treehouse
/
mastodon
21
8
Fork 5
Code Issues 32 Pull Requests Projects 1 Releases Wiki Activity

Fix account action type validation (#19476) 

* Fix account action type validation

Fix #19143

* Fix #19145

* Fix code style issues
remotes/1703361221475462875/rebase/4.0.0rc1
Eugen Rochko 2022-10-30 02:44:32 +02:00 committed by GitHub
parent 276b85bc91
commit 40c7f3e830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/models/admin/account_action.rb
View File

@ -25,6 +25,8 @@ class Admin::AccountAction
alias send_email_notification? send_email_notification alias send_email_notification? send_email_notification
alias include_statuses? include_statuses alias include_statuses? include_statuses
validates :type, :target_account, :current_account, presence: true
def initialize(attributes = {}) def initialize(attributes = {})
@send_email_notification = true @send_email_notification = true
@include_statuses = true @include_statuses = true
@ -41,13 +43,15 @@ class Admin::AccountAction
end end
def save! def save!
raise ActiveRecord::RecordInvalid, self unless valid?
ApplicationRecord.transaction do ApplicationRecord.transaction do
process_action! process_action!
process_strike! process_strike!
process_reports!
end end
process_email! process_email!
process_reports!
process_queue! process_queue!
end end
@ -106,9 +110,8 @@ class Admin::AccountAction
# Otherwise, we will mark all unresolved reports about # Otherwise, we will mark all unresolved reports about
# the account as resolved. # the account as resolved.
reports.each { |report| authorize(report, :update?) }
reports.each do |report| reports.each do |report|
authorize(report, :update?)
log_action(:resolve, report) log_action(:resolve, report)
report.resolve!(current_account) report.resolve!(current_account)
end end

50
spec/controllers/api/v1/admin/account_actions_controller_spec.rb
View File

@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
end end
describe 'POST #create' do describe 'POST #create' do
before do context do
post :create, params: { account_id: account.id, type: 'disable' } before do
post :create, params: { account_id: account.id, type: 'disable' }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'performs action against account' do
expect(account.reload.user_disabled?).to be true
end
it 'logs action' do
log_item = Admin::ActionLog.last
expect(log_item).to_not be_nil
expect(log_item.action).to eq :disable
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end end
it_behaves_like 'forbidden for wrong scope', 'write:statuses' context 'with no type' do
it_behaves_like 'forbidden for wrong role', '' before do
post :create, params: { account_id: account.id }
end
it 'returns http success' do it 'returns http unprocessable entity' do
expect(response).to have_http_status(200) expect(response).to have_http_status(422)
end end
it 'performs action against account' do
expect(account.reload.user_disabled?).to be true
end
it 'logs action' do
log_item = Admin::ActionLog.last
expect(log_item).to_not be_nil
expect(log_item.action).to eq :disable
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end end
end end
end end