From 8f23b7b2563a11557e78d454284c492f4e22eeab Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Tue, 14 Jun 2022 10:14:27 +0200
Subject: [PATCH] Fix delete response in admin users controller

If a user with orders gets deleted in the admin an exception is raised. This exception is handled by the `user_destroy_with_orders_error method`.

This method uses the deprecated (and later removed) `text` response. Instead we need to use `plain`.
---
 .../spree/admin/users_controller.rb           |  2 +-
 .../spree/admin/users_controller_spec.rb      | 29 +++++++++++++++++++
 .../testing_support/factories/user_factory.rb |  6 ++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/backend/app/controllers/spree/admin/users_controller.rb b/backend/app/controllers/spree/admin/users_controller.rb
index 0786ae20497..6879a33692e 100644
--- a/backend/app/controllers/spree/admin/users_controller.rb
+++ b/backend/app/controllers/spree/admin/users_controller.rb
@@ -121,7 +121,7 @@ def user_params
       # handling raise from Spree::Admin::ResourceController#destroy
       def user_destroy_with_orders_error
         invoke_callbacks(:destroy, :fails)
-        render status: :forbidden, text: t('spree.error_user_destroy_with_orders')
+        render status: :forbidden, plain: t("spree.error_user_destroy_with_orders")
       end
 
       def sign_in_if_change_own_password
diff --git a/backend/spec/controllers/spree/admin/users_controller_spec.rb b/backend/spec/controllers/spree/admin/users_controller_spec.rb
index 0144f7fa6c3..be07dd8d678 100644
--- a/backend/spec/controllers/spree/admin/users_controller_spec.rb
+++ b/backend/spec/controllers/spree/admin/users_controller_spec.rb
@@ -446,6 +446,35 @@ def user
     end
   end
 
+  describe "#destroy" do
+    stub_authorization! do |_user|
+      can :manage, Spree.user_class
+    end
+
+    subject do
+      delete :destroy, params: { id: user.id }
+      response
+    end
+
+    context "with user having no orders" do
+      let(:user) { create(:user) }
+
+      it "can be destroyed" do
+        is_expected.to be_redirect
+        expect(flash[:success]).to eq("User has been successfully removed!")
+      end
+    end
+
+    context "with user having orders" do
+      let(:user) { create(:user, :with_orders) }
+
+      it "cannot be destroyed" do
+        is_expected.to be_forbidden
+        expect(subject.body).to eq I18n.t("spree.error_user_destroy_with_orders")
+      end
+    end
+  end
+
   describe "#orders" do
     stub_authorization! do |_user|
       can :manage, Spree.user_class
diff --git a/core/lib/spree/testing_support/factories/user_factory.rb b/core/lib/spree/testing_support/factories/user_factory.rb
index 10b2f5db6dc..2527ca3467a 100644
--- a/core/lib/spree/testing_support/factories/user_factory.rb
+++ b/core/lib/spree/testing_support/factories/user_factory.rb
@@ -21,6 +21,12 @@
       end
     end
 
+    trait :with_orders do
+      after(:create) do |user, _|
+        create(:order, user: user)
+      end
+    end
+
     factory :admin_user do
       after(:create) do |user, _|
         admin_role = Spree::Role.find_by(name: 'admin') || create(:role, name: 'admin')