Fix account action type validation (#19476)

* Fix account action type validation Fix #19143 * Fix #19145 * Fix code style issues
2022-10-30 02:44:32 +02:00
parent 276b85bc91
commit 40c7f3e830
2 changed files with 37 additions and 22 deletions
--- a/app/models/admin/account_action.rb
+++ b/app/models/admin/account_action.rb
@@ -25,6 +25,8 @@ class Admin::AccountAction
  alias send_email_notification? send_email_notification
  alias include_statuses? include_statuses

+  validates :type, :target_account, :current_account, presence: true
+
  def initialize(attributes = {})
    @send_email_notification = true
    @include_statuses        = true
@@ -41,13 +43,15 @@ class Admin::AccountAction
  end

  def save!
+    raise ActiveRecord::RecordInvalid, self unless valid?
+
    ApplicationRecord.transaction do
      process_action!
      process_strike!
+      process_reports!
    end

    process_email!
-    process_reports!
    process_queue!
  end

@@ -106,9 +110,8 @@ class Admin::AccountAction
    # Otherwise, we will mark all unresolved reports about
    # the account as resolved.

-    reports.each { |report| authorize(report, :update?) }
-
    reports.each do |report|
+      authorize(report, :update?)
      log_action(:resolve, report)
      report.resolve!(current_account)
    end
--- a/spec/controllers/api/v1/admin/account_actions_controller_spec.rb
+++ b/spec/controllers/api/v1/admin/account_actions_controller_spec.rb
@@ -30,28 +30,40 @@ RSpec.describe Api::V1::Admin::AccountActionsController, type: :controller do
  end

  describe 'POST #create' do
-    before do
-      post :create, params: { account_id: account.id, type: 'disable' }
+    context do
+      before do
+        post :create, params: { account_id: account.id, type: 'disable' }
+      end
+
+      it_behaves_like 'forbidden for wrong scope', 'write:statuses'
+      it_behaves_like 'forbidden for wrong role', ''
+
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      it 'performs action against account' do
+        expect(account.reload.user_disabled?).to be true
+      end
+
+      it 'logs action' do
+        log_item = Admin::ActionLog.last
+
+        expect(log_item).to_not be_nil
+        expect(log_item.action).to eq :disable
+        expect(log_item.account_id).to eq user.account_id
+        expect(log_item.target_id).to eq account.user.id
+      end
    end

-    it_behaves_like 'forbidden for wrong scope', 'write:statuses'
-    it_behaves_like 'forbidden for wrong role', ''
+    context 'with no type' do
+      before do
+        post :create, params: { account_id: account.id }
+      end

-    it 'returns http success' do
-      expect(response).to have_http_status(200)
-    end
-
-    it 'performs action against account' do
-      expect(account.reload.user_disabled?).to be true
-    end
-
-    it 'logs action' do
-      log_item = Admin::ActionLog.last
-
-      expect(log_item).to_not be_nil
-      expect(log_item.action).to eq :disable
-      expect(log_item.account_id).to eq user.account_id
-      expect(log_item.target_id).to eq account.user.id
+      it 'returns http unprocessable entity' do
+        expect(response).to have_http_status(422)
+      end
    end
  end
 end