Merge remote-tracking branch 'upstream/pull/5013'

diff --git a/Gemfile.lock b/Gemfile.lock
index 412ef4820a8e63330c8501f1e840b1e1bf5ca318..05ccd47d1f39fdde4c03cf59d7371385251f4c9d 100644 (file)
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -95,8 +95,8 @@ GEM
     autoprefixer-rails (10.4.16.0)
       execjs (~> 2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.956.0)
-    aws-sdk-core (3.201.1)
+    aws-partitions (1.957.0)
+    aws-sdk-core (3.201.2)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.8)
@@ -412,7 +412,7 @@ GEM
     progress (3.6.0)
     psych (5.1.2)
       stringio
-    public_suffix (6.0.0)
+    public_suffix (6.0.1)
     puma (5.6.8)
       nio4r (~> 2.0)
     quad_tile (1.0.1)
@@ -524,8 +524,9 @@ GEM
       rubocop (~> 1.0)
     ruby-openid (2.9.2)
     ruby-progressbar (1.13.0)
-    ruby-vips (2.2.1)
+    ruby-vips (2.2.2)
       ffi (~> 1.12)
+      logger
     rubyzip (2.3.2)
     sanitize (6.1.1)
       crass (~> 1.0.2)
@@ -533,7 +534,7 @@ GEM
     sass-embedded (1.64.2)
       google-protobuf (~> 3.23)
       rake (>= 13.0.0)
-    selenium-webdriver (4.22.0)
+    selenium-webdriver (4.23.0)
       base64 (~> 0.2)
       logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
@@ -572,7 +573,7 @@ GEM
     thor (1.3.1)
     tilt (2.4.0)
     timeout (0.4.1)
-    turbo-rails (2.0.5)
+    turbo-rails (2.0.6)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
       railties (>= 6.0.0)

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index a0eea302f5a95cd39a2f53b2c6addd77864b582a..907712328b77c4de1d3421ab96525d895d53ff00 100644 (file)
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -42,7 +42,8 @@ class Ability
         can [:new, :show, :create, :destroy], :oauth2_authorization
         can [:edit, :update, :destroy], :account
         can [:show], :dashboard
-        can [:new, :create, :edit, :update, :subscribe, :unsubscribe], DiaryEntry
+        can [:new, :create, :subscribe, :unsubscribe], DiaryEntry
+        can :update, DiaryEntry, :user => user
         can [:create], DiaryComment
         can [:make_friend, :remove_friend], Friendship
         can [:new, :create, :reply, :show, :inbox, :outbox, :muted, :mark, :unmute, :destroy], Message

diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb
index 1a888547db42b53a92de7451072b0cc9c14b6294..eaf6ddf9c519021e5d9a0809585fb94edf0f85ce 100644 (file)
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -125,7 +125,7 @@ class DiaryEntriesController < ApplicationController
     @title = t "diary_entries.edit.title"
     @diary_entry = DiaryEntry.find(params[:id])
 
-    if current_user != @diary_entry.user ||
+    if cannot?(:update, @diary_entry) ||
        (params[:diary_entry] && @diary_entry.update(entry_params))
       redirect_to diary_entry_path(@diary_entry.user, @diary_entry)
     else

diff --git a/app/views/diary_entries/_diary_entry.html.erb b/app/views/diary_entries/_diary_entry.html.erb
index d4ee530d7f9d80b7787ccdf52b20fd37b261a2cd..62e701d1444f8fb6bbf55d488c7e08caf27e07e0 100644 (file)
--- a/app/views/diary_entries/_diary_entry.html.erb
+++ b/app/views/diary_entries/_diary_entry.html.erb
@@ -23,7 +23,7 @@
         </li>
       <% end %>
 
-      <% if current_user && current_user == diary_entry.user %>
+      <% if can?(:edit, diary_entry) %>
         <li><%= link_to t(".edit_link"), edit_diary_entry_path(diary_entry.user, diary_entry) %></li>
       <% end %>
 

diff --git a/app/views/user_blocks/edit.html.erb b/app/views/user_blocks/edit.html.erb
index a5b165e9ad790e5c8b918b471a775ebf4091d0cf..88441a15d9ccbb2d80c694fa425c77a527372cf8 100644 (file)
--- a/app/views/user_blocks/edit.html.erb
+++ b/app/views/user_blocks/edit.html.erb
@@ -15,7 +15,8 @@
   <%= f.form_group do %>
     <%= label_tag "user_block_period", t(".period"), :class => "form-label" %>
     <%= select_tag("user_block_period",
-                   options_for_select(UserBlock::PERIODS.collect { |h| [block_duration_in_words(h.hours), h.to_s] }, params[:user_block_period]),
+                   options_for_select(UserBlock::PERIODS.collect { |h| [block_duration_in_words(h.hours), h.to_s] },
+                                      UserBlock::PERIODS.min_by { |h| (params[:user_block_period].to_i - h).abs }),
                    :class => "form-select") %>
   <% end %>
 

diff --git a/test/controllers/diary_entries_controller_test.rb b/test/controllers/diary_entries_controller_test.rb
index 9acd72c67b630d1eb41a91813b8dfa31ee2280bc..bb6c25781fc5bd6aa6a31de5976bd31e74c4c0ef 100644 (file)
--- a/test/controllers/diary_entries_controller_test.rb
+++ b/test/controllers/diary_entries_controller_test.rb
@@ -336,6 +336,29 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
     assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
   end
 
+  def test_update
+    user = create(:user)
+    other_user = create(:user)
+    diary_entry = create(:diary_entry, :language_code => "en", :user => user, :title => "Original Title")
+
+    put diary_entry_path(user, diary_entry, :diary_entry => { :title => "Updated Title" })
+    assert_response :forbidden
+    diary_entry.reload
+    assert_equal "Original Title", diary_entry.title
+
+    session_for(other_user)
+    put diary_entry_path(user, diary_entry, :diary_entry => { :title => "Updated Title" })
+    assert_redirected_to diary_entry_path(user, diary_entry)
+    diary_entry.reload
+    assert_equal "Original Title", diary_entry.title
+
+    session_for(user)
+    put diary_entry_path(user, diary_entry, :diary_entry => { :title => "Updated Title" })
+    assert_redirected_to diary_entry_path(user, diary_entry)
+    diary_entry.reload
+    assert_equal "Updated Title", diary_entry.title
+  end
+
   def test_index_all
     diary_entry = create(:diary_entry)
     geo_entry = create(:diary_entry, :latitude => 51.50763, :longitude => -0.10781)

diff --git a/test/controllers/user_blocks_controller_test.rb b/test/controllers/user_blocks_controller_test.rb
index 97f5171335d4910fd27e53fda34bc6ea8dc8e2f5..b6aaf4ca8267256ece52d00f6eb70c4c29c27e94 100644 (file)
--- a/test/controllers/user_blocks_controller_test.rb
+++ b/test/controllers/user_blocks_controller_test.rb
@@ -244,6 +244,34 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
   end
 
+  ##
+  # test the edit action when the remaining block duration doesn't match the available select options
+  def test_edit_duration
+    moderator_user = create(:moderator_user)
+
+    freeze_time do
+      active_block = create(:user_block, :creator => moderator_user, :ends_at => Time.now.utc + 96.hours)
+
+      session_for(moderator_user)
+      get edit_user_block_path(active_block)
+
+      assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
+        assert_select "select#user_block_period", :count => 1 do
+          assert_select "option[value='96'][selected]", :count => 1
+        end
+      end
+
+      travel 2.hours
+      get edit_user_block_path(active_block)
+
+      assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
+        assert_select "select#user_block_period", :count => 1 do
+          assert_select "option[value='96'][selected]", :count => 1
+        end
+      end
+    end
+  end
+
   ##
   # test the create action
   def test_create