From: Anton Khorev Date: Wed, 1 Jan 2025 02:31:05 +0000 (+0300) Subject: Skip blocks check when getting active blocks list X-Git-Tag: live~155^2~1 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/9ec7e8c888cc534bcdc2632a34f27e5853bb4241 Skip blocks check when getting active blocks list --- diff --git a/app/controllers/api/user_blocks/active_lists_controller.rb b/app/controllers/api/user_blocks/active_lists_controller.rb index 132d94678..fd7b768dd 100644 --- a/app/controllers/api/user_blocks/active_lists_controller.rb +++ b/app/controllers/api/user_blocks/active_lists_controller.rb @@ -1,7 +1,7 @@ module Api module UserBlocks class ActiveListsController < ApiController - before_action :authorize + before_action -> { authorize(:skip_blocks => true) } authorize_resource :class => :active_user_blocks_list diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index bcd43a273..acf64c6e2 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -49,9 +49,9 @@ class ApiController < ApplicationController end end - def authorize(errormessage: "Couldn't authenticate you", skip_terms: false) + def authorize(errormessage: "Couldn't authenticate you", skip_blocks: false, skip_terms: false) # make the current_user object from any auth sources we have - setup_user_auth(:skip_terms => skip_terms) + setup_user_auth(:skip_blocks => skip_blocks, :skip_terms => skip_terms) # handle authenticate pass/fail unless current_user @@ -99,7 +99,7 @@ class ApiController < ApplicationController # sets up the current_user for use by other methods. this is mostly called # from the authorize method, but can be called elsewhere if authorisation # is optional. - def setup_user_auth(skip_terms: false) + def setup_user_auth(skip_blocks: false, skip_terms: false) logger.info " setup_user_auth" # try and setup using OAuth self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible? @@ -107,13 +107,15 @@ class ApiController < ApplicationController # have we identified the user? if current_user # check if the user has been banned - user_block = current_user.blocks.active.take - unless user_block.nil? - set_locale - if user_block.zero_hour? - report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden - else - report_error t("application.setup_user_auth.blocked"), :forbidden + unless skip_blocks + user_block = current_user.blocks.active.take + unless user_block.nil? + set_locale + if user_block.zero_hour? + report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden + else + report_error t("application.setup_user_auth.blocked"), :forbidden + end end end diff --git a/test/controllers/api/user_blocks/active_lists_controller_test.rb b/test/controllers/api/user_blocks/active_lists_controller_test.rb index 98518e791..efca9b6c6 100644 --- a/test/controllers/api/user_blocks/active_lists_controller_test.rb +++ b/test/controllers/api/user_blocks/active_lists_controller_test.rb @@ -38,6 +38,32 @@ module Api assert_response :success assert_dom "user_block", :count => 0 end + + def test_show + user = create(:moderator_user) + user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs]) + create(:user_block, :expired, :user => user) + block0 = create(:user_block, :user => user) + block1 = create(:user_block, :user => user) + create(:user_block) + create(:user_block, :creator => user) + + get api_user_blocks_active_list_path, :headers => user_auth_header + assert_response :success + end + + def test_show_json + user = create(:moderator_user) + user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs]) + create(:user_block, :expired, :user => user) + block0 = create(:user_block, :user => user) + block1 = create(:user_block, :user => user) + create(:user_block) + create(:user_block, :creator => user) + + get api_user_blocks_active_list_path(:format => "json"), :headers => user_auth_header + assert_response :success + end end end end