1
0
Fork 0
forked from fedi/mastodon

Fix account action type validation (#19476)

* Fix account action type validation

Fix #19143

* Fix #19145

* Fix code style issues
This commit is contained in:
Eugen Rochko 2022-10-30 02:44:32 +02:00 committed by GitHub
parent 276b85bc91
commit 40c7f3e830
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 22 deletions

View file

@ -25,6 +25,8 @@ class Admin::AccountAction
alias send_email_notification? send_email_notification
alias include_statuses? include_statuses
validates :type, :target_account, :current_account, presence: true
def initialize(attributes = {})
@send_email_notification = true
@include_statuses = true
@ -41,13 +43,15 @@ class Admin::AccountAction
end
def save!
raise ActiveRecord::RecordInvalid, self unless valid?
ApplicationRecord.transaction do
process_action!
process_strike!
process_reports!
end
process_email!
process_reports!
process_queue!
end
@ -106,9 +110,8 @@ class Admin::AccountAction
# Otherwise, we will mark all unresolved reports about
# the account as resolved.
reports.each { |report| authorize(report, :update?) }
reports.each do |report|
authorize(report, :update?)
log_action(:resolve, report)
report.resolve!(current_account)
end

View file

@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
end
describe 'POST #create' do
before do
post :create, params: { account_id: account.id, type: 'disable' }
context do
before do
post :create, params: { account_id: account.id, type: 'disable' }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'performs action against account' do
expect(account.reload.user_disabled?).to be true
end
it 'logs action' do
log_item = Admin::ActionLog.last
expect(log_item).to_not be_nil
expect(log_item.action).to eq :disable
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
context 'with no type' do
before do
post :create, params: { account_id: account.id }
end
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'performs action against account' do
expect(account.reload.user_disabled?).to be true
end
it 'logs action' do
log_item = Admin::ActionLog.last
expect(log_item).to_not be_nil
expect(log_item.action).to eq :disable
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
it 'returns http unprocessable entity' do
expect(response).to have_http_status(422)
end
end
end
end