]> git.openstreetmap.org Git - rails.git/blobdiff - test/controllers/user_blocks_controller_test.rb
Merge remote-tracking branch 'upstream/pull/5292'
[rails.git] / test / controllers / user_blocks_controller_test.rb
index 839dadf193dac0bc0fccce78eeea188d0cb3e123..1d89476ec6d10aea552cd3c8e283385064af1be1 100644 (file)
@@ -1,8 +1,6 @@
 require "test_helper"
 
-class UserBlocksControllerTest < ActionController::TestCase
-  fixtures :users, :user_roles, :user_blocks
-
+class UserBlocksControllerTest < ActionDispatch::IntegrationTest
   ##
   # test all routes which lead to this controller
   def test_routes
@@ -15,10 +13,6 @@ class UserBlocksControllerTest < ActionController::TestCase
       { :path => "/user_blocks", :method => :get },
       { :controller => "user_blocks", :action => "index" }
     )
-    assert_routing(
-      { :path => "/user_blocks/new", :method => :get },
-      { :controller => "user_blocks", :action => "new" }
-    )
     assert_routing(
       { :path => "/user_blocks", :method => :post },
       { :controller => "user_blocks", :action => "create" }
@@ -39,14 +33,6 @@ class UserBlocksControllerTest < ActionController::TestCase
       { :path => "/user_blocks/1", :method => :delete },
       { :controller => "user_blocks", :action => "destroy", :id => "1" }
     )
-    assert_routing(
-      { :path => "/blocks/1/revoke", :method => :get },
-      { :controller => "user_blocks", :action => "revoke", :id => "1" }
-    )
-    assert_routing(
-      { :path => "/blocks/1/revoke", :method => :post },
-      { :controller => "user_blocks", :action => "revoke", :id => "1" }
-    )
 
     assert_routing(
       { :path => "/user/username/blocks", :method => :get },
@@ -56,79 +42,190 @@ class UserBlocksControllerTest < ActionController::TestCase
       { :path => "/user/username/blocks_by", :method => :get },
       { :controller => "user_blocks", :action => "blocks_by", :display_name => "username" }
     )
+    assert_routing(
+      { :path => "/user/username/blocks/revoke_all", :method => :get },
+      { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
+    )
+    assert_routing(
+      { :path => "/user/username/blocks/revoke_all", :method => :post },
+      { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
+    )
   end
 
   ##
   # test the index action
   def test_index
-    # The list of blocks should load
-    get :index
+    revoked_block = create(:user_block, :revoked)
+
+    get user_blocks_path
+    assert_response :success
+    assert_select "table#block_list tbody tr", :count => 1 do
+      assert_select "a[href='#{user_path revoked_block.user}']", :text => revoked_block.user.display_name
+      assert_select "a[href='#{user_path revoked_block.creator}']", :text => revoked_block.creator.display_name
+      assert_select "a[href='#{user_path revoked_block.revoker}']", :text => revoked_block.revoker.display_name
+    end
+
+    active_block = create(:user_block)
+    expired_block = create(:user_block, :expired)
+
+    get user_blocks_path
+    assert_response :success
+    assert_select "table#block_list tbody", :count => 1 do
+      assert_select "tr", 3
+      assert_select "a[href='#{user_block_path(active_block)}']", 1
+      assert_select "a[href='#{user_block_path(expired_block)}']", 1
+      assert_select "a[href='#{user_block_path(revoked_block)}']", 1
+    end
+  end
+
+  ##
+  # test the index action with multiple pages
+  def test_index_paged
+    user_blocks = create_list(:user_block, 50).reverse
+    next_path = user_blocks_path
+
+    get next_path
     assert_response :success
-    assert_select "table#block_list", :count => 1 do
-      assert_select "tr", 4
-      assert_select "a[href='#{user_block_path(user_blocks(:active_block))}']", 1
-      assert_select "a[href='#{user_block_path(user_blocks(:expired_block))}']", 1
-      assert_select "a[href='#{user_block_path(user_blocks(:revoked_block))}']", 1
+    check_user_blocks_table user_blocks[0...20]
+    check_no_page_link "Newer Blocks"
+    next_path = check_page_link "Older Blocks"
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[20...40]
+    check_page_link "Newer Blocks"
+    next_path = check_page_link "Older Blocks"
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[40...50]
+    check_page_link "Newer Blocks"
+    check_no_page_link "Older Blocks"
+  end
+
+  ##
+  # test the index action with invalid pages
+  def test_index_invalid_paged
+    %w[-1 0 fred].each do |id|
+      get user_blocks_path(:before => id)
+      assert_redirected_to :controller => :errors, :action => :bad_request
+
+      get user_blocks_path(:after => id)
+      assert_redirected_to :controller => :errors, :action => :bad_request
     end
   end
 
   ##
   # test the show action
   def test_show
-    # Viewing a block should fail when no ID is given
-    assert_raise ActionController::UrlGenerationError do
-      get :show
-    end
+    active_block = create(:user_block, :needs_view)
+    expired_block = create(:user_block, :expired)
+    revoked_block = create(:user_block, :revoked)
 
     # Viewing a block should fail when a bogus ID is given
-    get :show, :id => 99999
+    get user_block_path(:id => 99999)
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
 
     # Viewing an expired block should work
-    get :show, :id => user_blocks(:expired_block)
+    get user_block_path(:id => expired_block)
     assert_response :success
+    assert_select "h1 a[href='#{user_path expired_block.user}']", :text => expired_block.user.display_name
+    assert_select "h1 a[href='#{user_path expired_block.creator}']", :text => expired_block.creator.display_name
 
     # Viewing a revoked block should work
-    get :show, :id => user_blocks(:revoked_block)
+    get user_block_path(:id => revoked_block)
     assert_response :success
+    assert_select "h1 a[href='#{user_path revoked_block.user}']", :text => revoked_block.user.display_name
+    assert_select "h1 a[href='#{user_path revoked_block.creator}']", :text => revoked_block.creator.display_name
+    assert_select "a[href='#{user_path revoked_block.revoker}']", :text => revoked_block.revoker.display_name
 
     # Viewing an active block should work, but shouldn't mark it as seen
-    get :show, :id => user_blocks(:active_block)
+    get user_block_path(:id => active_block)
     assert_response :success
-    assert_equal true, UserBlock.find(user_blocks(:active_block).id).needs_view
+    assert_select "h1 a[href='#{user_path active_block.user}']", :text => active_block.user.display_name
+    assert_select "h1 a[href='#{user_path active_block.creator}']", :text => active_block.creator.display_name
+    assert UserBlock.find(active_block.id).needs_view
 
     # Login as the blocked user
-    session[:user] = users(:blocked_user).id
+    session_for(active_block.user)
 
     # Now viewing it should mark it as seen
-    get :show, :id => user_blocks(:active_block)
+    get user_block_path(:id => active_block)
     assert_response :success
-    assert_equal false, UserBlock.find(user_blocks(:active_block).id).needs_view
+    assert_not UserBlock.find(active_block.id).needs_view
+  end
+
+  ##
+  # test edit/revoke link for active blocks
+  def test_active_block_buttons
+    creator_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :creator => creator_user)
+
+    session_for(other_moderator_user)
+    check_block_buttons block, :edit => 1
+
+    session_for(creator_user)
+    check_block_buttons block, :edit => 1
+  end
+
+  ##
+  # test the edit link for expired blocks
+  def test_expired_block_buttons
+    creator_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :expired, :creator => creator_user)
+
+    session_for(other_moderator_user)
+    check_block_buttons block
+
+    session_for(creator_user)
+    check_block_buttons block, :edit => 1
+  end
+
+  ##
+  # test the edit link for revoked blocks
+  def test_revoked_block_buttons
+    creator_user = create(:moderator_user)
+    revoker_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :revoked, :creator => creator_user, :revoker => revoker_user)
+
+    session_for(other_moderator_user)
+    check_block_buttons block
+
+    session_for(creator_user)
+    check_block_buttons block, :edit => 1
+
+    session_for(revoker_user)
+    check_block_buttons block, :edit => 1
   end
 
   ##
   # test the new action
   def test_new
+    target_user = create(:user)
+
     # Check that the block creation page requires us to login
-    get :new, :display_name => users(:normal_user).display_name
-    assert_redirected_to login_path(:referer => new_user_block_path(:display_name => users(:normal_user).display_name))
+    get new_user_block_path(target_user)
+    assert_redirected_to login_path(:referer => new_user_block_path(target_user))
 
     # Login as a normal user
-    session[:user] = users(:public_user).id
+    session_for(create(:user))
 
     # Check that normal users can't load the block creation page
-    get :new, :display_name => users(:normal_user).display_name
-    assert_redirected_to user_blocks_path
-    assert_equal "You need to be a moderator to perform that action.", flash[:error]
+    get new_user_block_path(target_user)
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
-    session[:user] = users(:moderator_user).id
+    session_for(create(:moderator_user))
 
     # Check that the block creation page loads for moderators
-    get :new, :display_name => users(:normal_user).display_name
+    get new_user_block_path(target_user)
     assert_response :success
+    assert_select "h1 a[href='#{user_path target_user}']", :text => target_user.display_name
     assert_select "form#new_user_block", :count => 1 do
       assert_select "textarea#user_block_reason", :count => 1
       assert_select "select#user_block_period", :count => 1
@@ -137,300 +234,756 @@ class UserBlocksControllerTest < ActionController::TestCase
       assert_select "input[type='submit'][value='Create block']", :count => 1
     end
 
-    # We should get an error if no user is specified
-    get :new
-    assert_response :not_found
-    assert_template "user/no_such_user"
-    assert_select "h1", "The user  does not exist"
-
     # We should get an error if the user doesn't exist
-    get :new, :display_name => "non_existent_user"
+    get new_user_block_path(:display_name => "non_existent_user")
     assert_response :not_found
-    assert_template "user/no_such_user"
+    assert_template "users/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
   end
 
   ##
   # test the edit action
   def test_edit
+    creator_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    active_block = create(:user_block, :creator => creator_user)
+
     # Check that the block edit page requires us to login
-    get :edit, :id => user_blocks(:active_block).id
-    assert_redirected_to login_path(:referer => edit_user_block_path(:id => user_blocks(:active_block).id))
+    get edit_user_block_path(:id => active_block)
+    assert_redirected_to login_path(:referer => edit_user_block_path(active_block))
 
     # Login as a normal user
-    session[:user] = users(:public_user).id
+    session_for(create(:user))
 
     # Check that normal users can't load the block edit page
-    get :edit, :id => user_blocks(:active_block).id
-    assert_redirected_to user_blocks_path
-    assert_equal "You need to be a moderator to perform that action.", flash[:error]
+    get edit_user_block_path(:id => active_block)
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
-    session[:user] = users(:moderator_user).id
+    session_for(other_moderator_user)
 
     # Check that the block edit page loads for moderators
-    get :edit, :id => user_blocks(:active_block).id
+    get edit_user_block_path(:id => active_block)
+    assert_response :success
+    assert_select "h1 a[href='#{user_path active_block.user}']", :text => active_block.user.display_name
+    assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
+      assert_select "textarea#user_block_reason", :count => 1
+      assert_select "select#user_block_period", :count => 0
+      assert_select "input#user_block_needs_view[type='checkbox']", :count => 0
+      assert_select "input[type='submit'][value='Update block']", :count => 0
+      assert_select "input#user_block_period[type='hidden']", :count => 1
+      assert_select "input#user_block_needs_view[type='hidden']", :count => 1
+      assert_select "input[type='submit'][value='Revoke block']", :count => 1
+    end
+
+    # Login as the block creator
+    session_for(creator_user)
+
+    # Check that the block edit page loads for the creator
+    get edit_user_block_path(:id => active_block)
     assert_response :success
-    assert_select "form#edit_user_block_#{user_blocks(:active_block).id}", :count => 1 do
+    assert_select "h1 a[href='#{user_path active_block.user}']", :text => active_block.user.display_name
+    assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
       assert_select "textarea#user_block_reason", :count => 1
       assert_select "select#user_block_period", :count => 1
       assert_select "input#user_block_needs_view[type='checkbox']", :count => 1
       assert_select "input[type='submit'][value='Update block']", :count => 1
-    end
-
-    # We should get an error if no user is specified
-    assert_raise ActionController::UrlGenerationError do
-      get :edit
+      assert_select "input#user_block_period[type='hidden']", :count => 0
+      assert_select "input#user_block_needs_view[type='hidden']", :count => 0
+      assert_select "input[type='submit'][value='Revoke block']", :count => 0
     end
 
     # We should get an error if the user doesn't exist
-    get :edit, :id => 99999
+    get edit_user_block_path(:id => 99999)
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
   end
 
+  ##
+  # test the edit action when the remaining block duration doesn't match the available select options
+  def test_edit_duration
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      active_block = create(:user_block, :creator => moderator_user, :ends_at => Time.now.utc + 96.hours)
+
+      session_for(moderator_user)
+      get edit_user_block_path(active_block)
+
+      assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
+        assert_select "select#user_block_period", :count => 1 do
+          assert_select "option[value='96'][selected]", :count => 1
+        end
+      end
+
+      travel 2.hours
+      get edit_user_block_path(active_block)
+
+      assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
+        assert_select "select#user_block_period", :count => 1 do
+          assert_select "option[value='96'][selected]", :count => 1
+        end
+      end
+    end
+  end
+
   ##
   # test the create action
   def test_create
+    target_user = create(:user)
+    moderator_user = create(:moderator_user)
+
     # Not logged in yet, so creating a block should fail
-    post :create
+    post user_blocks_path
     assert_response :forbidden
 
     # Login as a normal user
-    session[:user] = users(:public_user).id
+    session_for(create(:user))
 
     # Check that normal users can't create blocks
-    post :create
-    assert_response :forbidden
+    post user_blocks_path
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
-    session[:user] = users(:moderator_user).id
+    session_for(moderator_user)
 
     # A bogus block period should result in an error
     assert_no_difference "UserBlock.count" do
-      post :create,
-           :display_name => users(:unblocked_user).display_name,
-           :user_block_period => "99"
+      post user_blocks_path(:display_name => target_user.display_name,
+                            :user_block_period => "99")
     end
-    assert_redirected_to new_user_block_path(:display_name => users(:unblocked_user).display_name)
+    assert_redirected_to new_user_block_path(target_user)
     assert_equal "The blocking period must be one of the values selectable in the drop-down list.", flash[:error]
 
     # Check that creating a block works
     assert_difference "UserBlock.count", 1 do
-      post :create,
-           :display_name => users(:unblocked_user).display_name,
-           :user_block_period => "12",
-           :user_block => { :needs_view => false, :reason => "Vandalism" }
+      post user_blocks_path(:display_name => target_user.display_name,
+                            :user_block_period => "12",
+                            :user_block => { :needs_view => false, :reason => "Vandalism" })
     end
-    id = UserBlock.order(:id).ids.last
-    assert_redirected_to user_block_path(:id => id)
-    assert_equal "Created a block on user #{users(:unblocked_user).display_name}.", flash[:notice]
-    b = UserBlock.find(id)
-    assert_in_delta Time.now, b.created_at, 1
-    assert_in_delta Time.now, b.updated_at, 1
-    assert_in_delta Time.now + 12.hours, b.ends_at, 1
-    assert_equal false, b.needs_view
+    b = UserBlock.last
+    assert_redirected_to user_block_path(:id => b.id)
+    assert_equal "Created a block on user #{target_user.display_name}.", flash[:notice]
+    assert_in_delta Time.now.utc, b.created_at, 1
+    assert_in_delta Time.now.utc, b.updated_at, 1
+    assert_in_delta Time.now.utc + 12.hours, b.ends_at, 1
+    assert_not b.needs_view
     assert_equal "Vandalism", b.reason
     assert_equal "markdown", b.reason_format
-    assert_equal users(:moderator_user).id, b.creator_id
+    assert_equal moderator_user.id, b.creator_id
 
     # We should get an error if no user is specified
-    post :create
+    post user_blocks_path
     assert_response :not_found
-    assert_template "user/no_such_user"
+    assert_template "users/no_such_user"
     assert_select "h1", "The user  does not exist"
 
     # We should get an error if the user doesn't exist
-    post :create, :display_name => "non_existent_user"
+    post user_blocks_path(:display_name => "non_existent_user")
     assert_response :not_found
-    assert_template "user/no_such_user"
+    assert_template "users/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
   end
 
+  ##
+  # test the duration of a created block
+  def test_create_duration
+    target_user = create(:user)
+    moderator_user = create(:moderator_user)
+
+    session_for(moderator_user)
+    post user_blocks_path(:display_name => target_user.display_name,
+                          :user_block_period => "336",
+                          :user_block => { :needs_view => false, :reason => "Vandalism" })
+
+    block = UserBlock.last
+    assert_equal 1209600, block.ends_at - block.created_at
+  end
+
   ##
   # test the update action
   def test_update
+    moderator_user = create(:moderator_user)
+    active_block = create(:user_block, :creator => moderator_user)
+
     # Not logged in yet, so updating a block should fail
-    put :update, :id => user_blocks(:active_block).id
+    put user_block_path(:id => active_block)
     assert_response :forbidden
 
     # Login as a normal user
-    session[:user] = users(:public_user).id
+    session_for(create(:user))
 
     # Check that normal users can't update blocks
-    put :update, :id => user_blocks(:active_block).id
-    assert_response :forbidden
-
-    # Login as the wrong moderator
-    session[:user] = users(:second_moderator_user).id
-
-    # Check that only the person who created a block can update it
-    assert_no_difference "UserBlock.count" do
-      put :update,
-          :id => user_blocks(:active_block).id,
-          :user_block_period => "12",
-          :user_block => { :needs_view => true, :reason => "Vandalism" }
-    end
-    assert_redirected_to edit_user_block_path(:id => user_blocks(:active_block).id)
-    assert_equal "Only the moderator who created this block can edit it.", flash[:error]
+    put user_block_path(:id => active_block)
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
-    # Login as the correct moderator
-    session[:user] = users(:moderator_user).id
+    # Login as the moderator
+    session_for(moderator_user)
 
     # A bogus block period should result in an error
     assert_no_difference "UserBlock.count" do
-      put :update,
-          :id => user_blocks(:active_block).id,
-          :user_block_period => "99"
+      put user_block_path(:id => active_block, :user_block_period => "99")
     end
-    assert_redirected_to edit_user_block_path(:id => user_blocks(:active_block).id)
+    assert_redirected_to edit_user_block_path(active_block)
     assert_equal "The blocking period must be one of the values selectable in the drop-down list.", flash[:error]
 
     # Check that updating a block works
     assert_no_difference "UserBlock.count" do
-      put :update,
-          :id => user_blocks(:active_block).id,
-          :user_block_period => "12",
-          :user_block => { :needs_view => true, :reason => "Vandalism" }
+      put user_block_path(:id => active_block,
+                          :user_block_period => "12",
+                          :user_block => { :needs_view => true, :reason => "Vandalism" })
     end
-    assert_redirected_to user_block_path(:id => user_blocks(:active_block).id)
+    assert_redirected_to user_block_path(active_block)
     assert_equal "Block updated.", flash[:notice]
-    b = UserBlock.find(user_blocks(:active_block).id)
-    assert_in_delta Time.now, b.updated_at, 1
-    assert_equal true, b.needs_view
+    b = UserBlock.find(active_block.id)
+    assert_in_delta Time.now.utc, b.updated_at, 1
+    assert b.needs_view
     assert_equal "Vandalism", b.reason
 
-    # We should get an error if no block ID is specified
-    assert_raise ActionController::UrlGenerationError do
-      put :update
-    end
-
     # We should get an error if the block doesn't exist
-    put :update, :id => 99999
+    put user_block_path(:id => 99999)
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
   end
 
   ##
-  # test the revoke action
-  def test_revoke
-    # Check that the block revoke page requires us to login
-    get :revoke, :id => user_blocks(:active_block).id
-    assert_redirected_to login_path(:referer => revoke_user_block_path(:id => user_blocks(:active_block).id))
+  # test the update action on expired blocks
+  def test_update_expired
+    creator_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :expired, :creator => creator_user, :reason => "Original Reason")
+
+    session_for(other_moderator_user)
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to edit_user_block_path(block)
+    assert_equal "Only the moderator who created this block can edit it.", flash[:error]
+    block.reload
+    assert_not block.active?
+    assert_equal "Original Reason", block.reason
+
+    session_for(creator_user)
+    check_inactive_block_updates(block)
+  end
+
+  ##
+  # test the update action on revoked blocks
+  def test_update_revoked
+    creator_user = create(:moderator_user)
+    revoker_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :revoked, :creator => creator_user, :revoker => revoker_user, :reason => "Original Reason")
+
+    session_for(other_moderator_user)
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to edit_user_block_path(block)
+    assert_equal "Only the moderators who created or revoked this block can edit it.", flash[:error]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal "Original Reason", block.reason
+
+    session_for(creator_user)
+    check_inactive_block_updates(block)
+
+    session_for(revoker_user)
+    check_inactive_block_updates(block)
+  end
+
+  ##
+  # test the update action revoking the block
+  def test_revoke_using_update_by_creator
+    moderator_user = create(:moderator_user)
+    block = create(:user_block, :creator => moderator_user)
+
+    session_for(moderator_user)
+    put user_block_path(block,
+                        :user_block_period => "24",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_predicate block, :active?
+    assert_nil block.revoker
+
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal moderator_user, block.revoker
+  end
+
+  def test_revoke_using_update_by_other_moderator
+    creator_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :creator => creator_user)
+
+    session_for(other_moderator_user)
+    put user_block_path(block,
+                        :user_block_period => "24",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_response :success
+    assert_equal "Only the moderator who created this block can edit it without revoking.", flash[:error]
+    block.reload
+    assert_predicate block, :active?
+    assert_nil block.revoker
+
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal other_moderator_user, block.revoker
+  end
+
+  ##
+  # test the revoke all page
+  def test_revoke_all_page
+    blocked_user = create(:user)
+    create(:user_block, :user => blocked_user)
+
+    # Asking for the revoke all blocks page with a bogus user name should fail
+    get user_blocks_on_path("non_existent_user")
+    assert_response :not_found
+
+    # Check that the revoke all blocks page requires us to login
+    get revoke_all_user_blocks_path(blocked_user)
+    assert_redirected_to login_path(:referer => revoke_all_user_blocks_path(blocked_user))
 
     # Login as a normal user
-    session[:user] = users(:public_user).id
+    session_for(create(:user))
+
+    # Check that normal users can't load the revoke all blocks page
+    get revoke_all_user_blocks_path(blocked_user)
+    assert_redirected_to :controller => "errors", :action => "forbidden"
+
+    # Login as a moderator
+    session_for(create(:moderator_user))
+
+    # Check that the revoke all blocks page loads for moderators
+    get revoke_all_user_blocks_path(blocked_user)
+    assert_response :success
+    assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
+  end
+
+  ##
+  # test the revoke all action
+  def test_revoke_all_action
+    blocked_user = create(:user)
+    active_block1 = create(:user_block, :user => blocked_user)
+    active_block2 = create(:user_block, :user => blocked_user)
+    expired_block1 = create(:user_block, :expired, :user => blocked_user)
+    blocks = [active_block1, active_block2, expired_block1]
+    moderator_user = create(:moderator_user)
+
+    assert_predicate active_block1, :active?
+    assert_predicate active_block2, :active?
+    assert_not_predicate expired_block1, :active?
+
+    # Login as a normal user
+    session_for(create(:user))
 
     # Check that normal users can't load the block revoke page
-    get :revoke, :id => user_blocks(:active_block).id
-    assert_redirected_to user_blocks_path
-    assert_equal "You need to be a moderator to perform that action.", flash[:error]
+    get revoke_all_user_blocks_path(:blocked_user)
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
-    session[:user] = users(:moderator_user).id
+    session_for(moderator_user)
 
-    # Check that the block revoke page loads for moderators
-    get :revoke, :id => user_blocks(:active_block).id
+    # Check that revoking blocks using GET should fail
+    get revoke_all_user_blocks_path(blocked_user, :confirm => true)
     assert_response :success
-    assert_template "revoke"
-    assert_select "form", :count => 1 do
-      assert_select "input#confirm[type='checkbox']", :count => 1
-      assert_select "input[type='submit'][value='Revoke!']", :count => 1
+    assert_template "revoke_all"
+
+    blocks.each(&:reload)
+    assert_predicate active_block1, :active?
+    assert_predicate active_block2, :active?
+    assert_not_predicate expired_block1, :active?
+
+    # Check that revoking blocks works using POST
+    post revoke_all_user_blocks_path(blocked_user, :confirm => true)
+    assert_redirected_to user_blocks_on_path(blocked_user)
+
+    blocks.each(&:reload)
+    assert_not_predicate active_block1, :active?
+    assert_not_predicate active_block2, :active?
+    assert_not_predicate expired_block1, :active?
+    assert_equal moderator_user, active_block1.revoker
+    assert_equal moderator_user, active_block2.revoker
+    assert_not_equal moderator_user, expired_block1.revoker
+  end
+
+  ##
+  # test changes to end/deactivation dates
+  def test_dates_when_viewed_before_end
+    blocked_user = create(:user)
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      session_for(moderator_user)
+      assert_difference "UserBlock.count", 1 do
+        post user_blocks_path(:display_name => blocked_user.display_name,
+                              :user_block_period => "48",
+                              :user_block => { :needs_view => true, :reason => "Testing deactivates_at" })
+      end
+      block = UserBlock.last
+      assert_equal Time.now.utc + 48.hours, block.ends_at
+      assert_nil block.deactivates_at
+
+      travel 24.hours
+      session_for(blocked_user)
+      get user_block_path(block)
+      block.reload
+      assert_equal Time.now.utc + 24.hours, block.ends_at
+      assert_equal Time.now.utc + 24.hours, block.deactivates_at
+    end
+  end
+
+  def test_dates_when_viewed_after_end
+    blocked_user = create(:user)
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      session_for(moderator_user)
+      assert_difference "UserBlock.count", 1 do
+        post user_blocks_path(:display_name => blocked_user.display_name,
+                              :user_block_period => "24",
+                              :user_block => { :needs_view => true, :reason => "Testing deactivates_at" })
+      end
+      block = UserBlock.last
+      assert_equal Time.now.utc + 24.hours, block.ends_at
+      assert_nil block.deactivates_at
+
+      travel 48.hours
+      session_for(blocked_user)
+      get user_block_path(block)
+      block.reload
+      assert_equal Time.now.utc - 24.hours, block.ends_at
+      assert_equal Time.now.utc, block.deactivates_at
     end
+  end
 
-    # Check that revoking a block works
-    post :revoke, :id => user_blocks(:active_block).id, :confirm => true
-    assert_redirected_to user_block_path(:id => user_blocks(:active_block).id)
-    b = UserBlock.find(user_blocks(:active_block).id)
-    assert_in_delta Time.now, b.ends_at, 1
+  def test_dates_when_edited_before_end
+    blocked_user = create(:user)
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      session_for(moderator_user)
+      assert_difference "UserBlock.count", 1 do
+        post user_blocks_path(:display_name => blocked_user.display_name,
+                              :user_block_period => "48",
+                              :user_block => { :needs_view => false, :reason => "Testing deactivates_at" })
+      end
+      block = UserBlock.last
+      assert_equal Time.now.utc + 48.hours, block.ends_at
+      assert_equal Time.now.utc + 48.hours, block.deactivates_at
+
+      travel 24.hours
+      put user_block_path(block,
+                          :user_block_period => "48",
+                          :user_block => { :needs_view => false, :reason => "Testing deactivates_at updated" })
+      block.reload
+      assert_equal Time.now.utc + 48.hours, block.ends_at
+      assert_equal Time.now.utc + 48.hours, block.deactivates_at
+    end
+  end
 
-    # We should get an error if no block ID is specified
-    assert_raise ActionController::UrlGenerationError do
-      get :revoke
+  def test_dates_when_edited_after_end
+    blocked_user = create(:user)
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      session_for(moderator_user)
+      assert_difference "UserBlock.count", 1 do
+        post user_blocks_path(:display_name => blocked_user.display_name,
+                              :user_block_period => "24",
+                              :user_block => { :needs_view => false, :reason => "Testing deactivates_at" })
+      end
+      block = UserBlock.last
+      assert_equal Time.now.utc + 24.hours, block.ends_at
+      assert_equal Time.now.utc + 24.hours, block.deactivates_at
+
+      travel 48.hours
+      put user_block_path(block,
+                          :user_block_period => "0",
+                          :user_block => { :needs_view => false, :reason => "Testing deactivates_at updated" })
+      block.reload
+      assert_equal Time.now.utc - 24.hours, block.ends_at
+      assert_equal Time.now.utc - 24.hours, block.deactivates_at
     end
+  end
 
-    # We should get an error if the block doesn't exist
-    get :revoke, :id => 99999
-    assert_response :not_found
-    assert_template "not_found"
-    assert_select "p", "Sorry, the user block with ID 99999 could not be found."
+  ##
+  # test updates on legacy records without correctly initialized deactivates_at
+  def test_update_legacy_deactivates_at
+    blocked_user = create(:user)
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      block = UserBlock.new :user => blocked_user,
+                            :creator => moderator_user,
+                            :reason => "because",
+                            :ends_at => Time.now.utc + 24.hours,
+                            :needs_view => false
+
+      assert_difference "UserBlock.count", 1 do
+        block.save :validate => false
+      end
+
+      travel 48.hours
+      session_for(moderator_user)
+      put user_block_path(block,
+                          :user_block_period => "0",
+                          :user_block => { :needs_view => false, :reason => "Testing legacy block update" })
+      block.reload
+      assert_equal Time.now.utc - 24.hours, block.ends_at
+      assert_equal Time.now.utc - 24.hours, block.deactivates_at
+    end
   end
 
   ##
   # test the blocks_on action
   def test_blocks_on
-    # Asking for a list of blocks with no user name should fail
-    assert_raise ActionController::UrlGenerationError do
-      get :blocks_on
-    end
+    blocked_user = create(:user)
+    unblocked_user = create(:user)
+    normal_user = create(:user)
+    active_block = create(:user_block, :user => blocked_user)
+    revoked_block = create(:user_block, :revoked, :user => blocked_user)
+    expired_block = create(:user_block, :expired, :user => unblocked_user)
 
     # Asking for a list of blocks with a bogus user name should fail
-    get :blocks_on, :display_name => "non_existent_user"
+    get user_blocks_on_path("non_existent_user")
     assert_response :not_found
-    assert_template "user/no_such_user"
+    assert_template "users/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
 
     # Check the list of blocks for a user that has never been blocked
-    get :blocks_on, :display_name => users(:normal_user).display_name
+    get user_blocks_on_path(normal_user)
     assert_response :success
     assert_select "table#block_list", false
-    assert_select "p", "#{users(:normal_user).display_name} has not been blocked yet."
+    assert_select "p", "#{normal_user.display_name} has not been blocked yet."
 
     # Check the list of blocks for a user that is currently blocked
-    get :blocks_on, :display_name => users(:blocked_user).display_name
+    get user_blocks_on_path(blocked_user)
     assert_response :success
-    assert_select "table#block_list", :count => 1 do
-      assert_select "tr", 3
-      assert_select "a[href='#{user_block_path(user_blocks(:active_block))}']", 1
-      assert_select "a[href='#{user_block_path(user_blocks(:revoked_block))}']", 1
+    assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
+    assert_select "table#block_list tbody", :count => 1 do
+      assert_select "tr", 2
+      assert_select "a[href='#{user_block_path(active_block)}']", 1
+      assert_select "a[href='#{user_block_path(revoked_block)}']", 1
     end
 
     # Check the list of blocks for a user that has previously been blocked
-    get :blocks_on, :display_name => users(:unblocked_user).display_name
+    get user_blocks_on_path(unblocked_user)
     assert_response :success
-    assert_select "table#block_list", :count => 1 do
-      assert_select "tr", 2
-      assert_select "a[href='#{user_block_path(user_blocks(:expired_block))}']", 1
+    assert_select "h1 a[href='#{user_path unblocked_user}']", :text => unblocked_user.display_name
+    assert_select "table#block_list tbody", :count => 1 do
+      assert_select "tr", 1
+      assert_select "a[href='#{user_block_path(expired_block)}']", 1
+    end
+  end
+
+  ##
+  # test the blocks_on action with multiple pages
+  def test_blocks_on_paged
+    user = create(:user)
+    user_blocks = create_list(:user_block, 50, :user => user).reverse
+    next_path = user_blocks_on_path(user)
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[0...20]
+    check_no_page_link "Newer Blocks"
+    next_path = check_page_link "Older Blocks"
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[20...40]
+    check_page_link "Newer Blocks"
+    next_path = check_page_link "Older Blocks"
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[40...50]
+    check_page_link "Newer Blocks"
+    check_no_page_link "Older Blocks"
+  end
+
+  ##
+  # test the blocks_on action with invalid pages
+  def test_blocks_on_invalid_paged
+    user = create(:user)
+
+    %w[-1 0 fred].each do |id|
+      get user_blocks_on_path(user, :before => id)
+      assert_redirected_to :controller => :errors, :action => :bad_request
+
+      get user_blocks_on_path(user, :after => id)
+      assert_redirected_to :controller => :errors, :action => :bad_request
     end
   end
 
   ##
   # test the blocks_by action
   def test_blocks_by
-    # Asking for a list of blocks with no user name should fail
-    assert_raise ActionController::UrlGenerationError do
-      get :blocks_by
-    end
+    moderator_user = create(:moderator_user)
+    second_moderator_user = create(:moderator_user)
+    normal_user = create(:user)
+    active_block = create(:user_block, :creator => moderator_user)
+    expired_block = create(:user_block, :expired, :creator => second_moderator_user)
+    revoked_block = create(:user_block, :revoked, :creator => second_moderator_user)
 
     # Asking for a list of blocks with a bogus user name should fail
-    get :blocks_by, :display_name => "non_existent_user"
+    get user_blocks_by_path("non_existent_user")
     assert_response :not_found
-    assert_template "user/no_such_user"
+    assert_template "users/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
 
     # Check the list of blocks given by one moderator
-    get :blocks_by, :display_name => users(:moderator_user).display_name
+    get user_blocks_by_path(moderator_user)
     assert_response :success
-    assert_select "table#block_list", :count => 1 do
-      assert_select "tr", 2
-      assert_select "a[href='#{user_block_path(user_blocks(:active_block))}']", 1
+    assert_select "h1 a[href='#{user_path moderator_user}']", :text => moderator_user.display_name
+    assert_select "table#block_list tbody", :count => 1 do
+      assert_select "tr", 1
+      assert_select "a[href='#{user_block_path(active_block)}']", 1
     end
 
     # Check the list of blocks given by a different moderator
-    get :blocks_by, :display_name => users(:second_moderator_user).display_name
+    get user_blocks_by_path(second_moderator_user)
     assert_response :success
-    assert_select "table#block_list", :count => 1 do
-      assert_select "tr", 3
-      assert_select "a[href='#{user_block_path(user_blocks(:expired_block))}']", 1
-      assert_select "a[href='#{user_block_path(user_blocks(:revoked_block))}']", 1
+    assert_select "h1 a[href='#{user_path second_moderator_user}']", :text => second_moderator_user.display_name
+    assert_select "table#block_list tbody", :count => 1 do
+      assert_select "tr", 2
+      assert_select "a[href='#{user_block_path(expired_block)}']", 1
+      assert_select "a[href='#{user_block_path(revoked_block)}']", 1
     end
 
     # Check the list of blocks (not) given by a normal user
-    get :blocks_by, :display_name => users(:normal_user).display_name
+    get user_blocks_by_path(normal_user)
     assert_response :success
     assert_select "table#block_list", false
-    assert_select "p", "#{users(:normal_user).display_name} has not made any blocks yet."
+    assert_select "p", "#{normal_user.display_name} has not made any blocks yet."
+  end
+
+  ##
+  # test the blocks_by action with multiple pages
+  def test_blocks_by_paged
+    user = create(:moderator_user)
+    user_blocks = create_list(:user_block, 50, :creator => user).reverse
+    next_path = user_blocks_by_path(user)
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[0...20]
+    check_no_page_link "Newer Blocks"
+    next_path = check_page_link "Older Blocks"
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[20...40]
+    check_page_link "Newer Blocks"
+    next_path = check_page_link "Older Blocks"
+
+    get next_path
+    assert_response :success
+    check_user_blocks_table user_blocks[40...50]
+    check_page_link "Newer Blocks"
+    check_no_page_link "Older Blocks"
+  end
+
+  ##
+  # test the blocks_by action with invalid pages
+  def test_blocks_by_invalid_paged
+    user = create(:moderator_user)
+
+    %w[-1 0 fred].each do |id|
+      get user_blocks_by_path(user, :before => id)
+      assert_redirected_to :controller => :errors, :action => :bad_request
+
+      get user_blocks_by_path(user, :after => id)
+      assert_redirected_to :controller => :errors, :action => :bad_request
+    end
+  end
+
+  private
+
+  def check_block_buttons(block, edit: 0)
+    [user_blocks_path, user_block_path(block)].each do |path|
+      get path
+      assert_response :success
+      assert_select "a[href='#{edit_user_block_path block}']", :count => edit
+    end
+  end
+
+  def check_inactive_block_updates(block)
+    original_ends_at = block.ends_at
+
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal "Updated Reason", block.reason
+    assert_equal original_ends_at, block.ends_at
+
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => true, :reason => "Updated Reason Needs View" })
+    assert_response :success
+    assert_equal "This block is inactive and cannot be reactivated.", flash[:error]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal "Updated Reason", block.reason
+    assert_equal original_ends_at, block.ends_at
+
+    put user_block_path(block,
+                        :user_block_period => "1",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason Duration Extended" })
+    assert_response :success
+    assert_equal "This block is inactive and cannot be reactivated.", flash[:error]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal "Updated Reason", block.reason
+    assert_equal original_ends_at, block.ends_at
+
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason Again" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal "Updated Reason Again", block.reason
+    assert_equal original_ends_at, block.ends_at
+  end
+
+  def check_user_blocks_table(user_blocks)
+    assert_dom "table#block_list tbody tr" do |rows|
+      assert_equal user_blocks.count, rows.count, "unexpected number of rows in user blocks table"
+      rows.zip(user_blocks).map do |row, user_block|
+        assert_dom row, "a[href='#{user_block_path user_block}']", 1
+      end
+    end
+  end
+
+  def check_no_page_link(name)
+    assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/, :count => 0 }, "unexpected #{name} page link"
+  end
+
+  def check_page_link(name)
+    assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/ }, "missing #{name} page link" do |buttons|
+      return buttons.first.attributes["href"].value
+    end
   end
 end