Add revoke all actions to received blocks resource

2024-12-24 07:50:29 +03:00 · 2024-12-24 07:50:29 +03:00 · df1c59280f
commit df1c59280f
parent 2df389c97e
10 changed files with 120 additions and 115 deletions
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@ -56,7 +56,7 @@ class Ability
          can [:read, :resolve, :ignore, :reopen], Issue
          can :create, IssueComment
          can [:create, :update, :destroy], Redaction
-          can [:create, :revoke_all], UserBlock
+          can [:create, :destroy], UserBlock
          can :update, UserBlock, :creator => user
          can :update, UserBlock, :revoker => user
          can :update, UserBlock, :active? => true
--- a/app/controllers/user_blocks_controller.rb
+++ b/app/controllers/user_blocks_controller.rb
@ -9,11 +9,11 @@ class UserBlocksController < ApplicationController

  authorize_resource

-  before_action :lookup_user, :only => [:new, :create, :revoke_all]
+  before_action :lookup_user, :only => [:new, :create]
  before_action :lookup_user_block, :only => [:show, :edit, :update]
  before_action :require_valid_params, :only => [:create, :update]
  before_action :check_database_readable
-  before_action :check_database_writable, :only => [:create, :update, :revoke_all]
+  before_action :check_database_writable, :only => [:create, :update]

  def index
    @params = params.permit
@ -105,16 +105,6 @@ class UserBlocksController < ApplicationController
    end
  end

-  ##
-  # revokes all active blocks
-  def revoke_all
-    if request.post? && params[:confirm]
-      @user.blocks.active.each { |block| block.revoke!(current_user) }
-      flash[:notice] = t ".flash"
-      redirect_to user_received_blocks_path(@user)
-    end
-  end
-
  private

  ##
--- a/app/controllers/users/received_blocks_controller.rb
+++ b/app/controllers/users/received_blocks_controller.rb
@ -12,6 +12,7 @@ module Users

    before_action :lookup_user
    before_action :check_database_readable
+    before_action :check_database_writable, :only => :destroy

    ##
    # shows a list of all the blocks on the given user
@ -27,5 +28,21 @@ module Users

      render :partial => "user_blocks/page" if turbo_frame_request_id == "pagination"
    end
+
+    ##
+    # shows revoke all active blocks page
+    def edit; end
+
+    ##
+    # revokes all active blocks
+    def destroy
+      if params[:confirm]
+        @user.blocks.active.each { |block| block.revoke!(current_user) }
+        flash[:notice] = t ".flash"
+        redirect_to user_received_blocks_path(@user)
+      else
+        render :action => :edit
+      end
+    end
  end
 end
--- a/app/views/users/received_blocks/edit.html.erb
+++ b/app/views/users/received_blocks/edit.html.erb
@ -6,7 +6,7 @@

 <% unless @user.blocks.active.empty? %>

-  <%= bootstrap_form_for :revoke_all, :url => { :action => "revoke_all" } do |f| %>
+  <%= bootstrap_form_for :revoke_all, :url => { :action => :destroy }, :method => :delete do |f| %>
    <div class="mb-3">
      <div class="form-check">
        <%= check_box_tag "confirm", "yes", false, { :class => "form-check-input" } %>
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -105,9 +105,9 @@
              </li>
            <% end %>

-            <% if can?(:revoke_all, UserBlock) and @user.blocks.active.exists? %>
+            <% if can?(:destroy, UserBlock) and @user.blocks.active.exists? %>
              <li>
-                <%= link_to t(".revoke_all_blocks"), revoke_all_user_blocks_path(@user) %>
+                <%= link_to t(".revoke_all_blocks"), edit_user_received_blocks_path(@user) %>
              </li>
            <% end %>

--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -2856,6 +2856,17 @@ en:
        title: "Blocks on %{name}"
        heading_html: "List of Blocks on %{name}"
        empty: "%{name} has not been blocked yet."
+      edit:
+        title: "Revoking all blocks on %{block_on}"
+        heading_html: "Revoking all blocks on %{block_on}"
+        empty: "%{name} has no active blocks."
+        confirm: "Are you sure you wish to revoke %{active_blocks}?"
+        active_blocks:
+          one: "%{count} active block"
+          other: "%{count} active blocks"
+        revoke: "Revoke!"
+      destroy:
+        flash: "All active blocks have been revoked."
    lists:
      show:
        title: Users
@ -2932,16 +2943,6 @@ en:
      title: "User blocks"
      heading: "List of user blocks"
      empty: "No blocks have been made yet."
-    revoke_all:
-      title: "Revoking all blocks on %{block_on}"
-      heading_html: "Revoking all blocks on %{block_on}"
-      empty: "%{name} has no active blocks."
-      confirm: "Are you sure you wish to revoke %{active_blocks}?"
-      active_blocks:
-        one: "%{count} active block"
-        other: "%{count} active blocks"
-      revoke: "Revoke!"
-      flash: "All active blocks have been revoked."
    helper:
      time_future_html: "Ends in %{time}."
      until_login: "Active until the user logs in."
--- a/config/routes.rb
+++ b/config/routes.rb
@ -273,7 +273,7 @@ OpenStreetMap::Application.routes.draw do
    resource :role, :controller => "user_roles", :path => "roles/:role", :only => [:create, :destroy]
    scope :module => :users do
      resource :issued_blocks, :path => "blocks_by", :only => :show
-      resource :received_blocks, :path => "blocks", :only => :show
+      resource :received_blocks, :path => "blocks", :only => [:show, :edit, :destroy]
    end
  end
  get "/user/:display_name/account", :to => redirect(:path => "/account/edit")
@ -335,7 +335,6 @@ OpenStreetMap::Application.routes.draw do

  # banning pages
  resources :user_blocks, :path_names => { :new => "new/:display_name" }
-  match "/user/:display_name/blocks/revoke_all" => "user_blocks#revoke_all", :via => [:get, :post], :as => "revoke_all_user_blocks"

  # issues and reports
  resources :issues do
--- a/test/controllers/user_blocks_controller_test.rb
+++ b/test/controllers/user_blocks_controller_test.rb
@ -36,15 +36,6 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
      { :path => "/user_blocks/1", :method => :delete },
      { :controller => "user_blocks", :action => "destroy", :id => "1" }
    )
-
-    assert_routing(
-      { :path => "/user/username/blocks/revoke_all", :method => :get },
-      { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
-    )
-    assert_routing(
-      { :path => "/user/username/blocks/revoke_all", :method => :post },
-      { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
-    )
  end

  ##
@ -598,83 +589,6 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
    assert_equal other_moderator_user, block.revoker
  end

-  ##
-  # test the revoke all page
-  def test_revoke_all_page
-    blocked_user = create(:user)
-    create(:user_block, :user => blocked_user)
-
-    # Asking for the revoke all blocks page with a bogus user name should fail
-    get user_received_blocks_path("non_existent_user")
-    assert_response :not_found
-
-    # Check that the revoke all blocks page requires us to login
-    get revoke_all_user_blocks_path(blocked_user)
-    assert_redirected_to login_path(:referer => revoke_all_user_blocks_path(blocked_user))
-
-    # Login as a normal user
-    session_for(create(:user))
-
-    # Check that normal users can't load the revoke all blocks page
-    get revoke_all_user_blocks_path(blocked_user)
-    assert_redirected_to :controller => "errors", :action => "forbidden"
-
-    # Login as a moderator
-    session_for(create(:moderator_user))
-
-    # Check that the revoke all blocks page loads for moderators
-    get revoke_all_user_blocks_path(blocked_user)
-    assert_response :success
-    assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
-  end
-
-  ##
-  # test the revoke all action
-  def test_revoke_all_action
-    blocked_user = create(:user)
-    active_block1 = create(:user_block, :user => blocked_user)
-    active_block2 = create(:user_block, :user => blocked_user)
-    expired_block1 = create(:user_block, :expired, :user => blocked_user)
-    blocks = [active_block1, active_block2, expired_block1]
-    moderator_user = create(:moderator_user)
-
-    assert_predicate active_block1, :active?
-    assert_predicate active_block2, :active?
-    assert_not_predicate expired_block1, :active?
-
-    # Login as a normal user
-    session_for(create(:user))
-
-    # Check that normal users can't load the block revoke page
-    get revoke_all_user_blocks_path(:blocked_user)
-    assert_redirected_to :controller => "errors", :action => "forbidden"
-
-    # Login as a moderator
-    session_for(moderator_user)
-
-    # Check that revoking blocks using GET should fail
-    get revoke_all_user_blocks_path(blocked_user, :confirm => true)
-    assert_response :success
-    assert_template "revoke_all"
-
-    blocks.each(&:reload)
-    assert_predicate active_block1, :active?
-    assert_predicate active_block2, :active?
-    assert_not_predicate expired_block1, :active?
-
-    # Check that revoking blocks works using POST
-    post revoke_all_user_blocks_path(blocked_user, :confirm => true)
-    assert_redirected_to user_received_blocks_path(blocked_user)
-
-    blocks.each(&:reload)
-    assert_not_predicate active_block1, :active?
-    assert_not_predicate active_block2, :active?
-    assert_not_predicate expired_block1, :active?
-    assert_equal moderator_user, active_block1.revoker
-    assert_equal moderator_user, active_block2.revoker
-    assert_not_equal moderator_user, expired_block1.revoker
-  end
-
  ##
  # test changes to end/deactivation dates
  def test_dates_when_viewed_before_end
--- a/test/controllers/users/received_blocks_controller_test.rb
+++ b/test/controllers/users/received_blocks_controller_test.rb
@ -12,6 +12,14 @@ module Users
        { :path => "/user/username/blocks", :method => :get },
        { :controller => "users/received_blocks", :action => "show", :user_display_name => "username" }
      )
+      assert_routing(
+        { :path => "/user/username/blocks/edit", :method => :get },
+        { :controller => "users/received_blocks", :action => "edit", :user_display_name => "username" }
+      )
+      assert_routing(
+        { :path => "/user/username/blocks", :method => :delete },
+        { :controller => "users/received_blocks", :action => "destroy", :user_display_name => "username" }
+      )
    end

    def test_show
@ -91,5 +99,81 @@ module Users
        assert_redirected_to :controller => "/errors", :action => :bad_request
      end
    end
+
+    ##
+    # test the revoke all blocks page
+    def test_edit
+      blocked_user = create(:user)
+      create(:user_block, :user => blocked_user)
+
+      # Asking for the revoke all blocks page with a bogus user name should fail
+      get user_received_blocks_path("non_existent_user")
+      assert_response :not_found
+
+      # Check that the revoke all blocks page requires us to login
+      get edit_user_received_blocks_path(blocked_user)
+      assert_redirected_to login_path(:referer => edit_user_received_blocks_path(blocked_user))
+
+      # Login as a normal user
+      session_for(create(:user))
+
+      # Check that normal users can't load the revoke all blocks page
+      get edit_user_received_blocks_path(blocked_user)
+      assert_redirected_to :controller => "/errors", :action => "forbidden"
+
+      # Login as a moderator
+      session_for(create(:moderator_user))
+
+      # Check that the revoke all blocks page loads for moderators
+      get edit_user_received_blocks_path(blocked_user)
+      assert_response :success
+      assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
+    end
+
+    ##
+    # test the revoke all action
+    def test_destroy
+      blocked_user = create(:user)
+      active_block1 = create(:user_block, :user => blocked_user)
+      active_block2 = create(:user_block, :user => blocked_user)
+      expired_block1 = create(:user_block, :expired, :user => blocked_user)
+      blocks = [active_block1, active_block2, expired_block1]
+      moderator_user = create(:moderator_user)
+
+      assert_predicate active_block1, :active?
+      assert_predicate active_block2, :active?
+      assert_not_predicate expired_block1, :active?
+
+      # Check that normal users can't revoke all blocks
+      session_for(create(:user))
+      delete user_received_blocks_path(blocked_user, :confirm => true)
+      assert_redirected_to :controller => "/errors", :action => "forbidden"
+
+      blocks.each(&:reload)
+      assert_predicate active_block1, :active?
+      assert_predicate active_block2, :active?
+      assert_not_predicate expired_block1, :active?
+
+      # Check that confirmation is required
+      session_for(moderator_user)
+      delete user_received_blocks_path(blocked_user)
+
+      blocks.each(&:reload)
+      assert_predicate active_block1, :active?
+      assert_predicate active_block2, :active?
+      assert_not_predicate expired_block1, :active?
+
+      # Check that moderators can revoke all blocks
+      delete user_received_blocks_path(blocked_user, :confirm => true)
+      assert_redirected_to user_received_blocks_path(blocked_user)
+
+      blocks.each(&:reload)
+      assert_not_predicate active_block1, :active?
+      assert_not_predicate active_block2, :active?
+      assert_not_predicate expired_block1, :active?
+      assert_equal moderator_user, active_block1.revoker
+      assert_equal moderator_user, active_block2.revoker
+      assert_not_equal moderator_user, expired_block1.revoker
+    end
  end
 end
--- a/test/system/user_blocks_test.rb
+++ b/test/system/user_blocks_test.rb
@ -31,7 +31,7 @@ class UserBlocksSystemTest < ApplicationSystemTestCase
    blocked_user = create(:user)
    sign_in_as(create(:moderator_user))

-    visit revoke_all_user_blocks_path(blocked_user)
+    visit edit_user_received_blocks_path(blocked_user)
    assert_title "Revoking all blocks on #{blocked_user.display_name}"
    assert_text "Revoking all blocks on #{blocked_user.display_name}"
    assert_no_button "Revoke!"