Merge pull request #22762 from opf/fix/68573-blank-page-and-error-404-when-calendar-board-team-planner-role-is-deleted

Draft: [68582] Blank page and error 404 when calendar, board, team planner, role is deleted
2026-06-14 03:30:14 +00:00 · 2026-04-23 09:29:38 +02:00
parent 82dd34ff43 c8148ab799
commit ddaff61e26
22 changed files with 224 additions and 13 deletions
@@ -70,7 +70,7 @@ module Admin::Import::Jira
        @jira.destroy!
        flash[:notice] = t(:notice_successful_delete)
      end
-      redirect_to action: :index
+      redirect_to action: :index, status: :see_other
    end

    def delete_token
@@ -74,10 +74,10 @@ module Admin
          handle_reassignment_on_deletion
        elsif @enumeration.destroy
          flash[:notice] = I18n.t(:notice_successful_delete)
-          redirect_to(action: :index)
+          redirect_to(action: :index, status: :see_other)
        else
          flash.now[:error] = I18n.t(:error_can_not_delete_entry)
-          redirect_to(action: :index)
+          redirect_to(action: :index, status: :see_other)
        end
      end

@@ -120,7 +120,7 @@ class ForumsController < ApplicationController
    @forum.destroy!

    flash[:notice] = I18n.t(:notice_successful_delete)
-    redirect_to project_forums_path(@project)
+    redirect_to project_forums_path(@project), status: :see_other
  end

  private
@@ -94,7 +94,7 @@ class RolesController < ApplicationController
    else
      flash[:error] = I18n.t(:error_can_not_remove_role)
    end
-    redirect_to action: "index"
+    redirect_to action: "index", status: :see_other
  end

  def report
@@ -63,7 +63,7 @@ module ::Boards
          render json: { redirect_url: project_work_package_boards_path(@project) }
        end
        format.html do
-          redirect_to action: "index", project_id: @project
+          redirect_to action: "index", project_id: @project, status: :see_other
        end
      end
    end
@@ -49,6 +49,7 @@ RSpec.describe Boards::BoardsController do

        expect(flash[:notice]).to eq(I18n.t(:notice_successful_delete))
        expect(response).to redirect_to(project_work_package_boards_path(project))
+        expect(response).to have_http_status(:see_other)
      end
    end

@@ -72,7 +72,7 @@ module ::Calendar
        flash[:error] = t(:error_can_not_delete_entry)
      end

-      redirect_to action: :index
+      redirect_to action: :index, status: :see_other
    end

    private
@@ -73,4 +73,30 @@ RSpec.describe Calendar::CalendarsController do
      it_behaves_like "calendar#index"
    end
  end
+
+  describe "#destroy" do
+    let(:permissions) { [:manage_calendars] }
+    let(:query) { create(:query, project:, user:) }
+
+    before do
+      create(:view_work_packages_calendar, query:)
+      allow(Query)
+        .to receive(:visible)
+        .and_return(Query.where(id: query.id))
+    end
+
+    context "within a project context" do
+      subject { delete :destroy, params: { project_id: project.id, id: query.id } }
+
+      it "redirects to index with 303 See Other" do
+        subject
+        expect(response).to have_http_status(:see_other)
+        expect(response).to redirect_to(project_calendars_path(project.id))
+      end
+
+      it "deletes the calendar" do
+        expect { subject }.to change { Query.exists?(query.id) }.from(true).to(false)
+      end
+    end
+  end
 end
@@ -88,9 +88,9 @@ class CostlogController < ApplicationController
    flash[:notice] = t(:notice_successful_delete)

    if request.referer.include?("cost_reports")
-      redirect_to controller: "/cost_reports", action: :index
+      redirect_to controller: "/cost_reports", action: :index, status: :see_other
    else
-      redirect_back_or_to(polymorphic_path(@cost_entry.entity))
+      redirect_back_or_to(polymorphic_path(@cost_entry.entity), status: :see_other)
    end
  end

@@ -528,6 +528,19 @@ RSpec.describe CostlogController do
    end
  end

+  describe "DELETE destroy" do
+    before do
+      cost_entry.save(validate: false)
+      grant_current_user_permissions user, %i[view_project view_work_packages view_cost_entries edit_cost_entries]
+      request.env["HTTP_REFERER"] = "http://example.com/work_packages"
+    end
+
+    it "redirects with see_other status" do
+      delete :destroy, params: { id: cost_entry.id }
+      expect(response).to have_http_status(:see_other)
+    end
+  end
+
  describe "PUT update" do
    let(:params) do
      { "id" => cost_entry.id.to_s,
@@ -65,6 +65,6 @@ class DeployTargetsController < ApplicationController

    flash[:success] = I18n.t(:notice_deploy_target_destroyed)

-    redirect_to deploy_targets_path
+    redirect_to deploy_targets_path, status: :see_other
  end
 end
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+require "spec_helper"
+
+RSpec.describe "Deploy targets", :skip_csrf, type: :rails_request do
+  let(:admin) { create(:admin) }
+  let(:deploy_target) { create(:deploy_target) }
+
+  before do
+    login_as(admin)
+  end
+
+  describe "DELETE /deploy_targets/:id" do
+    it "redirects with 303 See Other" do
+      delete deploy_target_path(deploy_target)
+      expect(response).to have_http_status(:see_other)
+      expect(response).to redirect_to(deploy_targets_path)
+    end
+  end
+end
@@ -56,7 +56,7 @@ module LdapGroups
        flash[:error] = I18n.t(:error_can_not_delete_entry)
      end

-      redirect_to ldap_groups_synchronized_groups_path
+      redirect_to ldap_groups_synchronized_groups_path, status: :see_other
    end

    def synchronize
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+require_relative "../spec_helper"
+
+RSpec.describe "LDAP synchronized filters", :skip_csrf, type: :rails_request do
+  let(:admin) { create(:admin) }
+  let(:filter) { create(:ldap_synchronized_filter) }
+
+  before do
+    login_as(admin)
+  end
+
+  describe "DELETE /ldap_groups/synchronized_filters/:ldap_filter_id" do
+    it "redirects with 303 See Other" do
+      delete ldap_groups_synchronized_filter_path(ldap_filter_id: filter.id)
+      expect(response).to have_http_status(:see_other)
+      expect(response).to redirect_to(ldap_groups_synchronized_groups_path)
+    end
+  end
+end
@@ -190,7 +190,7 @@ module Storages
        service_result.on_success do
          flash[:notice] = I18n.t(:notice_successful_delete)
        end
-        redirect_to admin_settings_storages_path
+        redirect_to admin_settings_storages_path, status: :see_other
      end

      def replace_oauth_application
@@ -65,4 +65,21 @@ RSpec.describe Storages::Admin::StoragesController do
      end
    end
  end
+
+  describe "DELETE #destroy" do
+    let(:storage) { build_stubbed(:nextcloud_storage) }
+    let(:service_result) { ServiceResult.success }
+    let(:delete_service) { instance_double(Storages::Storages::DeleteService, call: service_result) }
+
+    before do
+      allow(Storages::Storage).to receive(:visible).and_return(instance_double(ActiveRecord::Relation, find: storage))
+      allow(Storages::Storages::DeleteService).to receive(:new).and_return(delete_service)
+    end
+
+    it "redirects to storages index with see_other" do
+      delete :destroy, params: { id: storage.id }
+      expect(response).to redirect_to(admin_settings_storages_path)
+      expect(response).to have_http_status(:see_other)
+    end
+  end
 end
@@ -50,7 +50,7 @@ module ::TeamPlanner
        flash[:error] = t(:error_can_not_delete_entry)
      end

-      redirect_to action: :index
+      redirect_to action: :index, status: :see_other
    end

    current_menu_item :index do
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+require "spec_helper"
+
+RSpec.describe "Team planners", :skip_csrf, type: :rails_request, with_ee: %i[team_planner_view] do
+  let(:project) { create(:project) }
+  let(:user) do
+    create(:user, member_with_permissions: { project => %i[view_work_packages view_team_planner manage_team_planner] })
+  end
+  let(:query) { create(:query, project:, user:) }
+
+  before do
+    create(:view_team_planner, query:)
+    login_as(user)
+  end
+
+  describe "DELETE /projects/:project_id/team_planners/:id" do
+    it "redirects with 303 See Other" do
+      delete project_team_planner_path(project, query)
+      expect(response).to have_http_status(:see_other)
+      expect(response).to redirect_to(project_team_planners_path(project))
+    end
+  end
+end
@@ -358,6 +358,7 @@ RSpec.describe Admin::Import::Jira::InstancesController do
        jira_to_delete = create(:jira)
        delete :destroy, params: { id: jira_to_delete.id }
        expect(response).to redirect_to(action: :index)
+        expect(response).to have_http_status(:see_other)
      end
    end

@@ -378,6 +379,7 @@ RSpec.describe Admin::Import::Jira::InstancesController do
      it "redirects to index" do
        delete :destroy, params: { id: jira.id }
        expect(response).to redirect_to(action: :index)
+        expect(response).to have_http_status(:see_other)
      end
    end

@@ -200,6 +200,7 @@ RSpec.describe ForumsController do
        end.to change(Forum, :count).by(-1)

        expect(response).to redirect_to project_forums_path(project)
+        expect(response).to have_http_status(:see_other)
        expect(flash[:notice]).to eq(I18n.t(:notice_successful_delete))
      end
    end
@@ -352,6 +352,7 @@ RSpec.describe RolesController do
        expect(enqueued_jobs.count).to eq(1)
        expect(enqueued_jobs[0][:job]).to eq(Storages::ManageStorageIntegrationsJob)
        expect(response).to redirect_to roles_path
+        expect(response).to have_http_status(:see_other)
        expect(Role.count).to eq(0)
      end
    end
@@ -368,6 +369,7 @@ RSpec.describe RolesController do
        expect(enqueued_jobs.count).to eq(0)
        expect(Role.count).to eq(1)
        expect(response).to redirect_to roles_path
+        expect(response).to have_http_status(:see_other)
        expect(flash[:error]).to eq I18n.t(:error_can_not_remove_role)
      end
    end
@@ -58,6 +58,7 @@ RSpec.describe "Work package priorities",
      it "redirects to the priorities index" do
        delete(admin_settings_work_package_priority_path(priority), params:)
        expect(response).to redirect_to admin_settings_work_package_priorities_path
+        expect(response).to have_http_status(:see_other)
        expect { priority.reload }.to raise_error(ActiveRecord::RecordNotFound)
      end
    end