Log admin approve and reject account (#22088)

* Log admin approve and reject account

* Add unit tests for approve and reject logging

app/controllers/admin/accounts_controller.rb

@@ -55,12 +55,14 @@ module Admin
     def approve
       authorize @account.user, :approve?
       @account.user.approve!
+      log_action :approve, @account.user
       redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
     end
 
     def reject
       authorize @account.user, :reject?
       DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
+      log_action :reject, @account.user
       redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
     end
 

app/controllers/api/v1/admin/accounts_controller.rb

@@ -54,12 +54,14 @@ class Api::V1::Admin::AccountsController < Api::BaseController
   def approve
     authorize @account.user, :approve?
     @account.user.approve!
+    log_action :approve, @account.user
     render json: @account, serializer: REST::Admin::AccountSerializer
   end
 
   def reject
     authorize @account.user, :reject?
     DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
+    log_action :reject, @account.user
     render_empty
   end
 

spec/controllers/admin/accounts_controller_spec.rb

@@ -147,6 +147,87 @@ RSpec.describe Admin::AccountsController, type: :controller do
     end
   end
 
+  describe 'POST #approve' do
+    subject { post :approve, params: { id: account.id } }
+
+    let(:current_user) { Fabricate(:user, role: role) }
+    let(:account) { user.account }
+    let(:user) { Fabricate(:user) }
+
+    before do
+      account.user.update(approved: false)
+    end
+
+    context 'when user is admin' do
+      let(:role) { UserRole.find_by(name: 'Admin') }
+
+      it 'succeeds in approving account' do
+        is_expected.to redirect_to admin_accounts_path(status: 'pending')
+        expect(user.reload).to be_approved
+      end
+
+      it 'logs action' do
+        is_expected.to have_http_status :found
+
+        log_item = Admin::ActionLog.last
+
+        expect(log_item).to_not be_nil
+        expect(log_item.action).to eq :approve
+        expect(log_item.account_id).to eq current_user.account_id
+        expect(log_item.target_id).to eq account.user.id
+      end
+    end
+
+    context 'when user is not admin' do
+      let(:role) { UserRole.everyone }
+
+      it 'fails to approve account' do
+        is_expected.to have_http_status :forbidden
+        expect(user.reload).not_to be_approved
+      end
+    end
+  end
+
+  describe 'POST #reject' do
+    subject { post :reject, params: { id: account.id } }
+
+    let(:current_user) { Fabricate(:user, role: role) }
+    let(:account) { user.account }
+    let(:user) { Fabricate(:user) }
+
+    before do
+      account.user.update(approved: false)
+    end
+
+    context 'when user is admin' do
+      let(:role) { UserRole.find_by(name: 'Admin') }
+
+      it 'succeeds in rejecting account' do
+        is_expected.to redirect_to admin_accounts_path(status: 'pending')
+      end
+
+      it 'logs action' do
+        is_expected.to have_http_status :found
+
+        log_item = Admin::ActionLog.last
+
+        expect(log_item).to_not be_nil
+        expect(log_item.action).to eq :reject
+        expect(log_item.account_id).to eq current_user.account_id
+        expect(log_item.target_id).to eq account.user.id
+      end
+    end
+
+    context 'when user is not admin' do
+      let(:role) { UserRole.everyone }
+
+      it 'fails to reject account' do
+        is_expected.to have_http_status :forbidden
+        expect(user.reload).not_to be_approved
+      end
+    end
+  end
+
   describe 'POST #redownload' do
     subject { post :redownload, params: { id: account.id } }
 

spec/controllers/api/v1/admin/accounts_controller_spec.rb

@@ -100,6 +100,15 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
     it 'approves user' do
       expect(account.reload.user_approved?).to be true
     end
+
+    it 'logs action' do
+      log_item = Admin::ActionLog.last
+
+      expect(log_item).to_not be_nil
+      expect(log_item.action).to eq :approve
+      expect(log_item.account_id).to eq user.account_id
+      expect(log_item.target_id).to eq account.user.id
+    end
   end
 
   describe 'POST #reject' do
@@ -118,6 +127,15 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
     it 'removes user' do
       expect(User.where(id: account.user.id).count).to eq 0
     end
+
+    it 'logs action' do
+      log_item = Admin::ActionLog.last
+
+      expect(log_item).to_not be_nil
+      expect(log_item.action).to eq :reject
+      expect(log_item.account_id).to eq user.account_id
+      expect(log_item.target_id).to eq account.user.id
+    end
   end
 
   describe 'POST #enable' do