From 646dcb62fca67b6dd52d8a46fef5fc260baa4b83 Mon Sep 17 00:00:00 2001 From: biswesh456 Date: Sat, 24 Feb 2018 20:36:12 +0530 Subject: [PATCH 1/1] Allow admins and moderators to delete traces Fixes #1625 --- app/controllers/trace_controller.rb | 2 +- app/views/trace/view.html.erb | 6 ++++-- test/controllers/trace_controller_test.rb | 12 +++++++++++- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index a720c5fff..81c786473 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -186,7 +186,7 @@ class TraceController < ApplicationController if !trace.visible? head :not_found - elsif current_user.nil? || trace.user != current_user + elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) head :forbidden else trace.visible = false diff --git a/app/views/trace/view.html.erb b/app/views/trace/view.html.erb index 57cc39a08..351c69227 100644 --- a/app/views/trace/view.html.erb +++ b/app/views/trace/view.html.erb @@ -54,9 +54,11 @@

-<%= if_user(@trace.user) do %> +<% if current_user && (current_user==@trace.user || current_user.administrator? || current_user.moderator?)%>
- <%= button_to t('trace.view.edit_track'), :controller => 'trace', :action => 'edit', :id => @trace.id %> + <%= if_user(@trace.user) do %> + <%= button_to t('trace.view.edit_track'), :controller => 'trace', :action => 'edit', :id => @trace.id %> + <% end %> <%= button_to t('trace.view.delete_track'), :controller => 'trace', :action => 'delete', :id => @trace.id %>
<% end %> diff --git a/test/controllers/trace_controller_test.rb b/test/controllers/trace_controller_test.rb index 2dafa5394..a9008bc97 100644 --- a/test/controllers/trace_controller_test.rb +++ b/test/controllers/trace_controller_test.rb @@ -679,12 +679,22 @@ class TraceControllerTest < ActionController::TestCase post :delete, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user } assert_response :not_found - # Finally with a trace that we are allowed to delete + # Now with a trace that we are allowed to delete post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user } assert_response :redirect assert_redirected_to :action => :list, :display_name => public_trace_file.user.display_name trace = Trace.find(public_trace_file.id) assert_equal false, trace.visible + + # Finally with a trace that is deleted by an admin + public_trace_file = create(:trace, :visibility => "public") + admin = create(:administrator_user) + + post :delete, :params => { :display_name => admin.display_name, :id => public_trace_file.id }, :session => { :user => admin } + assert_response :redirect + assert_redirected_to :action => :list, :display_name => admin.display_name + trace = Trace.find(public_trace_file.id) + assert_equal false, trace.visible end # Check getting a specific trace through the api -- 2.39.5