1
0
Fork 0
forked from fedi/mastodon

Fix account action type validation (#19476)

* Fix account action type validation

Fix #19143

* Fix #19145

* Fix code style issues
This commit is contained in:
Eugen Rochko 2022-10-30 02:44:32 +02:00 committed by GitHub
parent 276b85bc91
commit 40c7f3e830
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 22 deletions

View file

@ -25,6 +25,8 @@ class Admin::AccountAction
alias send_email_notification? send_email_notification alias send_email_notification? send_email_notification
alias include_statuses? include_statuses alias include_statuses? include_statuses
validates :type, :target_account, :current_account, presence: true
def initialize(attributes = {}) def initialize(attributes = {})
@send_email_notification = true @send_email_notification = true
@include_statuses = true @include_statuses = true
@ -41,13 +43,15 @@ class Admin::AccountAction
end end
def save! def save!
raise ActiveRecord::RecordInvalid, self unless valid?
ApplicationRecord.transaction do ApplicationRecord.transaction do
process_action! process_action!
process_strike! process_strike!
process_reports!
end end
process_email! process_email!
process_reports!
process_queue! process_queue!
end end
@ -106,9 +110,8 @@ class Admin::AccountAction
# Otherwise, we will mark all unresolved reports about # Otherwise, we will mark all unresolved reports about
# the account as resolved. # the account as resolved.
reports.each { |report| authorize(report, :update?) }
reports.each do |report| reports.each do |report|
authorize(report, :update?)
log_action(:resolve, report) log_action(:resolve, report)
report.resolve!(current_account) report.resolve!(current_account)
end end

View file

@ -30,6 +30,7 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
end end
describe 'POST #create' do describe 'POST #create' do
context do
before do before do
post :create, params: { account_id: account.id, type: 'disable' } post :create, params: { account_id: account.id, type: 'disable' }
end end
@ -54,4 +55,15 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
expect(log_item.target_id).to eq account.user.id expect(log_item.target_id).to eq account.user.id
end end
end end
context 'with no type' do
before do
post :create, params: { account_id: account.id }
end
it 'returns http unprocessable entity' do
expect(response).to have_http_status(422)
end
end
end
end end