1
0
Fork 0
forked from fedi/mastodon

Fix invites not being disabled upon account suspension (#11412)

* Disable invite links from disabled/suspended users

* Add has_many invites relationship to users

* Destroy unused invites when suspending an account
This commit is contained in:
ThibG 2019-07-26 18:55:33 +02:00 committed by Eugen Rochko
parent a6b4440115
commit 92569ffde8
5 changed files with 16 additions and 8 deletions

View file

@ -39,7 +39,7 @@ class InvitesController < ApplicationController
private private
def invites def invites
Invite.where(user: current_user).order(id: :desc) current_user.invites.order(id: :desc)
end end
def resource_params def resource_params

View file

@ -17,7 +17,7 @@
class Invite < ApplicationRecord class Invite < ApplicationRecord
include Expireable include Expireable
belongs_to :user belongs_to :user, inverse_of: :invites
has_many :users, inverse_of: :invite has_many :users, inverse_of: :invite
scope :available, -> { where(expires_at: nil).or(where('expires_at >= ?', Time.now.utc)) } scope :available, -> { where(expires_at: nil).or(where('expires_at >= ?', Time.now.utc)) }
@ -25,7 +25,7 @@ class Invite < ApplicationRecord
before_validation :set_code before_validation :set_code
def valid_for_use? def valid_for_use?
(max_uses.nil? || uses < max_uses) && !expired? (max_uses.nil? || uses < max_uses) && !expired? && !(user.nil? || user.disabled?)
end end
private private

View file

@ -73,6 +73,7 @@ class User < ApplicationRecord
has_many :applications, class_name: 'Doorkeeper::Application', as: :owner has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
has_many :backups, inverse_of: :user has_many :backups, inverse_of: :user
has_many :invites, inverse_of: :user
has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy
accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? } accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? }

View file

@ -64,6 +64,7 @@ class SuspendAccountService < BaseService
@account.user.destroy @account.user.destroy
else else
@account.user.disable! @account.user.disable!
@account.user.invites.where(uses: 0).destroy_all
end end
end end

View file

@ -3,27 +3,33 @@ require 'rails_helper'
RSpec.describe Invite, type: :model do RSpec.describe Invite, type: :model do
describe '#valid_for_use?' do describe '#valid_for_use?' do
it 'returns true when there are no limitations' do it 'returns true when there are no limitations' do
invite = Invite.new(max_uses: nil, expires_at: nil) invite = Fabricate(:invite, max_uses: nil, expires_at: nil)
expect(invite.valid_for_use?).to be true expect(invite.valid_for_use?).to be true
end end
it 'returns true when not expired' do it 'returns true when not expired' do
invite = Invite.new(max_uses: nil, expires_at: 1.hour.from_now) invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
expect(invite.valid_for_use?).to be true expect(invite.valid_for_use?).to be true
end end
it 'returns false when expired' do it 'returns false when expired' do
invite = Invite.new(max_uses: nil, expires_at: 1.hour.ago) invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
expect(invite.valid_for_use?).to be false expect(invite.valid_for_use?).to be false
end end
it 'returns true when uses still available' do it 'returns true when uses still available' do
invite = Invite.new(max_uses: 250, uses: 249, expires_at: nil) invite = Fabricate(:invite, max_uses: 250, uses: 249, expires_at: nil)
expect(invite.valid_for_use?).to be true expect(invite.valid_for_use?).to be true
end end
it 'returns false when maximum uses reached' do it 'returns false when maximum uses reached' do
invite = Invite.new(max_uses: 250, uses: 250, expires_at: nil) invite = Fabricate(:invite, max_uses: 250, uses: 250, expires_at: nil)
expect(invite.valid_for_use?).to be false
end
it 'returns false when invite creator has been disabled' do
invite = Fabricate(:invite, max_uses: nil, expires_at: nil)
SuspendAccountService.new.call(invite.user.account)
expect(invite.valid_for_use?).to be false expect(invite.valid_for_use?).to be false
end end
end end