Unverified Commit 40c7f3e8 authored by Eugen Rochko's avatar Eugen Rochko Committed by GitHub
Browse files

Fix account action type validation (#19476)

* Fix account action type validation

Fix #19143

* Fix #19145

* Fix code style issues
parent 276b85bc
Showing with 34 additions and 19 deletions
+34 -19
...@@ -25,6 +25,8 @@ class Admin::AccountAction ...@@ -25,6 +25,8 @@ class Admin::AccountAction
alias send_email_notification? send_email_notification alias send_email_notification? send_email_notification
alias include_statuses? include_statuses alias include_statuses? include_statuses
validates :type, :target_account, :current_account, presence: true
def initialize(attributes = {}) def initialize(attributes = {})
@send_email_notification = true @send_email_notification = true
@include_statuses = true @include_statuses = true
...@@ -41,13 +43,15 @@ class Admin::AccountAction ...@@ -41,13 +43,15 @@ class Admin::AccountAction
end end
def save! def save!
raise ActiveRecord::RecordInvalid, self unless valid?
ApplicationRecord.transaction do ApplicationRecord.transaction do
process_action! process_action!
process_strike! process_strike!
process_reports!
end end
process_email! process_email!
process_reports!
process_queue! process_queue!
end end
...@@ -106,9 +110,8 @@ class Admin::AccountAction ...@@ -106,9 +110,8 @@ class Admin::AccountAction
# Otherwise, we will mark all unresolved reports about # Otherwise, we will mark all unresolved reports about
# the account as resolved. # the account as resolved.
reports.each { |report| authorize(report, :update?) }
reports.each do |report| reports.each do |report|
authorize(report, :update?)
log_action(:resolve, report) log_action(:resolve, report)
report.resolve!(current_account) report.resolve!(current_account)
end end
......
...@@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do ...@@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
end end
describe 'POST #create' do describe 'POST #create' do
before do context do
post :create, params: { account_id: account.id, type: 'disable' } before do
end post :create, params: { account_id: account.id, type: 'disable' }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses' it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', '' it_behaves_like 'forbidden for wrong role', ''
it 'returns http success' do it 'returns http success' do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it 'performs action against account' do
expect(account.reload.user_disabled?).to be true
end
it 'logs action' do
log_item = Admin::ActionLog.last
it 'performs action against account' do expect(log_item).to_not be_nil
expect(account.reload.user_disabled?).to be true expect(log_item.action).to eq :disable
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end end
it 'logs action' do context 'with no type' do
log_item = Admin::ActionLog.last before do
post :create, params: { account_id: account.id }
end
expect(log_item).to_not be_nil it 'returns http unprocessable entity' do
expect(log_item.action).to eq :disable expect(response).to have_http_status(422)
expect(log_item.account_id).to eq user.account_id end
expect(log_item.target_id).to eq account.user.id
end end
end end
end end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment