From 5ad9fea52acb7a5707ca9868364680cfec46dd0c Mon Sep 17 00:00:00 2001 From: Francis Murillo Date: Tue, 6 Dec 2022 23:25:18 +0000 Subject: [PATCH] Log admin approve and reject account (#22088) * Log admin approve and reject account * Add unit tests for approve and reject logging --- app/controllers/admin/accounts_controller.rb | 2 + .../api/v1/admin/accounts_controller.rb | 2 + .../admin/accounts_controller_spec.rb | 81 +++++++++++++++++++ .../api/v1/admin/accounts_controller_spec.rb | 18 +++++ 4 files changed, 103 insertions(+) diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index 40bf685c53..9beb8fde6b 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -55,12 +55,14 @@ module Admin def approve authorize @account.user, :approve? @account.user.approve! + log_action :approve, @account.user redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.approved_msg', username: @account.acct) end def reject authorize @account.user, :reject? DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false) + log_action :reject, @account.user redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct) end diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index ae7f7d0762..f483000728 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -54,12 +54,14 @@ class Api::V1::Admin::AccountsController < Api::BaseController def approve authorize @account.user, :approve? @account.user.approve! + log_action :approve, @account.user render json: @account, serializer: REST::Admin::AccountSerializer end def reject authorize @account.user, :reject? DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false) + log_action :reject, @account.user render_empty end diff --git a/spec/controllers/admin/accounts_controller_spec.rb b/spec/controllers/admin/accounts_controller_spec.rb index 1bd51a0c82..81d592dddd 100644 --- a/spec/controllers/admin/accounts_controller_spec.rb +++ b/spec/controllers/admin/accounts_controller_spec.rb @@ -147,6 +147,87 @@ RSpec.describe Admin::AccountsController, type: :controller do end end + describe 'POST #approve' do + subject { post :approve, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, role: role) } + let(:account) { user.account } + let(:user) { Fabricate(:user) } + + before do + account.user.update(approved: false) + end + + context 'when user is admin' do + let(:role) { UserRole.find_by(name: 'Admin') } + + it 'succeeds in approving account' do + is_expected.to redirect_to admin_accounts_path(status: 'pending') + expect(user.reload).to be_approved + end + + it 'logs action' do + is_expected.to have_http_status :found + + log_item = Admin::ActionLog.last + + expect(log_item).to_not be_nil + expect(log_item.action).to eq :approve + expect(log_item.account_id).to eq current_user.account_id + expect(log_item.target_id).to eq account.user.id + end + end + + context 'when user is not admin' do + let(:role) { UserRole.everyone } + + it 'fails to approve account' do + is_expected.to have_http_status :forbidden + expect(user.reload).not_to be_approved + end + end + end + + describe 'POST #reject' do + subject { post :reject, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, role: role) } + let(:account) { user.account } + let(:user) { Fabricate(:user) } + + before do + account.user.update(approved: false) + end + + context 'when user is admin' do + let(:role) { UserRole.find_by(name: 'Admin') } + + it 'succeeds in rejecting account' do + is_expected.to redirect_to admin_accounts_path(status: 'pending') + end + + it 'logs action' do + is_expected.to have_http_status :found + + log_item = Admin::ActionLog.last + + expect(log_item).to_not be_nil + expect(log_item.action).to eq :reject + expect(log_item.account_id).to eq current_user.account_id + expect(log_item.target_id).to eq account.user.id + end + end + + context 'when user is not admin' do + let(:role) { UserRole.everyone } + + it 'fails to reject account' do + is_expected.to have_http_status :forbidden + expect(user.reload).not_to be_approved + end + end + end + describe 'POST #redownload' do subject { post :redownload, params: { id: account.id } } diff --git a/spec/controllers/api/v1/admin/accounts_controller_spec.rb b/spec/controllers/api/v1/admin/accounts_controller_spec.rb index cd38030e0c..8d35b86cb2 100644 --- a/spec/controllers/api/v1/admin/accounts_controller_spec.rb +++ b/spec/controllers/api/v1/admin/accounts_controller_spec.rb @@ -100,6 +100,15 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do it 'approves user' do expect(account.reload.user_approved?).to be true end + + it 'logs action' do + log_item = Admin::ActionLog.last + + expect(log_item).to_not be_nil + expect(log_item.action).to eq :approve + expect(log_item.account_id).to eq user.account_id + expect(log_item.target_id).to eq account.user.id + end end describe 'POST #reject' do @@ -118,6 +127,15 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do it 'removes user' do expect(User.where(id: account.user.id).count).to eq 0 end + + it 'logs action' do + log_item = Admin::ActionLog.last + + expect(log_item).to_not be_nil + expect(log_item.action).to eq :reject + expect(log_item.account_id).to eq user.account_id + expect(log_item.target_id).to eq account.user.id + end end describe 'POST #enable' do