Merge remote-tracking branch 'upstream/pull/5022'

diff --git a/app/controllers/user_blocks_controller.rb b/app/controllers/user_blocks_controller.rb
index 3ab217a601fc5bfe1319aefffb5bb2ce8510314b..664ac56815d6e541de2de2e839b04aa188867f38 100644 (file)
--- a/app/controllers/user_blocks_controller.rb
+++ b/app/controllers/user_blocks_controller.rb
@@ -63,8 +63,9 @@ class UserBlocksController < ApplicationController
 
   def update
     if @valid_params
-      if @user_block.creator != current_user
-        flash[:error] = t(".only_creator_can_edit")
+      if current_user != @user_block.creator &&
+         current_user != @user_block.revoker
+        flash[:error] = t(@user_block.revoker ? ".only_creator_or_revoker_can_edit" : ".only_creator_can_edit")
         redirect_to :action => "edit"
       elsif @user_block.update(
         :ends_at => Time.now.utc + @block_period.hours,

diff --git a/app/views/user_blocks/_block.html.erb b/app/views/user_blocks/_block.html.erb
index 461dc7a8d9e8ef6c19b34a80ce1a05900c17455f..a18d1dbdbabe51a753515e138fad795483d2b422 100644 (file)
--- a/app/views/user_blocks/_block.html.erb
+++ b/app/views/user_blocks/_block.html.erb
@@ -15,7 +15,8 @@
     <% end %>
   </td>
   <td><%= link_to t(".show"), block %></td>
-  <td><% if current_user and current_user.id == block.creator_id %><%= link_to t(".edit"), edit_user_block_path(block) %><% end %></td>
+  <td><% if current_user && (current_user.id == block.creator_id ||
+                             current_user.id == block.revoker_id) %><%= link_to t(".edit"), edit_user_block_path(block) %><% end %></td>
   <% if show_revoke_link %>
   <td><% if block.active? %><%= link_to t(".revoke"), revoke_user_block_path(block) %><% end %></td>
   <% end %>

diff --git a/app/views/user_blocks/show.html.erb b/app/views/user_blocks/show.html.erb
index 619cd6c3f0c58d3fdee045698ca72b59882fd0b2..c36c043cf80434d2f3120bf767154c69fb33323a 100644 (file)
--- a/app/views/user_blocks/show.html.erb
+++ b/app/views/user_blocks/show.html.erb
@@ -26,9 +26,12 @@
   <dd class="col-sm-9"><div class="richtext text-break"><%= @user_block.reason.to_html %></div></dd>
 </dl>
 
-<% if current_user&.id == @user_block.creator_id || can?(:revoke, UserBlock) && @user_block.active? %>
+<% if current_user && (current_user.id == @user_block.creator_id ||
+                       current_user.id == @user_block.revoker_id) ||
+      can?(:revoke, UserBlock) && @user_block.active? %>
   <div>
-    <% if current_user&.id == @user_block.creator_id %>
+    <% if current_user && (current_user.id == @user_block.creator_id ||
+                           current_user.id == @user_block.revoker_id) %>
       <%= link_to t(".edit"), edit_user_block_path(@user_block), :class => "btn btn-outline-primary" %>
     <% end %>
     <% if can?(:revoke, UserBlock) && @user_block.active? %>

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 2b83fec1f9d4097cb4e8036f1e2cc8314fe3bd47..dc7f1a1c0e76206f329668cac9f6363533210023 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2940,6 +2940,7 @@ en:
       flash: "Created a block on user %{name}."
     update:
       only_creator_can_edit: "Only the moderator who created this block can edit it."
+      only_creator_or_revoker_can_edit: "Only the moderators who created or revoked this block can edit it."
       success: "Block updated."
     index:
       title: "User blocks"

diff --git a/config/routes.rb b/config/routes.rb
index 12f6325ae3d78acce9469195f084a4776804e4c9..c832cbb35866fcbfb0f22073e56f8ef5b05fa7b3 100644 (file)
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -84,9 +84,11 @@ OpenStreetMap::Application.routes.draw do
     delete "gpx/:id" => "traces#destroy", :id => /\d+/
     get "gpx/:id/details" => "traces#show", :id => /\d+/
     get "gpx/:id/data" => "traces#data", :as => :api_trace_data
+  end
 
+  namespace :api, :path => "api/0.6" do
     # Map notes API
-    resources :notes, :except => [:new, :edit, :update], :constraints => { :id => /\d+/ }, :controller => "notes", :as => :api_notes do
+    resources :notes, :except => [:new, :edit, :update], :id => /\d+/, :controller => "notes" do
       collection do
         get "search"
         get "feed", :defaults => { :format => "rss" }
@@ -99,7 +101,7 @@ OpenStreetMap::Application.routes.draw do
       end
     end
 
-    resources :user_blocks, :only => [:show], :constraints => { :id => /\d+/ }, :controller => "user_blocks", :as => :api_user_blocks
+    resources :user_blocks, :only => :show, :id => /\d+/, :controller => "user_blocks"
   end
 
   # Data browsing

diff --git a/test/controllers/user_blocks_controller_test.rb b/test/controllers/user_blocks_controller_test.rb
index dd0b1287b414c7805395a82bcccb62c0b5c773e6..2e9d79ef759e8add899921259fc241ad3f37b3de 100644 (file)
--- a/test/controllers/user_blocks_controller_test.rb
+++ b/test/controllers/user_blocks_controller_test.rb
@@ -212,22 +212,9 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
     check_block_buttons block, :edit => 1
 
     session_for(revoker_user)
-    check_block_buttons block
-  end
-
-  private
-
-  def check_block_buttons(block, edit: 0, revoke: 0)
-    [user_blocks_path, user_block_path(block)].each do |path|
-      get path
-      assert_response :success
-      assert_select "a[href='#{edit_user_block_path block}']", :count => edit
-      assert_select "a[href='#{revoke_user_block_path block}']", :count => revoke
-    end
+    check_block_buttons block, :edit => 1
   end
 
-  public
-
   ##
   # test the new action
   def test_new
@@ -483,23 +470,32 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
     assert_equal "Original Reason", block.reason
 
     session_for(creator_user)
+    check_block_updates(block)
+  end
+
+  ##
+  # test the update action on revoked blocks
+  def test_update_revoked
+    creator_user = create(:moderator_user)
+    revoker_user = create(:moderator_user)
+    other_moderator_user = create(:moderator_user)
+    block = create(:user_block, :revoked, :creator => creator_user, :revoker => revoker_user, :reason => "Original Reason")
+
+    session_for(other_moderator_user)
     put user_block_path(block,
                         :user_block_period => "0",
                         :user_block => { :needs_view => false, :reason => "Updated Reason" })
-    assert_redirected_to user_block_path(block)
-    assert_equal "Block updated.", flash[:notice]
+    assert_redirected_to edit_user_block_path(block)
+    assert_equal "Only the moderators who created or revoked this block can edit it.", flash[:error]
     block.reload
-    assert_not block.active?
-    assert_equal "Updated Reason", block.reason
+    assert_not_predicate block, :active?
+    assert_equal "Original Reason", block.reason
 
-    put user_block_path(block,
-                        :user_block_period => "0",
-                        :user_block => { :needs_view => true, :reason => "Updated Reason 2" })
-    assert_redirected_to user_block_path(block)
-    assert_equal "Block updated.", flash[:notice]
-    block.reload
-    assert_predicate block, :active?
-    assert_equal "Updated Reason 2", block.reason
+    session_for(creator_user)
+    check_block_updates(block)
+
+    session_for(revoker_user)
+    check_block_updates(block)
   end
 
   ##
@@ -794,6 +790,35 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
 
   private
 
+  def check_block_buttons(block, edit: 0, revoke: 0)
+    [user_blocks_path, user_block_path(block)].each do |path|
+      get path
+      assert_response :success
+      assert_select "a[href='#{edit_user_block_path block}']", :count => edit
+      assert_select "a[href='#{revoke_user_block_path block}']", :count => revoke
+    end
+  end
+
+  def check_block_updates(block)
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => false, :reason => "Updated Reason" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_not_predicate block, :active?
+    assert_equal "Updated Reason", block.reason
+
+    put user_block_path(block,
+                        :user_block_period => "0",
+                        :user_block => { :needs_view => true, :reason => "Updated Reason 2" })
+    assert_redirected_to user_block_path(block)
+    assert_equal "Block updated.", flash[:notice]
+    block.reload
+    assert_predicate block, :active?
+    assert_equal "Updated Reason 2", block.reason
+  end
+
   def check_user_blocks_table(user_blocks)
     assert_dom "table#block_list tbody tr" do |rows|
       assert_equal user_blocks.count, rows.count, "unexpected number of rows in user blocks table"