Merge commit from fork
* Fix domain blocks/rationales being visible to unapproved/unconfirmed users * Fix domain blocks/rationales being visible to suspended users Co-authored-by: Claire <claire.github-309c@sitedethib.com> * Allow moved users to view domain blocks * Add authorization specs for `/api/v1/instance/domain_blocks` spec * Fix tests * Fix incorrect test setup --------- Co-authored-by: Claire <claire.github-309c@sitedethib.com>
This commit is contained in:
		
					parent
					
						
							
								06f879ce9b
							
						
					
				
			
			
				commit
				
					
						6b519cfefa
					
				
			
		
					 2 changed files with 94 additions and 9 deletions
				
			
		|  | @ -31,7 +31,7 @@ class Api::V1::Instances::DomainBlocksController < Api::V1::Instances::BaseContr | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def show_domain_blocks_to_user? |   def show_domain_blocks_to_user? | ||||||
|     Setting.show_domain_blocks == 'users' && user_signed_in? |     Setting.show_domain_blocks == 'users' && user_signed_in? && current_user.functional_or_moved? | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def set_domain_blocks |   def set_domain_blocks | ||||||
|  | @ -47,6 +47,6 @@ class Api::V1::Instances::DomainBlocksController < Api::V1::Instances::BaseContr | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def show_rationale_for_user? |   def show_rationale_for_user? | ||||||
|     Setting.show_domain_blocks_rationale == 'users' && user_signed_in? |     Setting.show_domain_blocks_rationale == 'users' && user_signed_in? && current_user.functional_or_moved? | ||||||
|   end |   end | ||||||
| end | end | ||||||
|  |  | ||||||
|  | @ -4,9 +4,10 @@ require 'rails_helper' | ||||||
| 
 | 
 | ||||||
| RSpec.describe 'Domain Blocks' do | RSpec.describe 'Domain Blocks' do | ||||||
|   describe 'GET /api/v1/instance/domain_blocks' do |   describe 'GET /api/v1/instance/domain_blocks' do | ||||||
|     before do |     let(:user) { Fabricate(:user) } | ||||||
|       Fabricate(:domain_block) |     let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id).token } | ||||||
|     end | 
 | ||||||
|  |     before { Fabricate(:domain_block) } | ||||||
| 
 | 
 | ||||||
|     context 'with domain blocks set to all' do |     context 'with domain blocks set to all' do | ||||||
|       before { Setting.show_domain_blocks = 'all' } |       before { Setting.show_domain_blocks = 'all' } | ||||||
|  | @ -30,11 +31,95 @@ RSpec.describe 'Domain Blocks' do | ||||||
|     context 'with domain blocks set to users' do |     context 'with domain blocks set to users' do | ||||||
|       before { Setting.show_domain_blocks = 'users' } |       before { Setting.show_domain_blocks = 'users' } | ||||||
| 
 | 
 | ||||||
|       it 'returns http not found' do |       context 'without authentication token' do | ||||||
|         get api_v1_instance_domain_blocks_path |         it 'returns http not found' do | ||||||
|  |           get api_v1_instance_domain_blocks_path | ||||||
| 
 | 
 | ||||||
|         expect(response) |           expect(response) | ||||||
|           .to have_http_status(404) |             .to have_http_status(404) | ||||||
|  |         end | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       context 'with authentication token' do | ||||||
|  |         context 'with unapproved user' do | ||||||
|  |           before { user.update(approved: false) } | ||||||
|  | 
 | ||||||
|  |           it 'returns http not found' do | ||||||
|  |             get api_v1_instance_domain_blocks_path, headers: { 'Authorization' => "Bearer #{token}" } | ||||||
|  | 
 | ||||||
|  |             expect(response) | ||||||
|  |               .to have_http_status(404) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|  |         context 'with unconfirmed user' do | ||||||
|  |           before { user.update(confirmed_at: nil) } | ||||||
|  | 
 | ||||||
|  |           it 'returns http not found' do | ||||||
|  |             get api_v1_instance_domain_blocks_path, headers: { 'Authorization' => "Bearer #{token}" } | ||||||
|  | 
 | ||||||
|  |             expect(response) | ||||||
|  |               .to have_http_status(404) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|  |         context 'with disabled user' do | ||||||
|  |           before { user.update(disabled: true) } | ||||||
|  | 
 | ||||||
|  |           it 'returns http not found' do | ||||||
|  |             get api_v1_instance_domain_blocks_path, headers: { 'Authorization' => "Bearer #{token}" } | ||||||
|  | 
 | ||||||
|  |             expect(response) | ||||||
|  |               .to have_http_status(404) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|  |         context 'with suspended user' do | ||||||
|  |           before { user.account.update(suspended_at: Time.zone.now) } | ||||||
|  | 
 | ||||||
|  |           it 'returns http not found' do | ||||||
|  |             get api_v1_instance_domain_blocks_path, headers: { 'Authorization' => "Bearer #{token}" } | ||||||
|  | 
 | ||||||
|  |             expect(response) | ||||||
|  |               .to have_http_status(403) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|  |         context 'with moved user' do | ||||||
|  |           before { user.account.update(moved_to_account_id: Fabricate(:account).id) } | ||||||
|  | 
 | ||||||
|  |           it 'returns http success' do | ||||||
|  |             get api_v1_instance_domain_blocks_path, headers: { 'Authorization' => "Bearer #{token}" } | ||||||
|  | 
 | ||||||
|  |             expect(response) | ||||||
|  |               .to have_http_status(200) | ||||||
|  | 
 | ||||||
|  |             expect(response.content_type) | ||||||
|  |               .to start_with('application/json') | ||||||
|  | 
 | ||||||
|  |             expect(response.parsed_body) | ||||||
|  |               .to be_present | ||||||
|  |               .and(be_an(Array)) | ||||||
|  |               .and(have_attributes(size: 1)) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|  |         context 'with normal user' do | ||||||
|  |           it 'returns http success' do | ||||||
|  |             get api_v1_instance_domain_blocks_path, headers: { 'Authorization' => "Bearer #{token}" } | ||||||
|  | 
 | ||||||
|  |             expect(response) | ||||||
|  |               .to have_http_status(200) | ||||||
|  | 
 | ||||||
|  |             expect(response.content_type) | ||||||
|  |               .to start_with('application/json') | ||||||
|  | 
 | ||||||
|  |             expect(response.parsed_body) | ||||||
|  |               .to be_present | ||||||
|  |               .and(be_an(Array)) | ||||||
|  |               .and(have_attributes(size: 1)) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|       end |       end | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue