accounts_controller_spec.rb 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe Admin::AccountsController do
  4. render_views
  5. before { sign_in current_user, scope: :user }
  6. describe 'GET #index' do
  7. let(:current_user) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
  8. around do |example|
  9. default_per_page = Account.default_per_page
  10. Account.paginates_per 1
  11. example.run
  12. Account.paginates_per default_per_page
  13. end
  14. it 'filters with parameters' do
  15. new = AccountFilter.method(:new)
  16. expect(AccountFilter).to receive(:new) do |params|
  17. h = params.to_h
  18. expect(h[:origin]).to eq 'local'
  19. expect(h[:by_domain]).to eq 'domain'
  20. expect(h[:status]).to eq 'active'
  21. expect(h[:username]).to eq 'username'
  22. expect(h[:display_name]).to eq 'display name'
  23. expect(h[:email]).to eq 'local-part@domain'
  24. expect(h[:ip]).to eq '0.0.0.42'
  25. new.call({})
  26. end
  27. get :index, params: {
  28. origin: 'local',
  29. by_domain: 'domain',
  30. status: 'active',
  31. username: 'username',
  32. display_name: 'display name',
  33. email: 'local-part@domain',
  34. ip: '0.0.0.42',
  35. }
  36. end
  37. it 'paginates accounts' do
  38. Fabricate(:account)
  39. get :index, params: { page: 2 }
  40. accounts = assigns(:accounts)
  41. expect(accounts.count).to eq 1
  42. expect(accounts.klass).to be Account
  43. end
  44. it 'returns http success' do
  45. get :index
  46. expect(response).to have_http_status(200)
  47. end
  48. end
  49. describe 'GET #show' do
  50. let(:current_user) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
  51. let(:account) { Fabricate(:account) }
  52. it 'returns http success' do
  53. get :show, params: { id: account.id }
  54. expect(response).to have_http_status(200)
  55. end
  56. end
  57. describe 'POST #memorialize' do
  58. subject { post :memorialize, params: { id: account.id } }
  59. let(:current_user) { Fabricate(:user, role: current_role) }
  60. let(:account) { user.account }
  61. let(:user) { Fabricate(:user, role: target_role) }
  62. context 'when user is admin' do
  63. let(:current_role) { UserRole.find_by(name: 'Admin') }
  64. context 'when target user is admin' do
  65. let(:target_role) { UserRole.find_by(name: 'Admin') }
  66. it 'fails to memorialize account' do
  67. expect(subject).to have_http_status 403
  68. expect(account.reload).to_not be_memorial
  69. end
  70. end
  71. context 'when target user is not admin' do
  72. let(:target_role) { UserRole.find_by(name: 'Moderator') }
  73. it 'succeeds in memorializing account' do
  74. expect(subject).to redirect_to admin_account_path(account.id)
  75. expect(account.reload).to be_memorial
  76. end
  77. end
  78. end
  79. context 'when user is not admin' do
  80. let(:current_role) { UserRole.find_by(name: 'Moderator') }
  81. context 'when target user is admin' do
  82. let(:target_role) { UserRole.find_by(name: 'Admin') }
  83. it 'fails to memorialize account' do
  84. expect(subject).to have_http_status 403
  85. expect(account.reload).to_not be_memorial
  86. end
  87. end
  88. context 'when target user is not admin' do
  89. let(:target_role) { UserRole.find_by(name: 'Moderator') }
  90. it 'fails to memorialize account' do
  91. expect(subject).to have_http_status 403
  92. expect(account.reload).to_not be_memorial
  93. end
  94. end
  95. end
  96. end
  97. describe 'POST #enable' do
  98. subject { post :enable, params: { id: account.id } }
  99. let(:current_user) { Fabricate(:user, role: role) }
  100. let(:account) { user.account }
  101. let(:user) { Fabricate(:user, disabled: true) }
  102. context 'when user is admin' do
  103. let(:role) { UserRole.find_by(name: 'Admin') }
  104. it 'succeeds in enabling account' do
  105. expect(subject).to redirect_to admin_account_path(account.id)
  106. expect(user.reload).to_not be_disabled
  107. end
  108. end
  109. context 'when user is not admin' do
  110. let(:role) { UserRole.everyone }
  111. it 'fails to enable account' do
  112. expect(subject).to have_http_status 403
  113. expect(user.reload).to be_disabled
  114. end
  115. end
  116. end
  117. describe 'POST #approve' do
  118. subject { post :approve, params: { id: account.id } }
  119. let(:current_user) { Fabricate(:user, role: role) }
  120. let(:account) { user.account }
  121. let(:user) { Fabricate(:user) }
  122. before do
  123. account.user.update(approved: false)
  124. end
  125. context 'when user is admin' do
  126. let(:role) { UserRole.find_by(name: 'Admin') }
  127. it 'succeeds in approving account' do
  128. expect(subject).to redirect_to admin_accounts_path(status: 'pending')
  129. expect(user.reload).to be_approved
  130. end
  131. it 'logs action' do
  132. expect(subject).to have_http_status 302
  133. log_item = Admin::ActionLog.last
  134. expect(log_item).to_not be_nil
  135. expect(log_item.action).to eq :approve
  136. expect(log_item.account_id).to eq current_user.account_id
  137. expect(log_item.target_id).to eq account.user.id
  138. end
  139. end
  140. context 'when user is not admin' do
  141. let(:role) { UserRole.everyone }
  142. it 'fails to approve account' do
  143. expect(subject).to have_http_status 403
  144. expect(user.reload).to_not be_approved
  145. end
  146. end
  147. end
  148. describe 'POST #reject' do
  149. subject { post :reject, params: { id: account.id } }
  150. let(:current_user) { Fabricate(:user, role: role) }
  151. let(:account) { user.account }
  152. let(:user) { Fabricate(:user) }
  153. before do
  154. account.user.update(approved: false)
  155. end
  156. context 'when user is admin' do
  157. let(:role) { UserRole.find_by(name: 'Admin') }
  158. it 'succeeds in rejecting account' do
  159. expect(subject).to redirect_to admin_accounts_path(status: 'pending')
  160. end
  161. it 'logs action' do
  162. expect(subject).to have_http_status 302
  163. log_item = Admin::ActionLog.last
  164. expect(log_item).to_not be_nil
  165. expect(log_item.action).to eq :reject
  166. expect(log_item.account_id).to eq current_user.account_id
  167. expect(log_item.target_id).to eq account.user.id
  168. end
  169. end
  170. context 'when user is not admin' do
  171. let(:role) { UserRole.everyone }
  172. it 'fails to reject account' do
  173. expect(subject).to have_http_status 403
  174. expect(user.reload).to_not be_approved
  175. end
  176. end
  177. end
  178. describe 'POST #redownload' do
  179. subject { post :redownload, params: { id: account.id } }
  180. let(:current_user) { Fabricate(:user, role: role) }
  181. let(:account) { Fabricate(:account, domain: 'example.com') }
  182. before do
  183. allow_any_instance_of(ResolveAccountService).to receive(:call)
  184. end
  185. context 'when user is admin' do
  186. let(:role) { UserRole.find_by(name: 'Admin') }
  187. it 'succeeds in redownloading' do
  188. expect(subject).to redirect_to admin_account_path(account.id)
  189. end
  190. end
  191. context 'when user is not admin' do
  192. let(:role) { UserRole.everyone }
  193. it 'fails to redownload' do
  194. expect(subject).to have_http_status 403
  195. end
  196. end
  197. end
  198. describe 'POST #remove_avatar' do
  199. subject { post :remove_avatar, params: { id: account.id } }
  200. let(:current_user) { Fabricate(:user, role: role) }
  201. let(:account) { Fabricate(:account) }
  202. context 'when user is admin' do
  203. let(:role) { UserRole.find_by(name: 'Admin') }
  204. it 'succeeds in removing avatar' do
  205. expect(subject).to redirect_to admin_account_path(account.id)
  206. end
  207. end
  208. context 'when user is not admin' do
  209. let(:role) { UserRole.everyone }
  210. it 'fails to remove avatar' do
  211. expect(subject).to have_http_status 403
  212. end
  213. end
  214. end
  215. describe 'POST #unblock_email' do
  216. subject { post :unblock_email, params: { id: account.id } }
  217. let(:current_user) { Fabricate(:user, role: role) }
  218. let(:account) { Fabricate(:account, suspended: true) }
  219. let!(:email_block) { Fabricate(:canonical_email_block, reference_account: account) }
  220. context 'when user is admin' do
  221. let(:role) { UserRole.find_by(name: 'Admin') }
  222. it 'succeeds in removing email blocks' do
  223. expect { subject }.to change { CanonicalEmailBlock.where(reference_account: account).count }.from(1).to(0)
  224. end
  225. it 'redirects to admin account path' do
  226. subject
  227. expect(response).to redirect_to admin_account_path(account.id)
  228. end
  229. end
  230. context 'when user is not admin' do
  231. let(:role) { UserRole.everyone }
  232. it 'fails to remove avatar' do
  233. subject
  234. expect(response).to have_http_status 403
  235. end
  236. end
  237. end
  238. describe 'POST #unsensitive' do
  239. subject { post :unsensitive, params: { id: account.id } }
  240. let(:current_user) { Fabricate(:user, role: role) }
  241. let(:account) { Fabricate(:account, sensitized_at: 1.year.ago) }
  242. context 'when user is admin' do
  243. let(:role) { UserRole.find_by(name: 'Admin') }
  244. it 'marks accounts not sensitized' do
  245. subject
  246. expect(account.reload).to_not be_sensitized
  247. expect(response).to redirect_to admin_account_path(account.id)
  248. end
  249. end
  250. context 'when user is not admin' do
  251. let(:role) { UserRole.everyone }
  252. it 'fails to change account' do
  253. subject
  254. expect(response).to have_http_status 403
  255. end
  256. end
  257. end
  258. describe 'POST #unsilence' do
  259. subject { post :unsilence, params: { id: account.id } }
  260. let(:current_user) { Fabricate(:user, role: role) }
  261. let(:account) { Fabricate(:account, silenced_at: 1.year.ago) }
  262. context 'when user is admin' do
  263. let(:role) { UserRole.find_by(name: 'Admin') }
  264. it 'marks accounts not silenced' do
  265. subject
  266. expect(account.reload).to_not be_silenced
  267. expect(response).to redirect_to admin_account_path(account.id)
  268. end
  269. end
  270. context 'when user is not admin' do
  271. let(:role) { UserRole.everyone }
  272. it 'fails to change account' do
  273. subject
  274. expect(response).to have_http_status 403
  275. end
  276. end
  277. end
  278. describe 'POST #unsuspend' do
  279. subject { post :unsuspend, params: { id: account.id } }
  280. let(:current_user) { Fabricate(:user, role: role) }
  281. let(:account) { Fabricate(:account) }
  282. before do
  283. account.suspend!
  284. end
  285. context 'when user is admin' do
  286. let(:role) { UserRole.find_by(name: 'Admin') }
  287. it 'marks accounts not suspended' do
  288. subject
  289. expect(account.reload).to_not be_suspended
  290. expect(response).to redirect_to admin_account_path(account.id)
  291. end
  292. end
  293. context 'when user is not admin' do
  294. let(:role) { UserRole.everyone }
  295. it 'fails to change account' do
  296. subject
  297. expect(response).to have_http_status 403
  298. end
  299. end
  300. end
  301. describe 'POST #destroy' do
  302. subject { post :destroy, params: { id: account.id } }
  303. let(:current_user) { Fabricate(:user, role: role) }
  304. let(:account) { Fabricate(:account) }
  305. before do
  306. account.suspend!
  307. end
  308. context 'when user is admin' do
  309. let(:role) { UserRole.find_by(name: 'Admin') }
  310. before do
  311. allow(Admin::AccountDeletionWorker).to receive(:perform_async).with(account.id)
  312. end
  313. it 'destroys the account' do
  314. subject
  315. expect(Admin::AccountDeletionWorker).to have_received(:perform_async).with(account.id)
  316. expect(response).to redirect_to admin_account_path(account.id)
  317. end
  318. end
  319. context 'when user is not admin' do
  320. let(:role) { UserRole.everyone }
  321. it 'fails to change account' do
  322. subject
  323. expect(response).to have_http_status 403
  324. end
  325. end
  326. end
  327. end