 changed files with 30 additions and 15 deletions

View file

@ -170,7 +170,6 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
=end =end
def destroy def destroy
model_references_check(Organization, params)
model_destroy_render(Organization, params) model_destroy_render(Organization, params)
end end

View file

@ -174,7 +174,6 @@ class UsersController < ApplicationController
user = User.find(params[:id]) user = User.find(params[:id])
authorize!(user) authorize!(user)
model_references_check(User, params)
model_destroy_render(User, params) model_destroy_render(User, params)
end end

View file

@ -1,7 +1,7 @@
class Controllers::OrganizationsControllerPolicy < Controllers::ApplicationControllerPolicy class Controllers::OrganizationsControllerPolicy < Controllers::ApplicationControllerPolicy
permit! :import_example, to: 'admin.organization' permit! %i[destroy import_example], to: 'admin.organization'
permit! :import_start, to: 'admin.user' permit! :import_start, to: 'admin.user'
permit! %i[create update destroy search history], to: ['ticket.agent', 'admin.organization'] permit! %i[create update search history], to: ['ticket.agent', 'admin.organization']
def show? def show?
return true if user.permissions?(['ticket.agent', 'admin.organization']) return true if user.permissions?(['ticket.agent', 'admin.organization'])

View file

@ -1,6 +1,6 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe 'Organization', type: :request, searchindex: true do RSpec.describe 'Organization', type: :request do
let!(:admin) do let!(:admin) do
create(:admin, groups: Group.all) create(:admin, groups: Group.all)
@ -39,21 +39,20 @@ RSpec.describe 'Organization', type: :request, searchindex: true do
create(:customer, organization: organization) create(:customer, organization: organization)
end end
before do describe 'request handling', searchindex: true do
configure_elasticsearch do before do
configure_elasticsearch do
travel 1.minute travel 1.minute
rebuild_searchindex rebuild_searchindex
# execute background jobs # execute background jobs
Scheduler.worker(true) Scheduler.worker(true)
sleep 6 sleep 6
end
end end
end
describe 'request handling' do
it 'does index with agent' do it 'does index with agent' do
@ -570,4 +569,13 @@ RSpec.describe 'Organization', type: :request, searchindex: true do
expect(organization2.active).to eq(false) expect(organization2.active).to eq(false)
end end
end end
describe 'DELETE /api/v1/organizations', authenticated_as: -> { create(:admin) }, searchindex: false do
it 'does organization deletion' do
organization = create(:organization)
delete "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(:ok)
expect { organization.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
end
end end

View file

@ -1142,6 +1142,15 @@ RSpec.describe 'User', type: :request do
end end
end end
describe 'DELETE /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do
it 'does user deletion' do
customer = create(:customer)
delete "/api/v1/users/#{customer.id}", params: {}, as: :json
expect(response).to have_http_status(:ok)
expect { customer.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
end
describe 'POST /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do describe 'POST /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do
def make_request(params) def make_request(params)
post '/api/v1/users', params: params, as: :json post '/api/v1/users', params: params, as: :json