end
# check if the user has been banned
- unless @user.nil? or @user.blocks.empty?
+ unless @user.nil? or @user.active_blocks.empty?
# NOTE: need slightly more helpful message than this.
- render :text => "You got banned!", :status => :forbidden
+ render :text => t('application.setup_user_auth.blocked'), :status => :forbidden
end
end
# ensure that there is a "this_user" instance variable
def lookup_this_user
@this_user = User.find_by_display_name(params[:display_name])
+ rescue ActiveRecord::RecordNotFound
+ redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user
end
##
# ensure that there is a "user_block" instance variable
def lookup_user_block
@user_block = UserBlock.find(params[:id])
+ rescue ActiveRecord::RecordNotFound
+ render :action => "not_found", :status => :not_found
end
##
has_many :client_applications
has_many :oauth_tokens, :class_name => "OauthToken", :order => "authorized_at desc", :include => [:client_application]
- has_many :blocks, :class_name => "UserBlock", :conditions => ["user_blocks.ends_at > now() or user_blocks.needs_view"]
+ has_many :active_blocks, :class_name => "UserBlock", :conditions => ['user_blocks.ends_at > \'#{Time.now.getutc.xmlschema(5)}\' or user_blocks.needs_view']
has_many :roles, :class_name => "UserRole"
validates_presence_of :email, :display_name
# returns the first active block which would require users to view
# a message, or nil if there are none.
def blocked_on_view
- blocks.inject(nil) { |s,x| s || (x.needs_view? ? x : nil) }
+ active_blocks.inject(nil) { |s,x| s || (x.needs_view? ? x : nil) }
end
def delete
--- /dev/null
+<p><%= t'user_block.not_found.sorry', :id => params[:id] %></p>
+
+<%= link_to t('user_block.not_found.back'), user_blocks_path %>
scheduled_for_deletion: "Track scheduled for deletion"
make_public:
made_public: "Track made public"
+ application:
+ setup_user_auth:
+ blocked: "Your access to the API has been blocked. Please log-in to the web interface to find out more."
oauth:
oauthorize:
request_access: "The application {{app_name}} is requesting access to your account. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like."
model:
non_moderator_update: "Must be a moderator to create or update a block."
non_moderator_revoke: "Must be a moderator to revoke a block."
+ not_found:
+ sorry: "Sorry, the user block with ID {{id}} could not be found."
+ back: "Back to index"
new:
reason: "The reason why {{name}} is being blocked. Please be as calm and as reasonable as possible, giving as much detail as you can about the situation, remembering that the message will be publicly visible. Bear in mind that not all users understand the community jargon, so please try to use laymans terms."
period: "How long, starting now, the user will be blocked from the API for."
--- /dev/null
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserBlocksTest < ActionController::IntegrationTest
+ fixtures :users, :user_blocks
+
+ def auth_header(user, pass)
+ {"HTTP_AUTHORIZATION" => "Basic %s" % Base64.encode64("#{user}:#{pass}")}
+ end
+
+ def test_api_blocked
+ blocked_user = users(:public_user)
+
+ get "/api/#{API_VERSION}/user/details"
+ assert_response :unauthorized
+
+ get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+ assert_response :success
+
+ # now block the user
+ UserBlock.create(:user_id => blocked_user.id,
+ :creator_id => users(:moderator_user).id,
+ :reason => "testing",
+ :ends_at => Time.now.getutc + 5.minutes)
+ get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+ assert_response :forbidden
+ end
+
+ def test_api_revoke
+ blocked_user = users(:public_user)
+ moderator = users(:moderator_user)
+
+ block = UserBlock.create(:user_id => blocked_user.id,
+ :creator_id => moderator.id,
+ :reason => "testing",
+ :ends_at => Time.now.getutc + 5.minutes)
+ get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+ assert_response :forbidden
+
+ # revoke the ban
+ post '/login', {'user[email]' => moderator.email, 'user[password]' => "test", :referer => "/blocks/#{block.id}/revoke"}
+ assert_response :redirect
+ follow_redirect!
+ assert_response :success
+ assert_template 'user_blocks/revoke'
+ post "/blocks/#{block.id}/revoke", {'confirm' => "yes"}
+ assert_response :redirect
+ follow_redirect!
+ assert_response :success
+ assert_template 'user_blocks/show'
+ reset!
+
+ # access the API again. this time it should work
+ get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+ assert_response :success
+ end
+end
projects / rails.git / commitdiff