def update
if @valid_params
- if current_user != @user_block.creator &&
- current_user != @user_block.revoker
+ if cannot?(:update, @user_block)
flash[:error] = t(@user_block.revoker ? ".only_creator_or_revoker_can_edit" : ".only_creator_can_edit")
redirect_to :action => "edit"
else
@user_block.ends_at = Time.now.utc + @block_period.hours
@user_block.deactivates_at = (@user_block.ends_at unless @user_block.needs_view)
@user_block.revoker = current_user if user_block_was_active && !@user_block.active?
- if !user_block_was_active && @user_block.active?
+ if user_block_was_active && @user_block.active? && current_user != @user_block.creator
+ flash.now[:error] = t(".only_creator_can_edit_without_revoking")
+ render :action => "edit"
+ elsif !user_block_was_active && @user_block.active?
flash.now[:error] = t(".inactive_block_cannot_be_reactivated")
render :action => "edit"
else
# test the update action
def test_update
moderator_user = create(:moderator_user)
- second_moderator_user = create(:moderator_user)
active_block = create(:user_block, :creator => moderator_user)
# Not logged in yet, so updating a block should fail
put user_block_path(:id => active_block)
assert_redirected_to :controller => "errors", :action => "forbidden"
- # Login as the wrong moderator
- session_for(second_moderator_user)
-
- # Check that only the person who created a block can update it
- assert_no_difference "UserBlock.count" do
- put user_block_path(:id => active_block,
- :user_block_period => "12",
- :user_block => { :needs_view => true, :reason => "Vandalism" })
- end
- assert_redirected_to edit_user_block_path(active_block)
- assert_equal "Only the moderator who created this block can edit it.", flash[:error]
-
- # Login as the correct moderator
+ # Login as the moderator
session_for(moderator_user)
# A bogus block period should result in an error
##
# test the update action revoking the block
- def test_revoke_using_update
+ def test_revoke_using_update_by_creator
moderator_user = create(:moderator_user)
block = create(:user_block, :creator => moderator_user)
put user_block_path(block,
:user_block_period => "24",
:user_block => { :needs_view => false, :reason => "Updated Reason" })
+ assert_redirected_to user_block_path(block)
+ assert_equal "Block updated.", flash[:notice]
block.reload
assert_predicate block, :active?
assert_nil block.revoker
put user_block_path(block,
:user_block_period => "0",
:user_block => { :needs_view => false, :reason => "Updated Reason" })
+ assert_redirected_to user_block_path(block)
+ assert_equal "Block updated.", flash[:notice]
block.reload
assert_not_predicate block, :active?
assert_equal moderator_user, block.revoker
end
+ def test_revoke_using_update_by_other_moderator
+ creator_user = create(:moderator_user)
+ other_moderator_user = create(:moderator_user)
+ block = create(:user_block, :creator => creator_user)
+
+ session_for(other_moderator_user)
+ put user_block_path(block,
+ :user_block_period => "24",
+ :user_block => { :needs_view => false, :reason => "Updated Reason" })
+ assert_response :success
+ assert_equal "Only the moderator who created this block can edit it without revoking.", flash[:error]
+ block.reload
+ assert_predicate block, :active?
+ assert_nil block.revoker
+
+ put user_block_path(block,
+ :user_block_period => "0",
+ :user_block => { :needs_view => false, :reason => "Updated Reason" })
+ assert_redirected_to user_block_path(block)
+ assert_equal "Block updated.", flash[:notice]
+ block.reload
+ assert_not_predicate block, :active?
+ assert_equal other_moderator_user, block.revoker
+ end
+
##
# test the revoke action
def test_revoke
projects / rails.git / commitdiff