-
-
Notifications
You must be signed in to change notification settings - Fork 195
Commit
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
class Users::CloseAccountController < ApplicationController | ||
Check warning on line 1 in app/controllers/users/close_account_controller.rb GitHub Actions / build
|
||
before_action :authenticate_user! | ||
|
||
def new | ||
# Display a form that explains the process to the users | ||
end | ||
|
||
def create | ||
# If they haven't checked the "confirm" checkbox, then redirect them back to the form | ||
Check warning on line 9 in app/controllers/users/close_account_controller.rb GitHub Actions / build
|
||
return redirect_to users_close_account_path, error: "You must confirm that you want to close your account" if params[:confirm] == "0" | ||
Check warning on line 10 in app/controllers/users/close_account_controller.rb GitHub Actions / build
Check warning on line 10 in app/controllers/users/close_account_controller.rb GitHub Actions / build
|
||
|
||
# Otherwise, create a record of the user's request to close their account | ||
current_user.create_account_closure_request! | ||
|
||
# Send the user an acknowledgement email | ||
UserMailer.account_closure_requested(current_user).deliver_now | ||
|
||
# TODO: Should the user be logged out here? | ||
|
||
redirect_to root_path, notice: "Your account closure request has been received. We will be in touch." | ||
Check warning on line 20 in app/controllers/users/close_account_controller.rb GitHub Actions / build
|
||
end | ||
|
||
private | ||
|
||
def authenticate_user! | ||
return if authenticated? | ||
|
||
ask_to_login( | ||
web: _('To close your account on {{site_name}}', site_name: site_name), | ||
email: _('Then you can close your account on {{site_name}}', site_name: site_name), | ||
Check warning on line 30 in app/controllers/users/close_account_controller.rb GitHub Actions / build
|
||
email_subject: _('Close your account on {{site_name}}', site_name: site_name) | ||
Check warning on line 31 in app/controllers/users/close_account_controller.rb GitHub Actions / build
|
||
) | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# == Schema Information | ||
# Schema version: 20230718062820 | ||
# | ||
# Table name: account_closure_requests | ||
# | ||
# id :bigint not null, primary key | ||
# user_id :bigint not null | ||
# created_at :datetime not null | ||
# updated_at :datetime not null | ||
# | ||
class AccountClosureRequest < ApplicationRecord | ||
belongs_to :user | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<%= form_tag admin_users_account_closing_index_path(user_id: user.id), class: 'span3 form form-inline' do %> | ||
<% disabled = user.closed? %> | ||
<% submit_class = %w(btn btn-danger) %> | ||
<% submit_class << 'disabled' if disabled %> | ||
<%= submit_tag 'Close', | ||
class: submit_class, | ||
disabled: disabled, | ||
data: { confirm: 'Are you sure? This is irreversible.' } %> | ||
<% end %> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<%= render 'scopes' %> | ||
|
||
<div class="row"> | ||
<div class="span12"> | ||
<% if @account_closure_requests.any? %> | ||
<table class="table table-striped"> | ||
<thead> | ||
<tr> | ||
<th>Request ID</th> | ||
<th>User</th> | ||
<th>Created at</th> | ||
<th>Action</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
<% @account_closure_requests.each do |request| %> | ||
<tr id="account-closure-request-<%= request.id %>"> | ||
<td><%= request.id %></td> | ||
<td> | ||
<%= link_to request.user.name, admin_user_path(request.user) %> | ||
</td> | ||
<td><%= request.created_at.to_fs(:long) %></td> | ||
<td> | ||
<%= render 'close_account_form', { user: request.user } %> | ||
</td> | ||
</tr> | ||
<% end %> | ||
</tbody> | ||
</table> | ||
|
||
<% else %> | ||
<p>No users have requested to close their accounts.</p> | ||
<% end %> | ||
</div> | ||
</div> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
<%= raw @name %>, | ||
|
||
<%= _("You've requested to close your account on {{site_name}}." \ | ||
'We will process your request and will be in touch once it has been actioned.', | ||
:site_name => site_name.html_safe) %> | ||
|
||
-- <%= _('the {{site_name}} team', :site_name => site_name.html_safe) %> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
<% @title = "Close your account" %> | ||
<h1><%= @title %></h1> | ||
|
||
<p>If you no longer wish to use your WhatDoTheyKnow account, you can ask us to close your account.</p> | ||
|
||
<p>Closing your account will:</p> | ||
|
||
<ul> | ||
<li>Set your user name to [Name Removed]</li> | ||
<li>Reset your email address to something random</li> | ||
<li>Clear your about me text</li> | ||
<li>Disable all email alerts</li> | ||
<li>Hide any requests you have made from your profile page</li> | ||
<li>Make an automatic attempt to remove your name from your requests</li> | ||
</ul> | ||
|
||
<p>Closing your account will prevent you from logging in. If you have any requests that are ongoing, you will not be able to send any follow up messages to public authorities.</p> | ||
|
||
<%= form_with url: users_close_account_path, method: :post do |form| %> | ||
<p> | ||
<%= form.check_box :confirm, class: "checkbox" %> | ||
I understand that closing my account will mean that I <b>will not</b> be able to login or follow up on my requests, and that this cannot be undone. | ||
</p> | ||
|
||
<%= form.submit "Close my account", class: "button alert", data: { confirm: "Are you sure you want to close your account?" } %> | ||
<% end %> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
class CreateAccountClosureRequests < ActiveRecord::Migration[7.0] | ||
def change | ||
create_table :account_closure_requests do |t| | ||
t.references :user, null: false, foreign_key: true | ||
t.timestamps | ||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# spec/controllers/users/close_account_controller_spec.rb | ||
require 'spec_helper' | ||
|
||
RSpec.describe Users::CloseAccountController, type: :controller do | ||
describe "POST #create" do | ||
let(:user) { FactoryBot.create(:user) } | ||
|
||
before do | ||
sign_in user | ||
end | ||
|
||
after do | ||
user.account_closure_request&.destroy | ||
end | ||
|
||
it "shows the user a confirmation page" do | ||
get :new | ||
assert_response :success | ||
expect(response).to render_template(:new) | ||
end | ||
|
||
it "asks the user to check the confirmation checkbox" do | ||
post :create, params: { confirm: "0" } | ||
assert_response :redirect | ||
expect(response).to redirect_to(users_close_account_path) | ||
expect(flash[:error]).to eq("You must confirm that you want to close your account") | ||
end | ||
|
||
it "creates a record of the user's request to close their account" do | ||
post :create, params: { confirm: "1" } | ||
|
||
user.reload | ||
expect(user.account_closure_request).to be_present | ||
|
||
# Check email has been sent | ||
expect(ActionMailer::Base.deliveries.count).to eq(1) | ||
email = ActionMailer::Base.deliveries.last | ||
expect(email.to).to eq([user.email]) | ||
expect(email.subject).to eq("Your account closure request on #{site_name}") | ||
|
||
assert_response :redirect | ||
expect(response).to redirect_to(root_path) | ||
expect(flash[:notice]).to eq("Your account closure request has been received. We will be in touch.") | ||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# == Schema Information | ||
# Schema version: 20230718062820 | ||
# | ||
# Table name: account_closure_requests | ||
# | ||
# id :bigint not null, primary key | ||
# user_id :bigint not null | ||
# created_at :datetime not null | ||
# updated_at :datetime not null | ||
# | ||
FactoryBot.define do | ||
factory :account_closure_request do | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
require 'spec_helper' | ||
require 'integration/alaveteli_dsl' | ||
|
||
RSpec.describe 'Admin Account Closure Requests' do | ||
before do | ||
allow(AlaveteliConfiguration).to receive(:skip_admin_auth).and_return(false) | ||
|
||
confirm(:admin_user) | ||
@admin = login(:admin_user) | ||
@user = FactoryBot.create(:user) | ||
@account_closure_request = FactoryBot.create(:account_closure_request, user: @user) | ||
end | ||
|
||
context 'viewing account closure requests' do | ||
it 'displays link to "Account closure requests" on admin homepage' do | ||
using_session(@admin) do | ||
visit admin_general_index_path | ||
expect(page).to have_link('Account closure requests') | ||
end | ||
end | ||
|
||
it 'can close an account from the "Account closure requests" page' do | ||
using_session(@admin) do | ||
expect(@user).to_not be_closed | ||
|
||
visit account_closure_requests_admin_users_path | ||
within("tr#account-closure-request-#{@account_closure_request.id}") do | ||
click_button 'Close' | ||
end | ||
expect(page).to have_text('The user account was closed.') | ||
|
||
@user.reload | ||
expect(@user).to be_closed | ||
|
||
visit account_closure_requests_admin_users_path | ||
expect(page).to_not have_text(@user.name) | ||
end | ||
end | ||
end | ||
end |