discourse/spec/models/reviewable_user_spec.rb

# frozen_string_literal: true

require 'rails_helper'

RSpec.describe ReviewableUser, type: :model do

  fab!(:moderator) { Fabricate(:moderator) }
  let(:user) do
    user = Fabricate(:user)
    user.activate
    user
  end
  fab!(:admin) { Fabricate(:admin) }

  context "actions_for" do
    fab!(:reviewable) { Fabricate(:reviewable) }
    it "returns correct actions in the pending state" do
      actions = reviewable.actions_for(Guardian.new(moderator))
      expect(actions.has?(:approve_user)).to eq(true)
      expect(actions.has?(:reject_user_delete)).to eq(true)
      expect(actions.has?(:reject_user_block)).to eq(true)
    end

    it "doesn't return anything in the approved state" do
      reviewable.status = Reviewable.statuses[:approved]
      actions = reviewable.actions_for(Guardian.new(moderator))
      expect(actions.has?(:approve_user)).to eq(false)
      expect(actions.has?(:reject_user_delete)).to eq(false)
    end
  end

  context "#update_fields" do
    fab!(:moderator) { Fabricate(:moderator) }
    fab!(:reviewable) { Fabricate(:reviewable) }

    it "doesn't raise errors with an empty update" do
      expect(reviewable.update_fields(nil, moderator)).to eq(true)
      expect(reviewable.update_fields({}, moderator)).to eq(true)
    end
  end

  context "when a user is deleted" do
    it "should reject the reviewable" do
      SiteSetting.must_approve_users = true
      Jobs::CreateUserReviewable.new.execute(user_id: user.id)
      reviewable = Reviewable.find_by(target: user)
      expect(reviewable.pending?).to eq(true)

      UserDestroyer.new(Discourse.system_user).destroy(user)
      expect(reviewable.reload.rejected?).to eq(true)
    end
  end

  context "perform" do
    fab!(:reviewable) { Fabricate(:reviewable) }
    context "approve" do
      it "allows us to approve a user" do
        result = reviewable.perform(moderator, :approve_user)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.approved?).to eq(true)
        expect(reviewable.target.approved?).to eq(true)
        expect(reviewable.target.approved_by_id).to eq(moderator.id)
        expect(reviewable.target.approved_at).to be_present
        expect(reviewable.version > 0).to eq(true)
      end

      it "allows us to reject a user" do
        result = reviewable.perform(moderator, :reject_user_delete)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.rejected?).to eq(true)

        # Rejecting deletes the user record
        reviewable.reload
        expect(reviewable.target).to be_blank
      end

      it "allows us to reject and block a user" do
        email = reviewable.target.email
        ip = reviewable.target.ip_address

        result = reviewable.perform(moderator, :reject_user_block)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.rejected?).to eq(true)

        # Rejecting deletes the user record
        reviewable.reload
        expect(reviewable.target).to be_blank

        expect(ScreenedEmail.should_block?(email)).to eq(true)
        expect(ScreenedIpAddress.should_block?(ip)).to eq(true)
      end

      it "allows us to reject a user who has posts" do
        Fabricate(:post, user: reviewable.target)
        result = reviewable.perform(moderator, :reject_user_delete)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.rejected?).to eq(true)

        # Rejecting deletes the user record
        reviewable.reload
        expect(reviewable.target).to be_present
        expect(reviewable.target.approved).to eq(false)
      end

      it "allows us to reject a user who has been deleted" do
        reviewable.target.destroy!
        reviewable.reload
        result = reviewable.perform(moderator, :reject_user_delete)
        expect(result.success?).to eq(true)
        expect(reviewable.rejected?).to eq(true)
        expect(reviewable.target).to be_blank
      end
    end
  end

  describe "changing must_approve_users" do
    it "will approve any existing users" do
      user = Fabricate(:user)
      expect(user).not_to be_approved
      SiteSetting.must_approve_users = true
      expect(user.reload).to be_approved
    end
  end

  describe 'when must_approve_users is true' do
    before do
      SiteSetting.must_approve_users = true
      Jobs.run_immediately!
    end

    it "creates the ReviewableUser for a user, with moderator access" do
      reviewable = ReviewableUser.find_by(target: user)
      expect(reviewable).to be_present
      expect(reviewable.reviewable_by_moderator).to eq(true)
    end

    context "email jobs" do
      let(:reviewable) { ReviewableUser.find_by(target: user) }
      before do
        reviewable

        # We can ignore these notifications for the purpose of this test
        Jobs.stubs(:enqueue).with(:notify_reviewable, has_key(:reviewable_id))
      end

      after do
        ReviewableUser.find_by(target: user).perform(admin, :approve_user)
      end

      it "enqueues a 'signup after approval' email if must_approve_users is true" do
        Jobs.expects(:enqueue).with(
          :critical_user_email, has_entries(type: :signup_after_approval)
        )
      end

      it "doesn't enqueue a 'signup after approval' email if must_approve_users is false" do
        SiteSetting.must_approve_users = false
        Jobs.expects(:enqueue).with(
          :critical_user_email, has_entries(type: :signup_after_approval)
        ).never
      end
    end

    it 'triggers a extensibility event' do
      user && admin # bypass the user_created event
      event = DiscourseEvent.track_events {
        ReviewableUser.find_by(target: user).perform(admin, :approve_user)
      }.first

      expect(event[:event_name]).to eq(:user_approved)
      expect(event[:params].first).to eq(user)
    end

    it 'triggers a extensibility event' do
      user && admin # bypass the user_created event
      event = DiscourseEvent.track_events {
        ReviewableUser.find_by(target: user).perform(admin, :approve_user)
      }.first

      expect(event[:event_name]).to eq(:user_approved)
      expect(event[:params].first).to eq(user)
    end
  end

end
DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction 2019-04-29 20:27:42 -04:00			`# frozen_string_literal: true`

FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`require 'rails_helper'`

			`RSpec.describe ReviewableUser, type: :model do`

DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:moderator) { Fabricate(:moderator) }`
FIX: Reviewables should not be created for users until they are active Conversely, if a user is deactivated the reviewable should automatically be rejected. Before this fix, if a user was not active they'd still show in the review queue but without an "Approve" button which was confusing. 2019-04-03 12:04:05 -04:00			`let(:user) do`
			`user = Fabricate(:user)`
			`user.activate`
			`user`
			`end`
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:admin) { Fabricate(:admin) }`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00
			`context "actions_for" do`
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:reviewable) { Fabricate(:reviewable) }`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`it "returns correct actions in the pending state" do`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`actions = reviewable.actions_for(Guardian.new(moderator))`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`expect(actions.has?(:approve_user)).to eq(true)`
			`expect(actions.has?(:reject_user_delete)).to eq(true)`
			`expect(actions.has?(:reject_user_block)).to eq(true)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`end`

			`it "doesn't return anything in the approved state" do`
			`reviewable.status = Reviewable.statuses[:approved]`
			`actions = reviewable.actions_for(Guardian.new(moderator))`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`expect(actions.has?(:approve_user)).to eq(false)`
			`expect(actions.has?(:reject_user_delete)).to eq(false)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`end`
			`end`

			`context "#update_fields" do`
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:moderator) { Fabricate(:moderator) }`
			`fab!(:reviewable) { Fabricate(:reviewable) }`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00
			`it "doesn't raise errors with an empty update" do`
			`expect(reviewable.update_fields(nil, moderator)).to eq(true)`
			`expect(reviewable.update_fields({}, moderator)).to eq(true)`
			`end`
			`end`

FIX: Deleting Users should work nicely with Reviewable Users "Rejecting" a user in the queue is equivalent to deleting them, which would then making it impossible to review rejected users. Now we store information about the user in the payload so if they are deleted things still display in the Rejected view. Secondly, if a user is destroyed outside of the review queue, it will now automatically "Reject" that queue item. 2019-04-03 16:41:04 -04:00			`context "when a user is deleted" do`
			`it "should reject the reviewable" do`
FEATURE: Display the reason for many reviewable items Queued Posts and Users will now display a reason why they are in the review queue. 2019-04-11 11:11:35 -04:00			`SiteSetting.must_approve_users = true`
FIX: Deleting Users should work nicely with Reviewable Users "Rejecting" a user in the queue is equivalent to deleting them, which would then making it impossible to review rejected users. Now we store information about the user in the payload so if they are deleted things still display in the Rejected view. Secondly, if a user is destroyed outside of the review queue, it will now automatically "Reject" that queue item. 2019-04-03 16:41:04 -04:00			`Jobs::CreateUserReviewable.new.execute(user_id: user.id)`
			`reviewable = Reviewable.find_by(target: user)`
			`expect(reviewable.pending?).to eq(true)`

			`UserDestroyer.new(Discourse.system_user).destroy(user)`
			`expect(reviewable.reload.rejected?).to eq(true)`
			`end`
			`end`

FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`context "perform" do`
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:reviewable) { Fabricate(:reviewable) }`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`context "approve" do`
			`it "allows us to approve a user" do`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`result = reviewable.perform(moderator, :approve_user)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.approved?).to eq(true)`
			`expect(reviewable.target.approved?).to eq(true)`
			`expect(reviewable.target.approved_by_id).to eq(moderator.id)`
			`expect(reviewable.target.approved_at).to be_present`
			`expect(reviewable.version > 0).to eq(true)`
			`end`

			`it "allows us to reject a user" do`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`result = reviewable.perform(moderator, :reject_user_delete)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.rejected?).to eq(true)`

			`# Rejecting deletes the user record`
			`reviewable.reload`
			`expect(reviewable.target).to be_blank`
			`end`
FIX: Allow users with posts to be rejected 2019-03-29 13:52:53 -04:00
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`it "allows us to reject and block a user" do`
			`email = reviewable.target.email`
			`ip = reviewable.target.ip_address`

			`result = reviewable.perform(moderator, :reject_user_block)`
			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.rejected?).to eq(true)`

			`# Rejecting deletes the user record`
			`reviewable.reload`
			`expect(reviewable.target).to be_blank`

			`expect(ScreenedEmail.should_block?(email)).to eq(true)`
			`expect(ScreenedIpAddress.should_block?(ip)).to eq(true)`
			`end`

FIX: Allow users with posts to be rejected 2019-03-29 13:52:53 -04:00			`it "allows us to reject a user who has posts" do`
			`Fabricate(:post, user: reviewable.target)`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`result = reviewable.perform(moderator, :reject_user_delete)`
FIX: Allow users with posts to be rejected 2019-03-29 13:52:53 -04:00			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.rejected?).to eq(true)`

			`# Rejecting deletes the user record`
			`reviewable.reload`
			`expect(reviewable.target).to be_present`
			`expect(reviewable.target.approved).to eq(false)`
			`end`
FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:14 -04:00
			`it "allows us to reject a user who has been deleted" do`
			`reviewable.target.destroy!`
			`reviewable.reload`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`result = reviewable.perform(moderator, :reject_user_delete)`
FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:14 -04:00			`expect(result.success?).to eq(true)`
			`expect(reviewable.rejected?).to eq(true)`
			`expect(reviewable.target).to be_blank`
			`end`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`end`
			`end`

FIX: Better handling for toggling `must_approve_users` If you turn it on now, default all users to approved since they were previously. Also support approving a user that doesn't have a reviewable record (it will be created first.) This also includes a refactor to move class method calls to `DiscourseEvent` into an initializer. Otherwise the load order of classes makes a difference in the test environment and some settings might be triggered and others not, randomly. 2019-04-16 14:42:47 -04:00			`describe "changing must_approve_users" do`
			`it "will approve any existing users" do`
			`user = Fabricate(:user)`
			`expect(user).not_to be_approved`
			`SiteSetting.must_approve_users = true`
			`expect(user.reload).to be_approved`
			`end`
			`end`

FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`describe 'when must_approve_users is true' do`
			`before do`
			`SiteSetting.must_approve_users = true`
FIX: Reviewables should not be created for users until they are active Conversely, if a user is deactivated the reviewable should automatically be rejected. Before this fix, if a user was not active they'd still show in the review queue but without an "Approve" button which was confusing. 2019-04-03 12:04:05 -04:00			`Jobs.run_immediately!`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`end`

			`it "creates the ReviewableUser for a user, with moderator access" do`
			`reviewable = ReviewableUser.find_by(target: user)`
			`expect(reviewable).to be_present`
			`expect(reviewable.reviewable_by_moderator).to eq(true)`
			`end`

			`context "email jobs" do`
			`let(:reviewable) { ReviewableUser.find_by(target: user) }`
			`before do`
			`reviewable`

			`# We can ignore these notifications for the purpose of this test`
			`Jobs.stubs(:enqueue).with(:notify_reviewable, has_key(:reviewable_id))`
			`end`

			`after do`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`ReviewableUser.find_by(target: user).perform(admin, :approve_user)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`end`

			`it "enqueues a 'signup after approval' email if must_approve_users is true" do`
			`Jobs.expects(:enqueue).with(`
			`:critical_user_email, has_entries(type: :signup_after_approval)`
			`)`
			`end`

			`it "doesn't enqueue a 'signup after approval' email if must_approve_users is false" do`
			`SiteSetting.must_approve_users = false`
			`Jobs.expects(:enqueue).with(`
			`:critical_user_email, has_entries(type: :signup_after_approval)`
			`).never`
			`end`
			`end`

			`it 'triggers a extensibility event' do`
			`user && admin # bypass the user_created event`
			`event = DiscourseEvent.track_events {`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`ReviewableUser.find_by(target: user).perform(admin, :approve_user)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`}.first`

			`expect(event[:event_name]).to eq(:user_approved)`
			`expect(event[:params].first).to eq(user)`
			`end`

			`it 'triggers a extensibility event' do`
			`user && admin # bypass the user_created event`
			`event = DiscourseEvent.track_events {`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`ReviewableUser.find_by(target: user).perform(admin, :approve_user)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`}.first`

			`expect(event[:event_name]).to eq(:user_approved)`
			`expect(event[:params].first).to eq(user)`
			`end`
			`end`

			`end`