references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Destroy backups of a user resetting their backup token

Browse Source 
https://community.openproject.org/work_packages/73341
This commit is contained in:
Oliver Günther
2026-03-23 14:00:13 +01:00
parent 5afbb96f07
commit 15e5fbc9df
2 changed files with 78 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/admin/backups_controller.rb
+8
View File
@@ -71,6 +71,7 @@ class Admin::BackupsController < ApplicationController
end
def delete_token
destroy_user_backups!
Token::Backup.where(user: current_user).destroy_all
flash[:info] = t("backup.text_token_deleted")
@@ -91,6 +92,13 @@ class Admin::BackupsController < ApplicationController
.last
end
def destroy_user_backups!
Backup
.joins(:job_status)
.where(job_status: { user: current_user })
.destroy_all
end
def token_reset_successful!(token)
notify_user_and_admins current_user, backup_token: token
spec/controllers/admin/backups_controller_spec.rb
+70
View File
@@ -0,0 +1,70 @@
# frozen_string_literal: true
#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
require "spec_helper"
RSpec.describe Admin::BackupsController, with_config: { backup_enabled: true } do
let(:user) { create(:user, global_permissions: [:create_backup]) }
current_user { user }
describe "#delete_token" do
let!(:backup_token) { create(:backup_token, user:) }
let(:backup) { create(:backup) }
let!(:job_status) { create(:delayed_job_status, user:, reference: backup) }
let!(:attachment) { create(:attachment, container: backup) }
it "destroys the backup token" do
expect { delete :delete_token }
.to change { Token::Backup.where(user:).count }.from(1).to(0)
end
it "destroys backup records belonging to the user" do
expect { delete :delete_token }
.to change { Backup.joins(:job_status).where(job_status: { user: }).count }.from(1).to(0)
end
it "destroys backup attachments belonging to the user" do
expect { delete :delete_token }
.to change { Attachment.where(container: backup).count }.from(1).to(0)
end
context "when another user also has a backup" do
let(:other_user) { create(:user, global_permissions: [:create_backup]) }
let(:other_backup) { create(:backup) }
let!(:other_job_status) { create(:delayed_job_status, user: other_user, reference: other_backup) }
it "does not destroy other users' backups" do
expect { delete :delete_token }
.not_to change { Backup.joins(:job_status).where(job_status: { user: other_user }).count }
end
end
end
end