can [:read, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
can [:create, :update, :destroy], Redaction
- can [:create, :revoke_all], UserBlock
+ can [:create, :destroy], UserBlock
can :update, UserBlock, :creator => user
can :update, UserBlock, :revoker => user
can :update, UserBlock, :active? => true
authorize_resource
- before_action :lookup_user, :only => [:new, :create, :revoke_all]
+ before_action :lookup_user, :only => [:new, :create]
before_action :lookup_user_block, :only => [:show, :edit, :update]
before_action :require_valid_params, :only => [:create, :update]
before_action :check_database_readable
- before_action :check_database_writable, :only => [:create, :update, :revoke_all]
+ before_action :check_database_writable, :only => [:create, :update]
def index
@params = params.permit
end
end
- ##
- # revokes all active blocks
- def revoke_all
- if request.post? && params[:confirm]
- @user.blocks.active.each { |block| block.revoke!(current_user) }
- flash[:notice] = t ".flash"
- redirect_to user_received_blocks_path(@user)
- end
- end
-
private
##
before_action :lookup_user
before_action :check_database_readable
+ before_action :check_database_writable, :only => :destroy
##
# shows a list of all the blocks on the given user
render :partial => "user_blocks/page" if turbo_frame_request_id == "pagination"
end
+
+ ##
+ # shows revoke all active blocks page
+ def edit; end
+
+ ##
+ # revokes all active blocks
+ def destroy
+ if params[:confirm]
+ @user.blocks.active.each { |block| block.revoke!(current_user) }
+ flash[:notice] = t ".flash"
+ redirect_to user_received_blocks_path(@user)
+ else
+ render :action => :edit
+ end
+ end
end
end
<% unless @user.blocks.active.empty? %>
- <%= bootstrap_form_for :revoke_all, :url => { :action => "revoke_all" } do |f| %>
+ <%= bootstrap_form_for :revoke_all, :url => { :action => :destroy }, :method => :delete do |f| %>
<div class="mb-3">
<div class="form-check">
<%= check_box_tag "confirm", "yes", false, { :class => "form-check-input" } %>
</li>
<% end %>
- <% if can?(:revoke_all, UserBlock) and @user.blocks.active.exists? %>
+ <% if can?(:destroy, UserBlock) and @user.blocks.active.exists? %>
<li>
- <%= link_to t(".revoke_all_blocks"), revoke_all_user_blocks_path(@user) %>
+ <%= link_to t(".revoke_all_blocks"), edit_user_received_blocks_path(@user) %>
</li>
<% end %>
title: "Blocks on %{name}"
heading_html: "List of Blocks on %{name}"
empty: "%{name} has not been blocked yet."
+ edit:
+ title: "Revoking all blocks on %{block_on}"
+ heading_html: "Revoking all blocks on %{block_on}"
+ empty: "%{name} has no active blocks."
+ confirm: "Are you sure you wish to revoke %{active_blocks}?"
+ active_blocks:
+ one: "%{count} active block"
+ other: "%{count} active blocks"
+ revoke: "Revoke!"
+ destroy:
+ flash: "All active blocks have been revoked."
lists:
show:
title: Users
title: "User blocks"
heading: "List of user blocks"
empty: "No blocks have been made yet."
- revoke_all:
- title: "Revoking all blocks on %{block_on}"
- heading_html: "Revoking all blocks on %{block_on}"
- empty: "%{name} has no active blocks."
- confirm: "Are you sure you wish to revoke %{active_blocks}?"
- active_blocks:
- one: "%{count} active block"
- other: "%{count} active blocks"
- revoke: "Revoke!"
- flash: "All active blocks have been revoked."
helper:
time_future_html: "Ends in %{time}."
until_login: "Active until the user logs in."
resource :role, :controller => "user_roles", :path => "roles/:role", :only => [:create, :destroy]
scope :module => :users do
resource :issued_blocks, :path => "blocks_by", :only => :show
- resource :received_blocks, :path => "blocks", :only => :show
+ resource :received_blocks, :path => "blocks", :only => [:show, :edit, :destroy]
end
end
get "/user/:display_name/account", :to => redirect(:path => "/account/edit")
# banning pages
resources :user_blocks, :path_names => { :new => "new/:display_name" }
- match "/user/:display_name/blocks/revoke_all" => "user_blocks#revoke_all", :via => [:get, :post], :as => "revoke_all_user_blocks"
# issues and reports
resources :issues do
{ :path => "/user_blocks/1", :method => :delete },
{ :controller => "user_blocks", :action => "destroy", :id => "1" }
)
-
- assert_routing(
- { :path => "/user/username/blocks/revoke_all", :method => :get },
- { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
- )
- assert_routing(
- { :path => "/user/username/blocks/revoke_all", :method => :post },
- { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
- )
end
##
assert_equal other_moderator_user, block.revoker
end
- ##
- # test the revoke all page
- def test_revoke_all_page
- blocked_user = create(:user)
- create(:user_block, :user => blocked_user)
-
- # Asking for the revoke all blocks page with a bogus user name should fail
- get user_received_blocks_path("non_existent_user")
- assert_response :not_found
-
- # Check that the revoke all blocks page requires us to login
- get revoke_all_user_blocks_path(blocked_user)
- assert_redirected_to login_path(:referer => revoke_all_user_blocks_path(blocked_user))
-
- # Login as a normal user
- session_for(create(:user))
-
- # Check that normal users can't load the revoke all blocks page
- get revoke_all_user_blocks_path(blocked_user)
- assert_redirected_to :controller => "errors", :action => "forbidden"
-
- # Login as a moderator
- session_for(create(:moderator_user))
-
- # Check that the revoke all blocks page loads for moderators
- get revoke_all_user_blocks_path(blocked_user)
- assert_response :success
- assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
- end
-
- ##
- # test the revoke all action
- def test_revoke_all_action
- blocked_user = create(:user)
- active_block1 = create(:user_block, :user => blocked_user)
- active_block2 = create(:user_block, :user => blocked_user)
- expired_block1 = create(:user_block, :expired, :user => blocked_user)
- blocks = [active_block1, active_block2, expired_block1]
- moderator_user = create(:moderator_user)
-
- assert_predicate active_block1, :active?
- assert_predicate active_block2, :active?
- assert_not_predicate expired_block1, :active?
-
- # Login as a normal user
- session_for(create(:user))
-
- # Check that normal users can't load the block revoke page
- get revoke_all_user_blocks_path(:blocked_user)
- assert_redirected_to :controller => "errors", :action => "forbidden"
-
- # Login as a moderator
- session_for(moderator_user)
-
- # Check that revoking blocks using GET should fail
- get revoke_all_user_blocks_path(blocked_user, :confirm => true)
- assert_response :success
- assert_template "revoke_all"
-
- blocks.each(&:reload)
- assert_predicate active_block1, :active?
- assert_predicate active_block2, :active?
- assert_not_predicate expired_block1, :active?
-
- # Check that revoking blocks works using POST
- post revoke_all_user_blocks_path(blocked_user, :confirm => true)
- assert_redirected_to user_received_blocks_path(blocked_user)
-
- blocks.each(&:reload)
- assert_not_predicate active_block1, :active?
- assert_not_predicate active_block2, :active?
- assert_not_predicate expired_block1, :active?
- assert_equal moderator_user, active_block1.revoker
- assert_equal moderator_user, active_block2.revoker
- assert_not_equal moderator_user, expired_block1.revoker
- end
-
##
# test changes to end/deactivation dates
def test_dates_when_viewed_before_end
{ :path => "/user/username/blocks", :method => :get },
{ :controller => "users/received_blocks", :action => "show", :user_display_name => "username" }
)
+ assert_routing(
+ { :path => "/user/username/blocks/edit", :method => :get },
+ { :controller => "users/received_blocks", :action => "edit", :user_display_name => "username" }
+ )
+ assert_routing(
+ { :path => "/user/username/blocks", :method => :delete },
+ { :controller => "users/received_blocks", :action => "destroy", :user_display_name => "username" }
+ )
end
def test_show
assert_redirected_to :controller => "/errors", :action => :bad_request
end
end
+
+ ##
+ # test the revoke all blocks page
+ def test_edit
+ blocked_user = create(:user)
+ create(:user_block, :user => blocked_user)
+
+ # Asking for the revoke all blocks page with a bogus user name should fail
+ get user_received_blocks_path("non_existent_user")
+ assert_response :not_found
+
+ # Check that the revoke all blocks page requires us to login
+ get edit_user_received_blocks_path(blocked_user)
+ assert_redirected_to login_path(:referer => edit_user_received_blocks_path(blocked_user))
+
+ # Login as a normal user
+ session_for(create(:user))
+
+ # Check that normal users can't load the revoke all blocks page
+ get edit_user_received_blocks_path(blocked_user)
+ assert_redirected_to :controller => "/errors", :action => "forbidden"
+
+ # Login as a moderator
+ session_for(create(:moderator_user))
+
+ # Check that the revoke all blocks page loads for moderators
+ get edit_user_received_blocks_path(blocked_user)
+ assert_response :success
+ assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
+ end
+
+ ##
+ # test the revoke all action
+ def test_destroy
+ blocked_user = create(:user)
+ active_block1 = create(:user_block, :user => blocked_user)
+ active_block2 = create(:user_block, :user => blocked_user)
+ expired_block1 = create(:user_block, :expired, :user => blocked_user)
+ blocks = [active_block1, active_block2, expired_block1]
+ moderator_user = create(:moderator_user)
+
+ assert_predicate active_block1, :active?
+ assert_predicate active_block2, :active?
+ assert_not_predicate expired_block1, :active?
+
+ # Check that normal users can't revoke all blocks
+ session_for(create(:user))
+ delete user_received_blocks_path(blocked_user, :confirm => true)
+ assert_redirected_to :controller => "/errors", :action => "forbidden"
+
+ blocks.each(&:reload)
+ assert_predicate active_block1, :active?
+ assert_predicate active_block2, :active?
+ assert_not_predicate expired_block1, :active?
+
+ # Check that confirmation is required
+ session_for(moderator_user)
+ delete user_received_blocks_path(blocked_user)
+
+ blocks.each(&:reload)
+ assert_predicate active_block1, :active?
+ assert_predicate active_block2, :active?
+ assert_not_predicate expired_block1, :active?
+
+ # Check that moderators can revoke all blocks
+ delete user_received_blocks_path(blocked_user, :confirm => true)
+ assert_redirected_to user_received_blocks_path(blocked_user)
+
+ blocks.each(&:reload)
+ assert_not_predicate active_block1, :active?
+ assert_not_predicate active_block2, :active?
+ assert_not_predicate expired_block1, :active?
+ assert_equal moderator_user, active_block1.revoker
+ assert_equal moderator_user, active_block2.revoker
+ assert_not_equal moderator_user, expired_block1.revoker
+ end
end
end
blocked_user = create(:user)
sign_in_as(create(:moderator_user))
- visit revoke_all_user_blocks_path(blocked_user)
+ visit edit_user_received_blocks_path(blocked_user)
assert_title "Revoking all blocks on #{blocked_user.display_name}"
assert_text "Revoking all blocks on #{blocked_user.display_name}"
assert_no_button "Revoke!"
projects / rails.git / commitdiff