Disallow account deletion after confirmation

This commit is contained in:
Anton Khorev 2023-10-24 21:20:19 +03:00
parent 14bd660114
commit b5f8df642a
2 changed files with 28 additions and 5 deletions

View file

@ -53,6 +53,7 @@ class AccountsController < ApplicationController
end
def destroy
if current_user.deletion_allowed?
current_user.soft_destroy!
session.delete(:user)
@ -60,5 +61,8 @@ class AccountsController < ApplicationController
flash[:notice] = t ".success"
redirect_to root_path
else
head :bad_request
end
end
end

View file

@ -152,4 +152,23 @@ class AccountsControllerTest < ActionDispatch::IntegrationTest
# Make sure we have a button to "go public"
assert_select "form.button_to[action='/user/go_public']", true
end
def test_destroy_allowed
user = create(:user)
session_for(user)
delete account_path
assert_response :redirect
end
def test_destroy_not_allowed
with_user_account_deletion_delay(24) do
user = create(:user)
create(:changeset, :user => user, :created_at => Time.now.utc)
session_for(user)
delete account_path
assert_response :bad_request
end
end
end