closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16580 Commits
4 Branches
567 MiB
Tree: 9a3d91f629
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9a3d91f629'
${ noResults }
mastodon/spec/controllers/api/v1/admin/accounts_controller_spec.rb

212 lines
5.9 KiB
Raw Normal View History

Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Refactor and improve tests (#17386) * Change account and user fabricators to simplify and improve tests - `Fabricate(:account)` implicitly fabricates an associated `user` if no `domain` attribute is given (an account with `domain: nil` is considered a local account, but no user record was created), unless `user: nil` is passed - `Fabricate(:account, user: Fabricate(:user))` should still be possible but is discouraged. * Fix and refactor tests - avoid passing unneeded attributes to `Fabricate(:user)` or `Fabricate(:account)` - avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other way around - prefer `Fabricate(:user, account_attributes: …)` to `Fabricate(:user, account: Fabricate(:account, …)` - also, some tests were using remote accounts with local user records, which is not representative of production code.
2 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Refactor and improve tests (#17386) * Change account and user fabricators to simplify and improve tests - `Fabricate(:account)` implicitly fabricates an associated `user` if no `domain` attribute is given (an account with `domain: nil` is considered a local account, but no user record was created), unless `user: nil` is passed - `Fabricate(:account, user: Fabricate(:user))` should still be possible but is discouraged. * Fix and refactor tests - avoid passing unneeded attributes to `Fabricate(:user)` or `Fabricate(:account)` - avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other way around - prefer `Fabricate(:user, account_attributes: …)` to `Fabricate(:user, account: Fabricate(:account, …)` - also, some tests were using remote accounts with local user records, which is not representative of production code.
2 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Fix /api/v1/admin/accounts (#17887) * Fix /api/v1/admin/accounts Compatibility was broken since #17009 which changed the underlying filter class without changing the controller. This commits restore support for the old parameters. * Add /api/v2/admin/accounts with the new parameters * Add tests * Add missing filter for `silenced` status Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Fix /api/v1/admin/accounts (#17887) * Fix /api/v1/admin/accounts Compatibility was broken since #17009 which changed the underlying filter class without changing the controller. This commits restore support for the old parameters. * Add /api/v2/admin/accounts with the new parameters * Add tests * Add missing filter for `silenced` status Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Fix /api/v1/admin/accounts (#17887) * Fix /api/v1/admin/accounts Compatibility was broken since #17009 which changed the underlying filter class without changing the controller. This commits restore support for the old parameters. * Add /api/v2/admin/accounts with the new parameters * Add tests * Add missing filter for `silenced` status Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Log admin approve and reject account (#22088) * Log admin approve and reject account * Add unit tests for approve and reject logging
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Log admin approve and reject account (#22088) * Log admin approve and reject account * Add unit tests for approve and reject logging
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add account sensitized (#14361) * Add account sensitized * Fix i18n normalize * Fix description and spec * Fix spec * Fix wording
3 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add account sensitized (#14361) * Add account sensitized * Fix i18n normalize * Fix description and spec * Fix spec * Fix wording
3 years ago
Spelling (#17705) * spelling: account Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: affiliated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: appearance Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: autosuggest Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: cacheable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: component Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: conversations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: domain.example Clarify what's distinct and use RFC friendly domain space. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: environment Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: exceeds Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: functional Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inefficiency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: not Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: notifications Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: occurring Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: position Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: progress Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: promotable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: reblogging Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repetitive Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resolve Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: saturated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: similar Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strategies Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: targeting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: thumbnails Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unauthorized Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unsensitizes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: validations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: various Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2 years ago
Add account sensitized (#14361) * Add account sensitized * Fix i18n normalize * Fix description and spec * Fix spec * Fix wording
3 years ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
Add customizable user roles (#18641) * Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
1 year ago
Add moderation API (#9387) Fix #8580 Fix #7143
5 years ago
 
  1. require 'rails_helper'
  2. 

  3. RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
  4.   render_views
  5. 

  6.   let(:role)   { UserRole.find_by(name: 'Moderator') }
  7.   let(:user)   { Fabricate(:user, role: role) }
  8.   let(:scopes) { 'admin:read admin:write' }
  9.   let(:token)  { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
  10.   let(:account) { Fabricate(:account) }
  11. 

  12.   before do
  13.     allow(controller).to receive(:doorkeeper_token) { token }
  14.   end
  15. 

  16.   shared_examples 'forbidden for wrong scope' do |wrong_scope|
  17.     let(:scopes) { wrong_scope }
  18. 

  19.     it 'returns http forbidden' do
  20.       expect(response).to have_http_status(403)
  21.     end
  22.   end
  23. 

  24.   shared_examples 'forbidden for wrong role' do |wrong_role|
  25.     let(:role) { UserRole.find_by(name: wrong_role) }
  26. 

  27.     it 'returns http forbidden' do
  28.       expect(response).to have_http_status(403)
  29.     end
  30.   end
  31. 

  32.   describe 'GET #index' do
  33.     let!(:remote_account)       { Fabricate(:account, domain: 'example.org') }
  34.     let!(:other_remote_account) { Fabricate(:account, domain: 'foo.bar') }
  35.     let!(:suspended_account)    { Fabricate(:account, suspended: true) }
  36.     let!(:suspended_remote)     { Fabricate(:account, domain: 'foo.bar', suspended: true) }
  37.     let!(:disabled_account)     { Fabricate(:user, disabled: true).account }
  38.     let!(:pending_account)      { Fabricate(:user, approved: false).account }
  39.     let!(:admin_account)        { user.account }
  40. 

  41.     let(:params) { {} }
  42. 

  43.     before do
  44.       pending_account.user.update(approved: false)
  45.       get :index, params: params
  46.     end
  47. 

  48.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  49.     it_behaves_like 'forbidden for wrong role', ''
  50. 

  51.     [
  52.       [{ active: 'true', local: 'true', staff: 'true' }, [:admin_account]],
  53.       [{ by_domain: 'example.org', remote: 'true' }, [:remote_account]],
  54.       [{ suspended: 'true' }, [:suspended_account]],
  55.       [{ disabled: 'true' }, [:disabled_account]],
  56.       [{ pending: 'true' }, [:pending_account]],
  57.     ].each do |params, expected_results|
  58.       context "when called with #{params.inspect}" do
  59.         let(:params) { params }
  60. 

  61.         it 'returns http success' do
  62.           expect(response).to have_http_status(200)
  63.         end
  64. 

  65.         it "returns the correct accounts (#{expected_results.inspect})" do
  66.           json = body_as_json
  67. 

  68.           expect(json.map { |a| a[:id].to_i }).to eq (expected_results.map { |symbol| send(symbol).id })
  69.         end
  70.       end
  71.     end
  72.   end
  73. 

  74.   describe 'GET #show' do
  75.     before do
  76.       get :show, params: { id: account.id }
  77.     end
  78. 

  79.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  80.     it_behaves_like 'forbidden for wrong role', ''
  81. 

  82.     it 'returns http success' do
  83.       expect(response).to have_http_status(200)
  84.     end
  85.   end
  86. 

  87.   describe 'POST #approve' do
  88.     before do
  89.       account.user.update(approved: false)
  90.       post :approve, params: { id: account.id }
  91.     end
  92. 

  93.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  94.     it_behaves_like 'forbidden for wrong role', ''
  95. 

  96.     it 'returns http success' do
  97.       expect(response).to have_http_status(200)
  98.     end
  99. 

  100.     it 'approves user' do
  101.       expect(account.reload.user_approved?).to be true
  102.     end
  103. 

  104.     it 'logs action' do
  105.       log_item = Admin::ActionLog.last
  106. 

  107.       expect(log_item).to_not be_nil
  108.       expect(log_item.action).to eq :approve
  109.       expect(log_item.account_id).to eq user.account_id
  110.       expect(log_item.target_id).to eq account.user.id
  111.     end
  112.   end
  113. 

  114.   describe 'POST #reject' do
  115.     before do
  116.       account.user.update(approved: false)
  117.       post :reject, params: { id: account.id }
  118.     end
  119. 

  120.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  121.     it_behaves_like 'forbidden for wrong role', ''
  122. 

  123.     it 'returns http success' do
  124.       expect(response).to have_http_status(200)
  125.     end
  126. 

  127.     it 'removes user' do
  128.       expect(User.where(id: account.user.id).count).to eq 0

  129.     end
  130. 

  131.     it 'logs action' do
  132.       log_item = Admin::ActionLog.last
  133. 

  134.       expect(log_item).to_not be_nil
  135.       expect(log_item.action).to eq :reject
  136.       expect(log_item.account_id).to eq user.account_id
  137.       expect(log_item.target_id).to eq account.user.id
  138.     end
  139.   end
  140. 

  141.   describe 'POST #enable' do
  142.     before do
  143.       account.user.update(disabled: true)
  144.       post :enable, params: { id: account.id }
  145.     end
  146. 

  147.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  148.     it_behaves_like 'forbidden for wrong role', ''
  149. 

  150.     it 'returns http success' do
  151.       expect(response).to have_http_status(200)
  152.     end
  153. 

  154.     it 'enables user' do
  155.       expect(account.reload.user_disabled?).to be false
  156.     end
  157.   end
  158. 

  159.   describe 'POST #unsuspend' do
  160.     before do
  161.       account.suspend!
  162.       post :unsuspend, params: { id: account.id }
  163.     end
  164. 

  165.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  166.     it_behaves_like 'forbidden for wrong role', ''
  167. 

  168.     it 'returns http success' do
  169.       expect(response).to have_http_status(200)
  170.     end
  171. 

  172.     it 'unsuspends account' do
  173.       expect(account.reload.suspended?).to be false
  174.     end
  175.   end
  176. 

  177.   describe 'POST #unsensitive' do
  178.     before do
  179.       account.touch(:sensitized_at)
  180.       post :unsensitive, params: { id: account.id }
  181.     end
  182. 

  183.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  184.     it_behaves_like 'forbidden for wrong role', ''
  185. 

  186.     it 'returns http success' do
  187.       expect(response).to have_http_status(200)
  188.     end
  189. 

  190.     it 'unsensitizes account' do
  191.       expect(account.reload.sensitized?).to be false
  192.     end
  193.   end
  194. 

  195.   describe 'POST #unsilence' do
  196.     before do
  197.       account.touch(:silenced_at)
  198.       post :unsilence, params: { id: account.id }
  199.     end
  200. 

  201.     it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  202.     it_behaves_like 'forbidden for wrong role', ''
  203. 

  204.     it 'returns http success' do
  205.       expect(response).to have_http_status(200)
  206.     end
  207. 

  208.     it 'unsilences account' do
  209.       expect(account.reload.silenced?).to be false
  210.     end
  211.   end
  212. end