From 02833e133c4af66de85a3594b4d38ae5da664348 Mon Sep 17 00:00:00 2001 From: Blake Erickson Date: Wed, 26 Aug 2020 19:05:33 -0600 Subject: [PATCH] FIX: Suspend API to require `suspend_until` and `reason` params These fields are required when using the UI and if `suspend_until` params isn't used the user never is actually suspended so we should require these fields when suspending a user. --- app/controllers/admin/users_controller.rb | 2 ++ spec/requests/admin/users_controller_spec.rb | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 921c589865d..0deed95a8ab 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -92,6 +92,8 @@ class Admin::UsersController < Admin::AdminController def suspend guardian.ensure_can_suspend!(@user) + params.require([:suspend_until, :reason]) + @user.suspended_till = params[:suspend_until] @user.suspended_at = DateTime.now diff --git a/spec/requests/admin/users_controller_spec.rb b/spec/requests/admin/users_controller_spec.rb index e010f365bf0..14a6cb0196b 100644 --- a/spec/requests/admin/users_controller_spec.rb +++ b/spec/requests/admin/users_controller_spec.rb @@ -149,6 +149,22 @@ RSpec.describe Admin::UsersController do expect(log.details).to match(/because I said so/) end + it "requires suspend_until and reason" do + expect(user).not_to be_suspended + put "/admin/users/#{user.id}/suspend.json", params: {} + expect(response.status).to eq(400) + user.reload + expect(user).not_to be_suspended + + expect(user).not_to be_suspended + put "/admin/users/#{user.id}/suspend.json", params: { + suspend_until: 5.hours.from_now + } + expect(response.status).to eq(400) + user.reload + expect(user).not_to be_suspended + end + context "with an associated post" do it "can have an associated post" do put "/admin/users/#{user.id}/suspend.json", params: suspend_params