Revert "Fixes #2605 - Deletion via API impossible when user logged in at some point."

This reverts commit 0242c05165.
2020-12-08 14:23:33 +01:00 · 2020-12-08 14:23:33 +01:00 · a0dc877e33
commit a0dc877e33
parent 0242c05165
5 changed files with 15 additions and 30 deletions
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@ -170,6 +170,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
 =end

  def destroy
+    model_references_check(Organization, params)
    model_destroy_render(Organization, params)
  end

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -174,6 +174,7 @@ class UsersController < ApplicationController
    user = User.find(params[:id])
    authorize!(user)

+    model_references_check(User, params)
    model_destroy_render(User, params)
  end

--- a/app/policies/controllers/organizations_controller_policy.rb
+++ b/app/policies/controllers/organizations_controller_policy.rb
@ -1,7 +1,7 @@
 class Controllers::OrganizationsControllerPolicy < Controllers::ApplicationControllerPolicy
-  permit! %i[destroy import_example], to: 'admin.organization'
+  permit! :import_example, to: 'admin.organization'
  permit! :import_start, to: 'admin.user'
-  permit! %i[create update search history], to: ['ticket.agent', 'admin.organization']
+  permit! %i[create update destroy search history], to: ['ticket.agent', 'admin.organization']

  def show?
    return true if user.permissions?(['ticket.agent', 'admin.organization'])
--- a/spec/requests/organization_spec.rb
+++ b/spec/requests/organization_spec.rb
@ -1,6 +1,6 @@
 require 'rails_helper'

-RSpec.describe 'Organization', type: :request do
+RSpec.describe 'Organization', type: :request, searchindex: true do

  let!(:admin) do
    create(:admin, groups: Group.all)
@ -39,20 +39,21 @@ RSpec.describe 'Organization', type: :request do
    create(:customer, organization: organization)
  end

-  describe 'request handling', searchindex: true do
-    before do
-      configure_elasticsearch do
+  before do
+    configure_elasticsearch do

-        travel 1.minute
+      travel 1.minute

-        rebuild_searchindex
+      rebuild_searchindex

-        # execute background jobs
-        Scheduler.worker(true)
+      # execute background jobs
+      Scheduler.worker(true)

-        sleep 6
-      end
+      sleep 6
    end
+  end
+
+  describe 'request handling' do

    it 'does index with agent' do

@ -569,13 +570,4 @@ RSpec.describe 'Organization', type: :request do
      expect(organization2.active).to eq(false)
    end
  end
-
-  describe 'DELETE /api/v1/organizations', authenticated_as: -> { create(:admin) }, searchindex: false do
-    it 'does organization deletion' do
-      organization = create(:organization)
-      delete "/api/v1/organizations/#{organization.id}", params: {}, as: :json
-      expect(response).to have_http_status(:ok)
-      expect { organization.reload }.to raise_error(ActiveRecord::RecordNotFound)
-    end
-  end
 end
--- a/spec/requests/user_spec.rb
+++ b/spec/requests/user_spec.rb
@ -1142,15 +1142,6 @@ RSpec.describe 'User', type: :request do
    end
  end

-  describe 'DELETE /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do
-    it 'does user deletion' do
-      customer = create(:customer)
-      delete "/api/v1/users/#{customer.id}", params: {}, as: :json
-      expect(response).to have_http_status(:ok)
-      expect { customer.reload }.to raise_error(ActiveRecord::RecordNotFound)
-    end
-  end
-
  describe 'POST /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do
    def make_request(params)
      post '/api/v1/users', params: params, as: :json