Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: validate topic deletion when acting on a flag

This commit is contained in:
Arpit Jalan 2018-11-23 19:28:04 +05:30
parent ed400a90fe
commit b5bf182ad5
2 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/controllers/admin/flags_controller.rb
View File

@ -87,7 +87,7 @@ class Admin::FlagsController < Admin::AdminController
if delete_post if delete_post
# PostDestroy calls PostAction.agree_flags! # PostDestroy calls PostAction.agree_flags!
PostDestroyer.new(current_user, post).destroy destroy_post(post)
elsif restore_post elsif restore_post
PostAction.agree_flags!(post, current_user, delete_post) PostAction.agree_flags!(post, current_user, delete_post)
PostDestroyer.new(current_user, post).recover PostDestroyer.new(current_user, post).recover
@ -131,9 +131,19 @@ class Admin::FlagsController < Admin::AdminController
) )
PostAction.defer_flags!(post, current_user, params[:delete_post]) PostAction.defer_flags!(post, current_user, params[:delete_post])
PostDestroyer.new(current_user, post).destroy if params[:delete_post] destroy_post(post) if params[:delete_post]
render body: nil render body: nil
end end
private
def destroy_post(post)
if post.is_first_post?
topic = Topic.find_by(id: post.topic_id)
guardian.ensure_can_delete!(topic) if topic.present?
end
PostDestroyer.new(current_user, post).destroy
end
end end

24
spec/requests/admin/flags_controller_spec.rb
View File

@ -1,9 +1,11 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe Admin::FlagsController do RSpec.describe Admin::FlagsController do
let(:user) { Fabricate(:user) }
let(:admin) { Fabricate(:admin) } let(:admin) { Fabricate(:admin) }
let(:post_1) { Fabricate(:post) } let(:post_1) { Fabricate(:post) }
let(:user) { Fabricate(:user) } let(:category) { Fabricate(:category) }
let(:first_post) { Fabricate(:post, post_number: 1) }
before do before do
sign_in(admin) sign_in(admin)
@ -72,7 +74,7 @@ RSpec.describe Admin::FlagsController do
post_action = PostAction.act(user, post_1, PostActionType.types[:spam], message: 'bad') post_action = PostAction.act(user, post_1, PostActionType.types[:spam], message: 'bad')
admin.update!(locale: 'ja') admin.update!(locale: 'ja')
post "/admin/flags/agree/#{post_1.id}.json" post "/admin/flags/agree/#{post_1.id}.json", params: { action_on_post: 'delete' }
expect(response.status).to eq(200) expect(response.status).to eq(200)
post_action.reload post_action.reload
@ -81,7 +83,23 @@ RSpec.describe Admin::FlagsController do
expect(user.user_stat.reload.flags_agreed).to eq(1) expect(user.user_stat.reload.flags_agreed).to eq(1)
agree_post = Topic.joins(:topic_allowed_users).where('topic_allowed_users.user_id = ?', user.id).order(:id).last.posts.last agree_post = Topic.joins(:topic_allowed_users).where('topic_allowed_users.user_id = ?', user.id).order(:id).last.posts.last
expect(agree_post.raw).to eq(I18n.with_locale(:en) { I18n.t('flags_dispositions.agreed') }) expect(agree_post.raw).to eq(I18n.with_locale(:en) { I18n.t('flags_dispositions.agreed_and_deleted') })
post_1.reload
expect(post_1.deleted_at).to be_present
end
it 'should not delete category topic' do
SiteSetting.queue_jobs = false
category.update_column(:topic_id, first_post.topic_id)
post_action = PostAction.act(user, first_post, PostActionType.types[:spam], message: 'bad')
post "/admin/flags/agree/#{first_post.id}.json", params: { action_on_post: 'delete' }
expect(response.status).to eq(403)
first_post.reload
expect(first_post.deleted_at).to eq(nil)
end end
end end
end end