From 40c7f3e830538951862dc73074d1045a82395ab0 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 30 Oct 2022 02:44:32 +0200
Subject: [PATCH] Fix account action type validation (#19476)
* Fix account action type validation
Fix #19143
* Fix #19145
* Fix code style issues
---
app/models/admin/account_action.rb | 9 ++--
.../admin/account_actions_controller_spec.rb | 50 ++++++++++++-------
2 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/app/models/admin/account_action.rb b/app/models/admin/account_action.rb
index aed3bc0c7..bce0d6e17 100644
--- a/app/models/admin/account_action.rb
+++ b/app/models/admin/account_action.rb
@@ -25,6 +25,8 @@ class Admin::AccountAction
alias send_email_notification? send_email_notification
alias include_statuses? include_statuses
+ validates :type, :target_account, :current_account, presence: true
+
def initialize(attributes = {})
@send_email_notification = true
@include_statuses = true
@@ -41,13 +43,15 @@ class Admin::AccountAction
end
def save!
+ raise ActiveRecord::RecordInvalid, self unless valid?
+
ApplicationRecord.transaction do
process_action!
process_strike!
+ process_reports!
end
process_email!
- process_reports!
process_queue!
end
@@ -106,9 +110,8 @@ class Admin::AccountAction
# Otherwise, we will mark all unresolved reports about
# the account as resolved.
- reports.each { |report| authorize(report, :update?) }
-
reports.each do |report|
+ authorize(report, :update?)
log_action(:resolve, report)
report.resolve!(current_account)
end
diff --git a/spec/controllers/api/v1/admin/account_actions_controller_spec.rb b/spec/controllers/api/v1/admin/account_actions_controller_spec.rb
index 199395f55..462c2cfa9 100644
--- a/spec/controllers/api/v1/admin/account_actions_controller_spec.rb
+++ b/spec/controllers/api/v1/admin/account_actions_controller_spec.rb
@@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
end
describe 'POST #create' do
- before do
- post :create, params: { account_id: account.id, type: 'disable' }
+ context do
+ before do
+ post :create, params: { account_id: account.id, type: 'disable' }
+ end
+
+ it_behaves_like 'forbidden for wrong scope', 'write:statuses'
+ it_behaves_like 'forbidden for wrong role', ''
+
+ it 'returns http success' do
+ expect(response).to have_http_status(200)
+ end
+
+ it 'performs action against account' do
+ expect(account.reload.user_disabled?).to be true
+ end
+
+ it 'logs action' do
+ log_item = Admin::ActionLog.last
+
+ expect(log_item).to_not be_nil
+ expect(log_item.action).to eq :disable
+ expect(log_item.account_id).to eq user.account_id
+ expect(log_item.target_id).to eq account.user.id
+ end
end
- it_behaves_like 'forbidden for wrong scope', 'write:statuses'
- it_behaves_like 'forbidden for wrong role', ''
+ context 'with no type' do
+ before do
+ post :create, params: { account_id: account.id }
+ end
- it 'returns http success' do
- expect(response).to have_http_status(200)
- end
-
- it 'performs action against account' do
- expect(account.reload.user_disabled?).to be true
- end
-
- it 'logs action' do
- log_item = Admin::ActionLog.last
-
- expect(log_item).to_not be_nil
- expect(log_item.action).to eq :disable
- expect(log_item.account_id).to eq user.account_id
- expect(log_item.target_id).to eq account.user.id
+ it 'returns http unprocessable entity' do
+ expect(response).to have_http_status(422)
+ end
end
end
end