cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Skip blocks check when getting active blocks list

Browse source
This commit is contained in:
Anton Khorev 2025-01-01 05:31:05 +03:00
parent 6d558003aa
commit 9ec7e8c888
3 changed files with 39 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/user_blocks/active_lists_controller.rb
View file

@ -1,7 +1,7 @@
module Api module Api
module UserBlocks module UserBlocks
class ActiveListsController < ApiController class ActiveListsController < ApiController
before_action :authorize before_action -> { authorize(:skip_blocks => true) }
authorize_resource :class => :active_user_blocks_list authorize_resource :class => :active_user_blocks_list

8
app/controllers/api_controller.rb
View file

@ -49,9 +49,9 @@ class ApiController < ApplicationController
end end
end end
def authorize(errormessage: "Couldn't authenticate you", skip_terms: false) def authorize(errormessage: "Couldn't authenticate you", skip_blocks: false, skip_terms: false)
# make the current_user object from any auth sources we have # make the current_user object from any auth sources we have
setup_user_auth(:skip_terms => skip_terms) setup_user_auth(:skip_blocks => skip_blocks, :skip_terms => skip_terms)
# handle authenticate pass/fail # handle authenticate pass/fail
unless current_user unless current_user
@ -99,7 +99,7 @@ class ApiController < ApplicationController
# sets up the current_user for use by other methods. this is mostly called # sets up the current_user for use by other methods. this is mostly called
# from the authorize method, but can be called elsewhere if authorisation # from the authorize method, but can be called elsewhere if authorisation
# is optional. # is optional.
def setup_user_auth(skip_terms: false) def setup_user_auth(skip_blocks: false, skip_terms: false)
logger.info " setup_user_auth" logger.info " setup_user_auth"
# try and setup using OAuth # try and setup using OAuth
self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible? self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible?
@ -107,6 +107,7 @@ class ApiController < ApplicationController
# have we identified the user? # have we identified the user?
if current_user if current_user
# check if the user has been banned # check if the user has been banned
unless skip_blocks
user_block = current_user.blocks.active.take user_block = current_user.blocks.active.take
unless user_block.nil? unless user_block.nil?
set_locale set_locale
@ -116,6 +117,7 @@ class ApiController < ApplicationController
report_error t("application.setup_user_auth.blocked"), :forbidden report_error t("application.setup_user_auth.blocked"), :forbidden
end end
end end
end
# if the user hasn't seen the contributor terms then don't # if the user hasn't seen the contributor terms then don't
# allow editing - they have to go to the web site and see # allow editing - they have to go to the web site and see

26
test/controllers/api/user_blocks/active_lists_controller_test.rb
View file

@ -38,6 +38,32 @@ module Api
assert_response :success assert_response :success
assert_dom "user_block", :count => 0 assert_dom "user_block", :count => 0
end end
def test_show
user = create(:moderator_user)
user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
create(:user_block, :expired, :user => user)
block0 = create(:user_block, :user => user)
block1 = create(:user_block, :user => user)
create(:user_block)
create(:user_block, :creator => user)
get api_user_blocks_active_list_path, :headers => user_auth_header
assert_response :success
end
def test_show_json
user = create(:moderator_user)
user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
create(:user_block, :expired, :user => user)
block0 = create(:user_block, :user => user)
block1 = create(:user_block, :user => user)
create(:user_block)
create(:user_block, :creator => user)
get api_user_blocks_active_list_path(:format => "json"), :headers => user_auth_header
assert_response :success
end
end end
end end
end end