Allow unblocking email addresses from any matching account (#29305)

main-rebase-security-fix
Claire 2024-03-20 15:38:00 +01:00 committed by GitHub
parent 0a33be39c1
commit 8a1423a474
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 4 additions and 3 deletions

View File

@ -128,7 +128,7 @@ module Admin
def unblock_email
authorize @account, :unblock_email?
CanonicalEmailBlock.where(reference_account: @account).delete_all
CanonicalEmailBlock.matching_account(@account).delete_all
log_action :unblock_email, @account

View File

@ -20,6 +20,7 @@ class CanonicalEmailBlock < ApplicationRecord
validates :canonical_email_hash, presence: true, uniqueness: true
scope :matching_email, ->(email) { where(canonical_email_hash: email_to_canonical_email_hash(email)) }
scope :matching_account, ->(account) { matching_email(account&.user_email).or(where(reference_account: account)) }
def to_log_human_identifier
canonical_email_hash

View File

@ -30,7 +30,7 @@
= render 'admin/accounts/counters', account: @account
- if @account.local? && @account.user.nil?
= link_to t('admin.accounts.unblock_email'), unblock_email_admin_account_path(@account.id), method: :post, class: 'button' if can?(:unblock_email, @account) && CanonicalEmailBlock.exists?(reference_account_id: @account.id)
= link_to t('admin.accounts.unblock_email'), unblock_email_admin_account_path(@account.id), method: :post, class: 'button' if can?(:unblock_email, @account) && CanonicalEmailBlock.matching_account(@account).exists?
- else
.table-wrapper
%table.table.inline-table

View File

@ -1,6 +1,6 @@
# frozen_string_literal: true
Fabricator(:canonical_email_block) do
email { sequence(:email) { |i| "#{i}#{Faker::Internet.email}" } }
email { |attrs| attrs[:reference_account] ? attrs[:reference_account].user_email : sequence(:email) { |i| "#{i}#{Faker::Internet.email}" } }
reference_account { Fabricate.build(:account) }
end