Admins should not be able to deactivate their own accounts

This commit is contained in:
Dominik Sander 2016-03-03 13:47:09 +01:00
parent 8508928943
commit c0c74113bf
3 changed files with 13 additions and 6 deletions

View file

@ -6,7 +6,7 @@ class Admin::UsersController < ApplicationController
helper_method :resource
def index
@users = User.reorder(:created_at).page(params[:page])
@users = User.reorder('created_at DESC').page(params[:page])
respond_to do |format|
format.html

View file

@ -29,12 +29,14 @@
<td title='<%= user.created_at %>'><%= time_ago_in_words user.created_at %> ago</td>
<td>
<div class="btn-group btn-group-xs">
<% if user.active? %>
<%= link_to 'Deactivate', deactivate_admin_user_path(user), method: :put, class: "btn btn-default" %>
<% else %>
<%= link_to 'Activate', activate_admin_user_path(user), method: :put, class: "btn btn-default" %>
<% if user != current_user %>
<% if user.active? %>
<%= link_to 'Deactivate', deactivate_admin_user_path(user), method: :put, class: "btn btn-default" %>
<% else %>
<%= link_to 'Activate', activate_admin_user_path(user), method: :put, class: "btn btn-default" %>
<% end %>
<%= link_to 'Delete', admin_user_path(user), method: :delete, data: { confirm: 'Are you sure? This can not be undone.' }, class: "btn btn-default" %>
<% end %>
<%= link_to 'Delete', admin_user_path(user), method: :delete, data: { confirm: 'Are you sure? This can not be undone.' }, class: "btn btn-default" %>
</div>
</td>
</tr>

View file

@ -80,6 +80,11 @@ describe Admin::UsersController do
end
context "(de)activating users" do
it "does not show deactivation buttons for the current user" do
visit admin_users_path
expect(page).not_to have_css("a[href='/admin/users/#{users(:jane).id}/deactivate']")
end
it "deactivates an existing user" do
visit admin_users_path
expect(page).not_to have_text('inactive')