mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-04 06:55:00 +08:00
d56fca0fd7
The `can_permanently_delete` site setting was hidden and could only be enabled via the Rails console. There was no indication in the admin UI that this capability existed, leading to confusion and wasted time for admins trying to permanently delete content. This commit unhides the setting and adds layered safeguards at every level of the permanent deletion flow: **Site setting visibility:** - Remove `hidden: true` so the setting appears in the admin UI - Add a `requires_confirmation` dialog when enabling (not when disabling) via a new `simple_on_enable` confirmation type - Add a proper setting description since it was missing **Type-to-confirm on all permanent delete actions:** - Replace the weak yes/no dialogs on post and revision permanent deletion with a type-to-confirm pattern (type "permanently delete") - Show context-aware titles and messages (post vs topic, with post count for topics) - Reusable `PermanentlyDeleteConfirm` dialog body component following the `SecondFactorConfirmPhrase` pattern **Server-side pre-check endpoint:** - Add `GET /posts/:id/permanently_delete_check` (admin-only via `AdminConstraint`) that uses the guardian to validate whether permanent deletion is allowed before showing the confirmation dialog - Returns the reason when denied (cooldown timer, undeleted posts) so the admin gets immediate feedback instead of going through the full confirmation flow only to be rejected - Returns accurate `post_count` for topic deletion messages **Refactors:** - Extract `Topic#deletable_posts_count` to share the post counting query between the guardian, `cannot_permanently_delete_reason`, and the new endpoint - Use exclusion (`NOT small_action`) instead of inclusion for post type filtering, so plugin-added post types are counted correctly Ref - t/181345 --------- Co-authored-by: Martin Brennan <martin@discourse.org>
60 lines
2 KiB
Ruby
60 lines
2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe "Admin Site Setting Requires Confirmation" do
|
|
let(:settings_page) { PageObjects::Pages::AdminSiteSettings.new }
|
|
let(:dialog) { PageObjects::Components::Dialog.new }
|
|
fab!(:admin)
|
|
|
|
before do
|
|
SiteSetting.min_password_length = 10
|
|
sign_in(admin)
|
|
end
|
|
|
|
it "requires confirmation and shows the correct message" do
|
|
settings_page.visit("min_password_length")
|
|
settings_page.change_number_setting("min_password_length", 12)
|
|
expect(dialog).to be_open
|
|
expect(dialog).to have_content(
|
|
I18n.t(
|
|
"admin_js.admin.site_settings.requires_confirmation_messages.min_password_length.prompt",
|
|
),
|
|
)
|
|
expect(dialog).to have_content(
|
|
I18n.t(
|
|
"admin_js.admin.site_settings.requires_confirmation_messages.min_password_length.confirm",
|
|
),
|
|
)
|
|
dialog.click_yes
|
|
expect(dialog).to be_closed
|
|
expect(settings_page).to have_overridden_setting("min_password_length", value: 12)
|
|
end
|
|
|
|
it "does not save the new setting value if the admin cancels confirmation" do
|
|
settings_page.visit("min_password_length")
|
|
settings_page.change_number_setting("min_password_length", 12)
|
|
expect(dialog).to be_open
|
|
dialog.click_no
|
|
expect(dialog).to be_closed
|
|
expect(settings_page).to have_no_overridden_setting("min_password_length")
|
|
end
|
|
|
|
context "with simple_on_enable confirmation type" do
|
|
it "shows confirmation when enabling the setting" do
|
|
settings_page.visit("can_permanently_delete")
|
|
settings_page.toggle_bool_setting("can_permanently_delete")
|
|
expect(dialog).to be_open
|
|
expect(dialog).to have_content(
|
|
I18n.t(
|
|
"admin_js.admin.site_settings.requires_confirmation_messages.can_permanently_delete.prompt",
|
|
),
|
|
)
|
|
end
|
|
|
|
it "does not show confirmation when disabling the setting" do
|
|
SiteSetting.can_permanently_delete = true
|
|
settings_page.visit("can_permanently_delete")
|
|
settings_page.toggle_bool_setting("can_permanently_delete")
|
|
expect(dialog).to be_closed
|
|
end
|
|
end
|
|
end
|
