Add revoke all blocks action

openstreetmap · Jan 7, 2024 · 366ffd9 · 366ffd9
1 parent 1ff7b62
commit 366ffd9
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 4 deletions.
diff --git a/app/controllers/user_blocks_controller.rb b/app/controllers/user_blocks_controller.rb
@@ -12,7 +12,7 @@ class UserBlocksController < ApplicationController
   before_action :lookup_user_block, :only => [:show, :edit, :update, :revoke]
   before_action :require_valid_params, :only => [:create, :update]
   before_action :check_database_readable
-  before_action :check_database_writable, :only => [:create, :update, :revoke]
+  before_action :check_database_writable, :only => [:create, :update, :revoke, :revoke_all]
 
   def index
     @params = params.permit
@@ -92,7 +92,11 @@ def revoke
   ##
   # revokes all active blocks
   def revoke_all
-    # TODO revoke
+    if request.post? && params[:confirm]
+      @user.blocks.active.each { |block| block.revoke!(current_user) }
+      flash[:notice] = t ".flash"
+      redirect_to user_blocks_on_path(@user)
+    end
   end
 
   ##

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -2902,6 +2902,7 @@ en:
         one: "%{count} active block"
         other: "%{count} active blocks"
       revoke: "Revoke!"
+      flash: "All active blocks have been revoked."
     helper:
       time_future_html: "Ends in %{time}."
       until_login: "Active until the user logs in."

diff --git a/test/controllers/user_blocks_controller_test.rb b/test/controllers/user_blocks_controller_test.rb
@@ -395,8 +395,8 @@ def test_revoke
   end
 
   ##
-  # test the revoke all action
-  def test_revoke_all
+  # test the revoke all page
+  def test_revoke_all_page
     blocked_user = create(:user)
     create(:user_block, :user => blocked_user)
 
@@ -424,6 +424,54 @@ def test_revoke_all
     assert_response :success
   end
 
+  ##
+  # test the revoke all action
+  def test_revoke_all_action
+    blocked_user = create(:user)
+    active_block1 = create(:user_block, :user => blocked_user)
+    active_block2 = create(:user_block, :user => blocked_user)
+    expired_block1 = create(:user_block, :expired, :user => blocked_user)
+    blocks = [active_block1, active_block2, expired_block1]
+    moderator_user = create(:moderator_user)
+
+    assert_predicate active_block1, :active?
+    assert_predicate active_block2, :active?
+    assert_not_predicate expired_block1, :active?
+
+    # Login as a normal user
+    session_for(create(:user))
+
+    # Check that normal users can't load the block revoke page
+    get revoke_all_user_blocks_path(:blocked_user)
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
+
+    # Login as a moderator
+    session_for(moderator_user)
+
+    # Check that revoking blocks using GET should fail
+    get revoke_all_user_blocks_path(blocked_user, :confirm => true)
+    assert_response :success
+    assert_template "revoke_all"
+
+    blocks.each(&:reload)
+    assert_predicate active_block1, :active?
+    assert_predicate active_block2, :active?
+    assert_not_predicate expired_block1, :active?
+
+    # Check that revoking blocks works using POST
+    post revoke_all_user_blocks_path(blocked_user, :confirm => true)
+    assert_redirected_to user_blocks_on_path(blocked_user)
+
+    blocks.each(&:reload)
+    assert_not_predicate active_block1, :active?
+    assert_not_predicate active_block2, :active?
+    assert_not_predicate expired_block1, :active?
+    assert_equal moderator_user, active_block1.revoker
+    assert_equal moderator_user, active_block2.revoker
+    assert_not_equal moderator_user, expired_block1.revoker
+  end
+
   ##
   # test the blocks_on action
   def test_blocks_on