diff --git a/app/assets/javascripts/admin/mass_actions/force_delete.js b/app/assets/javascripts/admin/mass_actions/force_delete.js deleted file mode 100644 index 62ecc1cf9..000000000 --- a/app/assets/javascripts/admin/mass_actions/force_delete.js +++ /dev/null @@ -1,3 +0,0 @@ -$('input:file').on("change", function() { - $('input:submit').prop('disabled', !$(this).val()); -}); diff --git a/app/controllers/admin/mass_actions_controller.rb b/app/controllers/admin/mass_actions_controller.rb index 9c83e4978..d22568155 100644 --- a/app/controllers/admin/mass_actions_controller.rb +++ b/app/controllers/admin/mass_actions_controller.rb @@ -2,10 +2,11 @@ module Admin class MassActionsController < BaseController - authorize_resource + before_action :authorize_admin # GET /admin/mass_actions - def index; end + def index + end # POST /admin/mass_actions def create @@ -19,5 +20,9 @@ module Admin redirect_to(admin_mass_actions_path, notice: notice) end + + def authorize_admin + authorize! :manage, :mass_actions + end end end diff --git a/app/models/ability.rb b/app/models/ability.rb index 71c28e7e7..5772e1f1d 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -109,7 +109,7 @@ class Ability can :destroy, :pending can :create, :zonefile can :access, :settings_menu - can :manage, MassAction + can :manage, :mass_actions end def static_registrant diff --git a/app/views/admin/mass_actions/index.html.erb b/app/views/admin/mass_actions/index.html.erb index 4e500f86b..9af6a240f 100644 --- a/app/views/admin/mass_actions/index.html.erb +++ b/app/views/admin/mass_actions/index.html.erb @@ -7,11 +7,13 @@

Triggers soft force delete procedure for uploaded domain list. List must be in CSV format. Each domain entry must be on separate line. Line must include domain_name (puny) followed with delete_reason, separated by comma.

Allowed delete reasons: ENTITY_BURIED | PHONE | EMAIL

- <%= form_tag admin_mass_actions_path, multipart: true do %> - <%= file_field_tag :entry_list, accept: 'text/csv' %> + <%= form_tag admin_mass_actions_path, multipart: true, method: :post do %> + <%= label_tag :entry_list %> + <%= file_field_tag :entry_list, required: true, accept: 'text/csv' %> <%= hidden_field_tag :mass_action, 'force_delete' %> + <%= hidden_field_tag :authenticity_token, form_authenticity_token %>
- <%= submit_tag "Start force delete process", class: 'btn btn-danger', disabled: true %> + <%= submit_tag "Start force delete process", class: 'btn btn-danger', id: 'fd_submit' %> <% end %>
diff --git a/test/fixtures/files/invalid_mass_force_delete_list.csv b/test/fixtures/files/invalid_mass_force_delete_list.csv new file mode 100644 index 000000000..2b153874b --- /dev/null +++ b/test/fixtures/files/invalid_mass_force_delete_list.csv @@ -0,0 +1,2 @@ +domain_name, delete_reason +sh\รก;[]c' diff --git a/test/fixtures/files/valid_mass_force_delete_list.csv b/test/fixtures/files/valid_mass_force_delete_list.csv new file mode 100644 index 000000000..08ded84cd --- /dev/null +++ b/test/fixtures/files/valid_mass_force_delete_list.csv @@ -0,0 +1,2 @@ +domain_name, delete_reason +shop.test,ENTITY_BURIED diff --git a/test/system/admin_area/mass_actions/mass_force_delete_test.rb b/test/system/admin_area/mass_actions/mass_force_delete_test.rb new file mode 100644 index 000000000..7b4688b32 --- /dev/null +++ b/test/system/admin_area/mass_actions/mass_force_delete_test.rb @@ -0,0 +1,23 @@ +require 'application_system_test_case' +require 'test_helper' + +class AdminAreaMassActionsForceDeleteTest < ApplicationSystemTestCase + def setup + sign_in users(:admin) + end + + def test_processes_uploaded_valid_csv + visit admin_mass_actions_path + + attach_file('entry_list', Rails.root.join('test', 'fixtures', 'files', 'valid_mass_force_delete_list.csv').to_s) + click_link_or_button 'Start force delete process' + assert_text 'force_delete completed for ["shop.test"]. Failed: objects: []' + end + + def test_processes_uploaded_invalid_csv + visit admin_mass_actions_path + attach_file(:entry_list, Rails.root.join('test', 'fixtures', 'files', 'invalid_mass_force_delete_list.csv').to_s) + click_link_or_button 'Start force delete process' + assert_text 'Dataset integrity validation failed for force_delete' + end +end