Disabled delete button for the logged user

To avoid some bad things to happen…
This commit is contained in:
Jeremy Benoist 2016-10-02 13:21:45 +02:00
parent eb4142e0af
commit ccc7faec09
No known key found for this signature in database
GPG key ID: BCA73962457ACC3C
2 changed files with 12 additions and 1 deletions

View file

@ -72,7 +72,7 @@
</form> </form>
<p> <p>
{{ form_start(delete_form) }} {{ form_start(delete_form) }}
<button onclick="return confirm('{{ 'user.form.delete_confirm'|trans|escape('js') }}')" type="submit" class="btn waves-effect waves-light red">{{ 'user.form.delete'|trans }}</button> <button {% if app.user.id == user.id %}disabled="disabled"{% endif %} onclick="return confirm('{{ 'user.form.delete_confirm'|trans|escape('js') }}')" type="submit" class="btn waves-effect waves-light red">{{ 'user.form.delete'|trans }}</button>
{{ form_end(delete_form) }} {{ form_end(delete_form) }}
</p> </p>
<p><a class="waves-effect waves-light btn blue-grey" href="{{ path('user_index') }}">{{ 'user.form.back_to_list'|trans }}</a></p> <p><a class="waves-effect waves-light btn blue-grey" href="{{ path('user_index') }}">{{ 'user.form.back_to_list'|trans }}</a></p>

View file

@ -68,4 +68,15 @@ class ManageControllerTest extends WallabagCoreTestCase
// Check the user has been delete on the list // Check the user has been delete on the list
$this->assertNotRegExp('/Foo User/', $client->getResponse()->getContent()); $this->assertNotRegExp('/Foo User/', $client->getResponse()->getContent());
} }
public function testDeleteDisabledForLoggedUser()
{
$this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/users/'.$this->getLoggedInUserId().'/edit');
$disabled = $crawler->selectButton('user.form.delete')->extract('disabled');
$this->assertEquals('disabled', $disabled[0]);
}
} }