From 719df8abc932c7b76fe7bc8aa5bb723d2845eca0 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 30 Aug 2023 11:00:12 +0200 Subject: [PATCH 1/3] Move `AccountStatusesFilter` out of `app/models` --- app/{models => lib}/account_statuses_filter.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename app/{models => lib}/account_statuses_filter.rb (100%) diff --git a/app/models/account_statuses_filter.rb b/app/lib/account_statuses_filter.rb similarity index 100% rename from app/models/account_statuses_filter.rb rename to app/lib/account_statuses_filter.rb From 014d9495f55c0ab48a790a6693875ed5d09ccb05 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 30 Aug 2023 16:45:08 +0200 Subject: [PATCH 2/3] Fix moderators not being able to report posts from people who blocked them --- app/lib/admin/account_statuses_filter.rb | 9 +++++++++ app/models/admin/status_batch_action.rb | 2 +- .../admin/statuses_controller_spec.rb | 20 +++++++++++++++---- 3 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 app/lib/admin/account_statuses_filter.rb diff --git a/app/lib/admin/account_statuses_filter.rb b/app/lib/admin/account_statuses_filter.rb new file mode 100644 index 0000000000000..94927e4b6806c --- /dev/null +++ b/app/lib/admin/account_statuses_filter.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class Admin::AccountStatusesFilter < AccountStatusesFilter + private + + def blocked? + false + end +end diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb index b8bdec7223fe3..6641688788847 100644 --- a/app/models/admin/status_batch_action.rb +++ b/app/models/admin/status_batch_action.rb @@ -140,6 +140,6 @@ def report_params end def allowed_status_ids - AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id) + Admin::AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id) end end diff --git a/spec/controllers/admin/statuses_controller_spec.rb b/spec/controllers/admin/statuses_controller_spec.rb index 7171c0e886a2a..9befdf978f982 100644 --- a/spec/controllers/admin/statuses_controller_spec.rb +++ b/spec/controllers/admin/statuses_controller_spec.rb @@ -52,24 +52,36 @@ end describe 'POST #batch' do - before do - post :batch, params: { :account_id => account.id, action => '', :admin_status_batch_action => { status_ids: status_ids } } - end + subject { post :batch, params: { :account_id => account.id, action => '', :admin_status_batch_action => { status_ids: status_ids } } } let(:status_ids) { [media_attached_status.id] } - context 'when action is report' do + shared_examples 'when action is report' do let(:action) { 'report' } it 'creates a report' do + subject + report = Report.last expect(report.target_account_id).to eq account.id expect(report.status_ids).to eq status_ids end it 'redirects to report page' do + subject + expect(response).to redirect_to(admin_report_path(Report.last.id)) end end + + it_behaves_like 'when action is report' + + context 'when the moderator is blocked by the author' do + before do + account.block!(user.account) + end + + it_behaves_like 'when action is report' + end end end From 77e0e487a474a5e91e4bb102478f041cda000477 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 30 Aug 2023 16:57:14 +0200 Subject: [PATCH 3/3] =?UTF-8?q?Fix=20moderators=20not=20being=20able=20to?= =?UTF-8?q?=20=E2=80=9Copen=20in=20moderation=20interface=E2=80=9D=20posts?= =?UTF-8?q?=20they=20have=20access=20to?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #26702 --- app/policies/admin/status_policy.rb | 8 +++++++- spec/policies/admin/status_policy_spec.rb | 17 ++++++++++++++--- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/app/policies/admin/status_policy.rb b/app/policies/admin/status_policy.rb index ffaa30f13de60..e9379c25eca90 100644 --- a/app/policies/admin/status_policy.rb +++ b/app/policies/admin/status_policy.rb @@ -12,7 +12,7 @@ def index? end def show? - role.can?(:manage_reports, :manage_users) && (record.public_visibility? || record.unlisted_visibility? || record.reported?) + role.can?(:manage_reports, :manage_users) && (record.public_visibility? || record.unlisted_visibility? || record.reported? || viewable_through_normal_policy?) end def destroy? @@ -26,4 +26,10 @@ def update? def review? role.can?(:manage_taxonomies) end + + private + + def viewable_through_normal_policy? + StatusPolicy.new(current_account, record, @preloaded_relations).show? + end end diff --git a/spec/policies/admin/status_policy_spec.rb b/spec/policies/admin/status_policy_spec.rb index 9e81a4f5f1a7a..af9f7716be382 100644 --- a/spec/policies/admin/status_policy_spec.rb +++ b/spec/policies/admin/status_policy_spec.rb @@ -7,7 +7,8 @@ let(:policy) { described_class } let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:john) { Fabricate(:account) } - let(:status) { Fabricate(:status) } + let(:status) { Fabricate(:status, visibility: status_visibility) } + let(:status_visibility) { :public } permissions :index?, :update?, :review?, :destroy? do context 'with an admin' do @@ -26,7 +27,7 @@ permissions :show? do context 'with an admin' do context 'with a public visible status' do - before { allow(status).to receive(:public_visibility?).and_return(true) } + let(:status_visibility) { :public } it 'permits' do expect(policy).to permit(admin, status) @@ -34,11 +35,21 @@ end context 'with a not public visible status' do - before { allow(status).to receive(:public_visibility?).and_return(false) } + let(:status_visibility) { :direct } it 'denies' do expect(policy).to_not permit(admin, status) end + + context 'when the status mentions the admin' do + before do + status.mentions.create!(account: admin) + end + + it 'permits' do + expect(policy).to permit(admin, status) + end + end end end