ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix admins merging users across shards via the UI fixes #11783 

basically use ids, not uuids

test plan:
 * as a site admin
 * go to a user
 * click "merge with another user"
 * in the id field, put in a global id
 * it should pull up that user
 * finish the merge
 * it should succeed

Change-Id: I11f6a2e989f8342d748c5a7ba63aac414f340ca4
Reviewed-on: https://gerrit.instructure.com/15366
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
This commit is contained in:
Cody Cutrer 2012-11-14 13:40:33 -07:00
parent 7e8196c93d
commit 41bd4a40bb
4 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/controllers/users_controller.rb
View File

@ -906,10 +906,9 @@ class UsersController < ApplicationController
end end
def merge def merge
@user_about_to_go_away = User.find_by_uuid(session[:merge_user_uuid]) if session[:merge_user_uuid].present? @user_about_to_go_away = User.find_by_id(session[:merge_user_id]) if session[:merge_user_id].present?
@user_about_to_go_away = nil unless @user_about_to_go_away.id == params[:user_id].to_i
if params[:new_user_uuid] && @true_user = User.find_by_uuid(params[:new_user_uuid]) if params[:new_user_id] && @true_user = User.find_by_id(params[:new_user_id])
if @true_user.grants_right?(@current_user, session, :manage_logins) && @user_about_to_go_away.grants_right?(@current_user, session, :manage_logins) if @true_user.grants_right?(@current_user, session, :manage_logins) && @user_about_to_go_away.grants_right?(@current_user, session, :manage_logins)
@user_that_will_still_be_around = @true_user @user_that_will_still_be_around = @true_user
else else
@ -919,10 +918,10 @@ class UsersController < ApplicationController
@user_that_will_still_be_around = @current_user @user_that_will_still_be_around = @current_user
end end
if @user_about_to_go_away && @user_that_will_still_be_around && @user_about_to_go_away.id.to_s == params[:user_id] if @user_about_to_go_away && @user_that_will_still_be_around
@user_about_to_go_away.move_to_user(@user_that_will_still_be_around) @user_about_to_go_away.move_to_user(@user_that_will_still_be_around)
@user_that_will_still_be_around.touch @user_that_will_still_be_around.touch
session.delete(:merge_user_uuid) session.delete(:merge_user_id)
flash[:notice] = t('user_merge_success', "User merge succeeded! %{first_user} and %{second_user} are now one and the same.", :first_user => @user_that_will_still_be_around.name, :second_user => @user_about_to_go_away.name) flash[:notice] = t('user_merge_success', "User merge succeeded! %{first_user} and %{second_user} are now one and the same.", :first_user => @user_that_will_still_be_around.name, :second_user => @user_about_to_go_away.name)
else else
flash[:error] = t('user_merge_fail', "User merge failed. Please make sure you have proper permission and try again.") flash[:error] = t('user_merge_fail', "User merge failed. Please make sure you have proper permission and try again.")
@ -949,7 +948,6 @@ class UsersController < ApplicationController
end end
if @other_user && @other_user.grants_right?(@current_user, session, :manage_logins) if @other_user && @other_user.grants_right?(@current_user, session, :manage_logins)
session[:merge_user_id] = @user.id session[:merge_user_id] = @user.id
session[:merge_user_uuid] = @user.uuid
session.delete(:pending_user_id) session.delete(:pending_user_id)
else else
@other_user = nil @other_user = nil
@ -960,14 +958,10 @@ class UsersController < ApplicationController
def get_pending_user_and_error(pending_user_id, entered_user_id) def get_pending_user_and_error(pending_user_id, entered_user_id)
pending_other_error = nil pending_other_error = nil
if entered_user_id.to_s != entered_user_id.to_i.to_s && entered_user_id.present? @pending_other_user = api_find_all(User, [pending_user_id]).first if pending_user_id.present?
pending_user_id = nil
pending_other_error = t('invalid_input', "Invalid input. Please enter a valid ID.")
end
@pending_other_user = User.find_by_id(pending_user_id) if pending_user_id.present?
@pending_other_user = nil if @pending_other_user == @user
@pending_other_user = nil unless @pending_other_user.try(:grants_right?, @current_user, session, :manage_logins) @pending_other_user = nil unless @pending_other_user.try(:grants_right?, @current_user, session, :manage_logins)
if entered_user_id == @user.id.to_s if @pending_other_user == @user
@pending_other_user = nil
pending_other_error = t('cant_self_merge', "You can't merge an account with itself.") pending_other_error = t('cant_self_merge', "You can't merge an account with itself.")
elsif @pending_other_user.blank? && entered_user_id.present? && pending_other_error.blank? elsif @pending_other_user.blank? && entered_user_id.present? && pending_other_error.blank?
pending_other_error = t('user_not_found', "No active user with that ID was found.") pending_other_error = t('user_not_found', "No active user with that ID was found.")
@ -976,12 +970,10 @@ class UsersController < ApplicationController
end end
def confirm_merge def confirm_merge
@user = User.find_by_uuid(session[:merge_user_uuid]) if session[:merge_user_uuid].present? @user = User.find_by_id(session[:merge_user_id]) if session[:merge_user_id].present?
@user = nil unless @user && @user.id == session[:merge_user_id]
if @user && @user != @current_user if @user && @user != @current_user
render :action => 'confirm_merge' render :action => 'confirm_merge'
else else
session[:merge_user_uuid] = @current_user.uuid
session[:merge_user_id] = @current_user.id session[:merge_user_id] = @current_user.id
store_location(user_confirm_merge_url(@current_user.id)) store_location(user_confirm_merge_url(@current_user.id))
render :action => 'merge' render :action => 'merge'

2
app/views/users/admin_merge.html.erb
View File

@ -42,7 +42,7 @@
:target_user_name => @other_user.name, :target_user_email => @other_user.email) %> :target_user_name => @other_user.name, :target_user_email => @other_user.email) %>
<%= render :partial => 'merge_results', :locals => {:user => @user, :other_user => @other_user} %> <%= render :partial => 'merge_results', :locals => {:user => @user, :other_user => @other_user} %>
</p> </p>
<% form_tag user_merge_path(@user, :new_user_uuid => @other_user.uuid), :method => :post do %> <% form_tag user_merge_path(@user, :new_user_id => @other_user.id), :method => :post do %>
<div class="button-container"> <div class="button-container">
<button type="submit" class="btn"><%= t('buttons.merge_user_account', 'Merge User Accounts') %></button> <button type="submit" class="btn"><%= t('buttons.merge_user_account', 'Merge User Accounts') %></button>
<a href="<%= dashboard_path %>" class="btn button-secondary"><%= t('#buttons.cancel', 'Cancel') %></a> <a href="<%= dashboard_path %>" class="btn button-secondary"><%= t('#buttons.cancel', 'Cancel') %></a>

33
spec/integration/users_controller_spec.rb
View File

@ -240,5 +240,38 @@ describe UsersController do
student_grades.text.should match /#{@course.name}/ student_grades.text.should match /#{@course.name}/
end end
end end
describe "admin_merge" do
it "should work for the whole flow" do
user_with_pseudonym(:active_all => 1)
Account.default.add_user(@user)
@admin = @user
user_with_pseudonym(:active_all => 1, :username => 'user2@instructure.com')
user_session(@admin)
get user_admin_merge_url(@user, :pending_user_id => @admin.id)
response.should be_success
assigns['pending_other_user'].should == @admin
assigns['other_user'].should be_nil
session[:pending_user_id].should be_nil
session[:merge_user_id].should be_nil
get user_admin_merge_url(@user, :new_user_id => @admin.id)
response.should be_success
assigns['pending_other_user'].should be_nil
assigns['other_user'].should == @admin
session[:pending_user_id].should be_nil
session[:merge_user_id].should == @user.id
post user_merge_url(@user, :new_user_id => @admin.id)
response.should redirect_to(user_profile_url(@admin))
session[:pending_user_id].should be_nil
session[:merge_user_id].should be_nil
@user.reload.should be_deleted
@admin.reload.should be_registered
@admin.pseudonyms.count.should == 2
end
end
end end

2
spec/selenium/users_spec.rb
View File

@ -173,7 +173,7 @@ describe "users" do
f('.static_message').should be_false f('.static_message').should be_false
f('#manual_user_id').send_keys("azxcvbytre34567uijmm23456yhj") f('#manual_user_id').send_keys("azxcvbytre34567uijmm23456yhj")
expect_new_page_load { f('button[type="submit"]').click } expect_new_page_load { f('button[type="submit"]').click }
f('.static_message').text.should =~ /Invalid input. Please enter a valid ID./ f('.static_message').text.should =~ /No active user with that ID was found./
end end
it "should show an error if the user id doesnt exist" do it "should show an error if the user id doesnt exist" do