Skip to content

Commit

Permalink
[MKT-575] Prevent accidental deletion in points (#310)
Browse files Browse the repository at this point in the history
* [MKT-575] Prevent accidental deletion in points

https://ombulabs.atlassian.net/browse/MKT-575

* added spec for checking destroy when title does not match

---------

Co-authored-by: rishijain <[email protected]>
  • Loading branch information
JuanVqz and rishijain authored Oct 10, 2023
1 parent 1be286f commit f6bc154
Show file tree
Hide file tree
Showing 8 changed files with 75 additions and 12 deletions.
4 changes: 4 additions & 0 deletions app/assets/stylesheets/stories.scss
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@
padding-bottom: 1.3em;
}

.modal strong {
font-weight: bold;
}

.new_story,
.edit_story {
display: grid;
Expand Down
15 changes: 12 additions & 3 deletions app/controllers/projects_controller.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
class ProjectsController < ApplicationController
before_action :authenticate_user!
before_action :find_project, only: [:show, :edit, :update, :sort, :sort_stories, :destroy, :new_sub_project, :toggle_archive, :toggle_locked]
before_action :find_project, only: [:show, :edit, :update, :sort, :sort_stories, :destroy, :new_sub_project, :toggle_archive, :toggle_locked, :open_delete_modal]
before_action :ensure_unarchived!, only: [:edit, :new_sub_project, :update]

def index
Expand Down Expand Up @@ -70,9 +70,14 @@ def create
end

def destroy
@project.destroy
respond_to do |format|
format.html { redirect_to projects_path, notice: "Project was successfully destroyed." }
if @project.title.strip.eql?(params.dig(:project, :title)&.strip)
@project.destroy
flash[:success] = "Project was successfully destroyed."
else
flash[:error] = "Make sure you added the correct project's title"
end
format.html { redirect_to projects_path }
end
end

Expand Down Expand Up @@ -104,6 +109,10 @@ def new_sub_project
@sub = Project.new(parent_id: @project)
end

# GET /projects/1/open_delete_modal.js
def open_delete_modal
end

private

def find_project
Expand Down
12 changes: 12 additions & 0 deletions app/views/projects/_delete_form.html.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<%= form_with(model: project, method: :delete) do |f| %>
This action cannot be undone.
This will permanently delete the <strong><%= project.title %></strong> project,
stories, and associated estimations.

<div class="field">
<%= f.label :title, raw("Please type <strong>#{project.title}</strong> to confirm.") %>
<%= f.text_field :title, value: "", placeholder: "Project's title", autofocus: true, required: true %>
</div>

<%= f.submit "I understand the consequences, delete this project", class: "button magenta" %>
<% end %>
3 changes: 3 additions & 0 deletions app/views/projects/open_delete_modal.js.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
(function(){
showModal("Are you absolutely sure?", "<%= j(render('delete_form', project: @project)) %>")
})()
2 changes: 1 addition & 1 deletion app/views/projects/show.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@

<% if is_unlocked?(@project) %>
<%= link_unless_archived(@project, "Add Sub-Project", project_new_sub_project_path(@project), classes: :green) unless @project.parent_id.present? %>
<%= link_unless_archived(@project, "Delete Project", project_path(@project.id), classes: "delete magenta", method: :delete, remote: true, data_attr: { confirm: 'Are you sure?' }, id: "delete") %>
<%= link_unless_archived(@project, "Delete Project", open_delete_modal_project_path(@project.id), classes: "delete magenta", remote: true) %>
<% end %>

<% unless @project.parent_id %>
Expand Down
1 change: 1 addition & 0 deletions config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
patch :toggle_locked
get :new_clone
post :clone
get :open_delete_modal
end
get :new_sub_project

Expand Down
28 changes: 27 additions & 1 deletion spec/controllers/projects_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,35 @@
describe "#destroy" do
it "deletes the project" do
expect {
delete :destroy, params: {id: project.id}
delete :destroy, params: {id: project.id, project: {title: project.title}}
}.to change(Project, :count).by(-1)
end

it "deletes stripped project's title" do
project.update(title: " foo bar ")
expect {
delete :destroy, params: {id: project.id, project: {title: "foo bar"}}
}.to change(Project, :count).by(-1)
end

it "deletes stripped project's params" do
project.update(title: "foo bar")
expect {
delete :destroy, params: {id: project.id, project: {title: "foo bar "}}
}.to change(Project, :count).by(-1)
end

it "does not delete the project" do
expect {
delete :destroy, params: {id: project.id}
}.not_to change(Project, :count)
end

it "does not delete the project when the title does not match" do
expect {
delete :destroy, params: {id: project.id, project: {title: "random title"}}
}.not_to change(Project, :count)
end
end

describe "#show" do
Expand Down
22 changes: 15 additions & 7 deletions spec/features/projects_manage_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,27 @@
end

context "when the project is unarchived" do
it "allows me to delete a project", js: false do
it "does not delete a project" do
project.update(title: "Awesome Project's Title")
visit project_path(id: project.id)

click_link "Delete Project"
expect(Project.count).to eq 0
expect(page).to have_content "Are you absolutely sure?"
fill_in "project_title", with: "Random Project's Title"
click_button "I understand the consequences, delete this project"

expect(page).to have_content "Make sure you added the correct project's title"
end

it "allows me to delete a project" do
visit project_path(id: project.id)
accept_confirm do
click_link "Delete Project"
end
expect(page).not_to have_content "Delete Project"
expect(Project.count).to eq 0

click_link "Delete Project"
expect(page).to have_content "Are you absolutely sure?"
fill_in "project_title", with: project.title
click_button "I understand the consequences, delete this project"

expect(page).to have_content "Project was successfully destroyed."
end

it "allows editing the project's title inline" do
Expand Down

0 comments on commit f6bc154

Please sign in to comment.