From 964d74689d31c98881e8fd59d9124e2c72a19d0e Mon Sep 17 00:00:00 2001
From: Markus Otto <zuntrax@infra.run>
Date: Wed, 12 Jan 2022 00:40:32 +0100
Subject: [PATCH] Fix cascaded deletion of shared_access for users and rooms
 (#3055)

* GIT-2444: add test for deletion of shared rooms

* GIT-3054: add test for deletion of user with shared rooms

* GIT-2444: fix deletion of shared rooms

Fixes #2444

* GIT-3054: fix deletion of user with shared rooms

Fixes #3054

Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
---
 app/models/room.rb                        |  2 +-
 app/models/user.rb                        |  2 +-
 spec/controllers/rooms_controller_spec.rb | 12 ++++++++++++
 spec/controllers/users_controller_spec.rb | 14 ++++++++++++++
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/app/models/room.rb b/app/models/room.rb
index ec8f9d2e..c56d550b 100644
--- a/app/models/room.rb
+++ b/app/models/room.rb
@@ -28,7 +28,7 @@ class Room < ApplicationRecord
   validates :name, presence: true
 
   belongs_to :owner, class_name: 'User', foreign_key: :user_id
-  has_many :shared_access
+  has_many :shared_access, dependent: :destroy
 
   has_one_attached :presentation
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 9efeffcd..330ebd5b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -28,7 +28,7 @@ class User < ApplicationRecord
   before_destroy :destroy_rooms
 
   has_many :rooms
-  has_many :shared_access
+  has_many :shared_access, dependent: :destroy
   belongs_to :main_room, class_name: 'Room', foreign_key: :room_id, required: false
 
   has_and_belongs_to_many :roles, join_table: :users_roles # obsolete
diff --git a/spec/controllers/rooms_controller_spec.rb b/spec/controllers/rooms_controller_spec.rb
index 4733cd49..58131c0b 100644
--- a/spec/controllers/rooms_controller_spec.rb
+++ b/spec/controllers/rooms_controller_spec.rb
@@ -535,6 +535,18 @@ describe RoomsController, type: :controller do
       expect(response).to redirect_to(@user.main_room)
     end
 
+    it "should also delete shared rooms" do
+      guest = create(:user)
+      SharedAccess.create(room_id: @secondary_room.id, user_id: guest.id)
+
+      @request.session[:user_id] = @user.id
+
+      delete :destroy, params: { room_uid: @secondary_room }
+
+      expect(Room.exists?(@secondary_room.id)).to be false
+      expect(SharedAccess.exists?(room_id: @secondary_room.id, user_id: guest.id)).to be false
+    end
+
     it "should not delete room if not owner" do
       random_user = create(:user)
       @request.session[:user_id] = random_user.id
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index f20623c2..31f22003 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -603,6 +603,20 @@ describe UsersController, type: :controller do
       expect(flash[:alert]).to be_present
       expect(response).to redirect_to(admins_path)
     end
+
+    it "allows user deletion with shared access to rooms" do
+      owner = create(:user)
+      guest = create(:user)
+      room  = create(:room, owner: owner)
+      SharedAccess.create(room_id: room.id, user_id: guest.id)
+
+      @request.session[:user_id] = guest.id
+      delete :destroy, params: { user_uid: guest.uid }
+
+      expect(User.include_deleted.find_by(uid: guest.uid)).to be_nil
+      expect(SharedAccess.exists?(room_id: room.id, user_id: guest.id)).to be false
+      expect(response).to redirect_to(root_path)
+    end
   end
 
   describe "GET | POST #terms" do
-- 
GitLab