implement destroying custom actions

app/controllers/custom_actions_controller.rb

@@ -31,7 +31,7 @@ class CustomActionsController < ApplicationController
   before_action :require_admin
 
   self._model_object = CustomAction
-  before_action :find_model_object, only: %i(edit update)
+  before_action :find_model_object, only: %i(edit update destroy)
 
   layout 'admin'
 
@@ -78,4 +78,10 @@ class CustomActionsController < ApplicationController
       end
     end
   end
+
+  def destroy
+    @custom_action.destroy
+
+    redirect_to custom_actions_path
+  end
 end

app/views/custom_actions/index.html.erb

@@ -41,6 +41,7 @@
             <%= link_to l(:button_edit),
                         edit_custom_action_path(action),
                         class: 'icon icon-edit' %>
+            <%= delete_link custom_action_path(action) %>
           </td>
         </tr>
       <% end %>

config/routes.rb

@@ -354,7 +354,7 @@ OpenProject::Application.routes.draw do
       end
     end
 
-    resources :custom_actions, only: %i(index new create edit update)
+    resources :custom_actions, except: :show
   end
 
   # We should fix this crappy routing (split up and rename controller methods)

spec/controllers/custom_actions_controller_spec.rb

@@ -183,7 +183,7 @@ describe CustomActionsController, type: :controller do
     context 'for non admins' do
       before do
         login_as(non_admin)
-        get :new
+        post :create, params: params
       end
 
       it 'returns 403' do
@@ -351,7 +351,68 @@ describe CustomActionsController, type: :controller do
     context 'for non admins' do
       before do
         login_as(non_admin)
-        get :new
+        patch :update, params: params
+      end
+
+      it 'returns 403' do
+        expect(response.response_code)
+          .to eql 403
+      end
+    end
+  end
+
+  describe '#destroy' do
+    let(:current_user) { admin }
+    let(:params) do
+      { id: "42" }
+    end
+
+    before do
+      allow(CustomAction)
+        .to receive(:find)
+              .with(params[:id])
+              .and_return(action)
+    end
+
+    context 'for admins' do
+      before do
+        expect(action)
+          .to receive(:destroy)
+          .and_return(true)
+
+        login_as(current_user)
+
+        delete :destroy, params: params
+      end
+
+      it 'redirects to index' do
+        expect(response)
+          .to redirect_to(custom_actions_path)
+      end
+    end
+
+    context 'for admins on invalid id' do
+      before do
+        allow(CustomAction)
+          .to receive(:find)
+                .with(params[:id])
+                .and_raise(ActiveRecord::RecordNotFound)
+
+        login_as(current_user)
+
+        delete :destroy, params: params
+      end
+
+      it 'returns 404 NOT FOUND' do
+        expect(response.response_code)
+          .to eql 404
+      end
+    end
+
+    context 'for non admins' do
+      before do
+        login_as(non_admin)
+        delete :destroy, params: params
       end
 
       it 'returns 403' do

spec/features/work_packages/workflow_buttons_spec.rb

@@ -240,5 +240,28 @@ describe 'Workflow buttons', type: :feature, js: true do
                               priority: default_priority.name
     wp_page.expect_notification message: 'Successful update'
     wp_page.dismiss_notification!
+
+    # Delete 'Reject' from list of actions
+    login_as(admin)
+
+    index_ca_page.visit!
+
+    index_ca_page.delete('Reject')
+
+    index_ca_page.expect_current_path
+    index_ca_page.expect_listed('Unassign', 'Close', 'Escalate')
+
+    login_as(user)
+
+    wp_page.visit!
+
+    expect(page)
+      .to have_selector('.workflow-button', text: 'Unassign')
+    expect(page)
+      .to have_selector('.workflow-button', text: 'Close')
+    expect(page)
+      .to have_selector('.workflow-button', text: 'Escalate')
+    expect(page)
+      .to have_no_selector('.workflow-button', text: 'Reject')
   end
 end

spec/routing/custom_actions_spec.rb

@@ -63,4 +63,11 @@ describe 'custom_actions routes', type: :routing do
         .to route_to('custom_actions#update', id: "42")
     end
   end
+
+  describe 'delete' do
+    it 'links DELETE /admin/custom_actions/:id' do
+      expect(delete('/admin/custom_actions/42'))
+        .to route_to('custom_actions#destroy', id: "42")
+    end
+  end
 end

spec/support/pages/admin/custom_actions/index.rb

@@ -41,12 +41,8 @@ module Pages
         end
 
         def edit(name)
-          within 'table' do
-            row = find('tr', text: name)
-
-            within row.find('.buttons') do
-              click_link 'Edit'
-            end
+          within_buttons_of name do
+            click_link 'Edit'
           end
 
           custom_action = CustomAction.find_by(name: name)
@@ -54,6 +50,14 @@ module Pages
           Pages::Admin::CustomActions::Edit.new(custom_action)
         end
 
+        def delete(name)
+          within_buttons_of name do
+            click_link 'Delete'
+
+            accept_alert_dialog!
+          end
+        end
+
         def expect_listed(*names)
           within 'table' do
             Array(names).each do |name|
@@ -66,6 +70,18 @@ module Pages
         def path
           custom_actions_path
         end
+
+        private
+
+        def within_buttons_of(name)
+          within 'table' do
+            row = find('tr', text: name)
+
+            within row.find('.buttons') do
+              yield
+            end
+          end
+        end
       end
     end
   end