Don't let admins delete users with submissions

Redande · Redande · commit 747c98236709 · 2019-03-13T16:08:23.000+02:00
diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb
@@ -34,12 +34,16 @@ def update
   end
 
   def dangerously_destroy_user
+    @user = authenticate_current_user_destroy
+    if @user.submissions.length != 0
+      redirect_to user_has_submissions_participant_settings_url
+      return
+    end
     im_sure = params[:im_sure]
     if im_sure != '1'
       redirect_to verify_dangerously_destroying_user_participant_settings_url, notice: 'Please check the checkbox after you have read the instructions.'
       return
     end
-    @user = authenticate_current_user_destroy
     username = @user.login
     sign_out if current_user == @user
     email = @user.email
@@ -53,6 +57,10 @@ def verify_dangerously_destroying_user
     @user = authenticate_current_user_destroy
   end
 
+  def user_has_submissions
+    @user = authenticate_current_user_destroy
+  end
+
   private
 
     def authenticate_current_user_destroy
diff --git a/app/views/settings/user_has_submissions.html.erb b/app/views/settings/user_has_submissions.html.erb
@@ -0,0 +1,6 @@
+<div class="jumbotron hero-unit-alert alert-danger">
+  You can't delete this user, because they have submissions. Advice them to delete their own account by pressing "Request deleting account" -button themselves from their User settings.
+  <br>
+  <br>
+  <strong>Make sure that they realize they will lose their progress in all of their courses, and can't ever get any certificates etc. for anything they've done after account deletion.</strong>
+</div>
diff --git a/app/views/settings/verify_dangerously_destroying_user.html.erb b/app/views/settings/verify_dangerously_destroying_user.html.erb
@@ -1,14 +1,9 @@
 <h1>Confirm deleting account: <%= @user.username %> (<%= @user.email %>)</h1>
 
-<div class="jumbotron hero-unit-alert alert-danger">
-  Before deleting this user, make sure they don't have any submissions. If they have submissions, advice them to delete their own account by pressing "Request deleting account" -button themselves from their User settings.
-</div>
-
-
 <%= form_tag(dangerously_destroy_user_participant_settings_path, method: :delete, class: 'form-horizontal') do  %>
   <div class="form-group">
     <%= check_box_tag :im_sure %>
-    <%= label_tag "I've read the above and I'm sure I understand the consequences", nil, class: "control-label", for: :im_sure %>
+    <%= label_tag "I'm sure this user wants to be deleted.", nil, class: "control-label", for: :im_sure %>
   </div>
   <p><strong>Pressing the button below will permanently destroy this mooc.fi account.</strong></p>
   <%= submit_tag("Destroy this account permanently", class: "btn btn-danger", data: { confirm: "Are you sure you want to delete the account #{@user.login}?"}, disabled: "disabled", id: :destroy_button) %>
diff --git a/config/routes.rb b/config/routes.rb
@@ -240,6 +240,7 @@
       post 'dangerously_destroy_user', to: 'settings#dangerously_destroy_user'
       get 'verify_dangerously_destroying_user', to: 'settings#verify_dangerously_destroying_user'
       delete 'dangerously_destroy_user', to: 'settings#dangerously_destroy_user'
+      get 'user_has_submissions', to: 'settings#user_has_submissions'
     end
     resources :certificates, only: [:index]
     collection do
