From b5bf182ad548eeb9654357746cad5a47b4ff7458 Mon Sep 17 00:00:00 2001 From: Arpit Jalan Date: Fri, 23 Nov 2018 19:28:04 +0530 Subject: [PATCH] FIX: validate topic deletion when acting on a flag --- app/controllers/admin/flags_controller.rb | 14 ++++++++++-- spec/requests/admin/flags_controller_spec.rb | 24 +++++++++++++++++--- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/app/controllers/admin/flags_controller.rb b/app/controllers/admin/flags_controller.rb index a58dbaafcc9..a94eae4352f 100644 --- a/app/controllers/admin/flags_controller.rb +++ b/app/controllers/admin/flags_controller.rb @@ -87,7 +87,7 @@ class Admin::FlagsController < Admin::AdminController if delete_post # PostDestroy calls PostAction.agree_flags! - PostDestroyer.new(current_user, post).destroy + destroy_post(post) elsif restore_post PostAction.agree_flags!(post, current_user, delete_post) PostDestroyer.new(current_user, post).recover @@ -131,9 +131,19 @@ class Admin::FlagsController < Admin::AdminController ) PostAction.defer_flags!(post, current_user, params[:delete_post]) - PostDestroyer.new(current_user, post).destroy if params[:delete_post] + destroy_post(post) if params[:delete_post] render body: nil end + private + + def destroy_post(post) + if post.is_first_post? + topic = Topic.find_by(id: post.topic_id) + guardian.ensure_can_delete!(topic) if topic.present? + end + + PostDestroyer.new(current_user, post).destroy + end end diff --git a/spec/requests/admin/flags_controller_spec.rb b/spec/requests/admin/flags_controller_spec.rb index 325cb83099e..75f58eed457 100644 --- a/spec/requests/admin/flags_controller_spec.rb +++ b/spec/requests/admin/flags_controller_spec.rb @@ -1,9 +1,11 @@ require 'rails_helper' RSpec.describe Admin::FlagsController do + let(:user) { Fabricate(:user) } let(:admin) { Fabricate(:admin) } let(:post_1) { Fabricate(:post) } - let(:user) { Fabricate(:user) } + let(:category) { Fabricate(:category) } + let(:first_post) { Fabricate(:post, post_number: 1) } before do sign_in(admin) @@ -72,7 +74,7 @@ RSpec.describe Admin::FlagsController do post_action = PostAction.act(user, post_1, PostActionType.types[:spam], message: 'bad') admin.update!(locale: 'ja') - post "/admin/flags/agree/#{post_1.id}.json" + post "/admin/flags/agree/#{post_1.id}.json", params: { action_on_post: 'delete' } expect(response.status).to eq(200) post_action.reload @@ -81,7 +83,23 @@ RSpec.describe Admin::FlagsController do expect(user.user_stat.reload.flags_agreed).to eq(1) agree_post = Topic.joins(:topic_allowed_users).where('topic_allowed_users.user_id = ?', user.id).order(:id).last.posts.last - expect(agree_post.raw).to eq(I18n.with_locale(:en) { I18n.t('flags_dispositions.agreed') }) + expect(agree_post.raw).to eq(I18n.with_locale(:en) { I18n.t('flags_dispositions.agreed_and_deleted') }) + + post_1.reload + expect(post_1.deleted_at).to be_present + end + + it 'should not delete category topic' do + SiteSetting.queue_jobs = false + category.update_column(:topic_id, first_post.topic_id) + + post_action = PostAction.act(user, first_post, PostActionType.types[:spam], message: 'bad') + + post "/admin/flags/agree/#{first_post.id}.json", params: { action_on_post: 'delete' } + expect(response.status).to eq(403) + + first_post.reload + expect(first_post.deleted_at).to eq(nil) end end end