forked from fedi/mastodon
Fix account action type validation (#19476)
* Fix account action type validation Fix #19143 * Fix #19145 * Fix code style issues
This commit is contained in:
parent
276b85bc91
commit
40c7f3e830
|
@ -25,6 +25,8 @@ class Admin::AccountAction
|
|||
alias send_email_notification? send_email_notification
|
||||
alias include_statuses? include_statuses
|
||||
|
||||
validates :type, :target_account, :current_account, presence: true
|
||||
|
||||
def initialize(attributes = {})
|
||||
@send_email_notification = true
|
||||
@include_statuses = true
|
||||
|
@ -41,13 +43,15 @@ class Admin::AccountAction
|
|||
end
|
||||
|
||||
def save!
|
||||
raise ActiveRecord::RecordInvalid, self unless valid?
|
||||
|
||||
ApplicationRecord.transaction do
|
||||
process_action!
|
||||
process_strike!
|
||||
process_reports!
|
||||
end
|
||||
|
||||
process_email!
|
||||
process_reports!
|
||||
process_queue!
|
||||
end
|
||||
|
||||
|
@ -106,9 +110,8 @@ class Admin::AccountAction
|
|||
# Otherwise, we will mark all unresolved reports about
|
||||
# the account as resolved.
|
||||
|
||||
reports.each { |report| authorize(report, :update?) }
|
||||
|
||||
reports.each do |report|
|
||||
authorize(report, :update?)
|
||||
log_action(:resolve, report)
|
||||
report.resolve!(current_account)
|
||||
end
|
||||
|
|
|
@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
|
|||
end
|
||||
|
||||
describe 'POST #create' do
|
||||
before do
|
||||
post :create, params: { account_id: account.id, type: 'disable' }
|
||||
context do
|
||||
before do
|
||||
post :create, params: { account_id: account.id, type: 'disable' }
|
||||
end
|
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
|
||||
it_behaves_like 'forbidden for wrong role', ''
|
||||
|
||||
it 'returns http success' do
|
||||
expect(response).to have_http_status(200)
|
||||
end
|
||||
|
||||
it 'performs action against account' do
|
||||
expect(account.reload.user_disabled?).to be true
|
||||
end
|
||||
|
||||
it 'logs action' do
|
||||
log_item = Admin::ActionLog.last
|
||||
|
||||
expect(log_item).to_not be_nil
|
||||
expect(log_item.action).to eq :disable
|
||||
expect(log_item.account_id).to eq user.account_id
|
||||
expect(log_item.target_id).to eq account.user.id
|
||||
end
|
||||
end
|
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
|
||||
it_behaves_like 'forbidden for wrong role', ''
|
||||
context 'with no type' do
|
||||
before do
|
||||
post :create, params: { account_id: account.id }
|
||||
end
|
||||
|
||||
it 'returns http success' do
|
||||
expect(response).to have_http_status(200)
|
||||
end
|
||||
|
||||
it 'performs action against account' do
|
||||
expect(account.reload.user_disabled?).to be true
|
||||
end
|
||||
|
||||
it 'logs action' do
|
||||
log_item = Admin::ActionLog.last
|
||||
|
||||
expect(log_item).to_not be_nil
|
||||
expect(log_item.action).to eq :disable
|
||||
expect(log_item.account_id).to eq user.account_id
|
||||
expect(log_item.target_id).to eq account.user.id
|
||||
it 'returns http unprocessable entity' do
|
||||
expect(response).to have_http_status(422)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue