catstodon/app/controllers/settings/deletes_controller.rb
David Yip 017fc81caf
Prepend check_enabled_deletion to Settings::DeletesController (#229)
The specs for Settings::DeletesController include an example that
sets Settings.open_deletion to false and expects the "if deletion is not
available, redirect to root" logic to run.  However, this spec does not
set up a user, which means that the spec (intentionally or otherwise)
expects this redirection to work with unauthenticated access.

We should preserve that behavior.  To do so, we prepend the deletion
check to the action chain set up by Settings::BaseController, so that
said check occurs before the authenticate_user! check.
2017-12-06 16:19:43 -06:00

30 lines
756 B
Ruby

# frozen_string_literal: true
class Settings::DeletesController < Settings::BaseController
prepend_before_action :check_enabled_deletion
def show
@confirmation = Form::DeleteConfirmation.new
end
def destroy
if current_user.valid_password?(delete_params[:password])
Admin::SuspensionWorker.perform_async(current_user.account_id, true)
sign_out
redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')
else
redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg')
end
end
private
def check_enabled_deletion
redirect_to root_path unless Setting.open_deletion
end
def delete_params
params.require(:form_delete_confirmation).permit(:password)
end
end