Merge branch 'hb-fix-abuse-report-on-stale-user-profile' into 'master'

Fix errors caused by attempts to report already blocked or deleted users

Closes #8928

See merge request !12502

4 files changed, 43 insertions, 2 deletions

diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb
index 2eac0cabf7a..ed13ead63f9 100644
--- a/app/controllers/abuse_reports_controller.rb
+++ b/app/controllers/abuse_reports_controller.rb
@@ -1,7 +1,9 @@
 class AbuseReportsController < ApplicationController
+  before_action :set_user, only: [:new]
+
   def new
     @abuse_report = AbuseReport.new
-    @abuse_report.user_id = params[:user_id]
+    @abuse_report.user_id = @user.id
     @ref_url = params.fetch(:ref_url, '')
   end
 
@@ -27,4 +29,14 @@ class AbuseReportsController < ApplicationController
       user_id
     ))
   end
+
+  def set_user
+    @user = User.find_by(id: params[:user_id])
+
+    if @user.nil?
+      redirect_to root_path, alert: "Cannot create the abuse report. The user has been deleted."
+    elsif @user.blocked?
+      redirect_to @user, alert: "Cannot create the abuse report. This user has been blocked."
+    end
+  end
 end
diff --git a/changelogs/unreleased/hb-fix-abuse-report-on-stale-user-profile.yml b/changelogs/unreleased/hb-fix-abuse-report-on-stale-user-profile.yml
new file mode 100644
index 00000000000..ec2f4f9c3d8
--- /dev/null
+++ b/changelogs/unreleased/hb-fix-abuse-report-on-stale-user-profile.yml
@@ -0,0 +1,4 @@
+---
+title: Fix errors caused by attempts to report already blocked or deleted users
+merge_request: 12502
+author: Horacio Bertorello
diff --git a/spec/controllers/abuse_reports_controller_spec.rb b/spec/controllers/abuse_reports_controller_spec.rb
index 80a418feb3e..ada011e7595 100644
--- a/spec/controllers/abuse_reports_controller_spec.rb
+++ b/spec/controllers/abuse_reports_controller_spec.rb
@@ -13,6 +13,31 @@ describe AbuseReportsController do
     sign_in(reporter)
   end
 
+  describe 'GET new' do
+    context 'when the user has already been deleted' do
+      it 'redirects the reporter to root_path' do
+        user_id = user.id
+        user.destroy
+
+        get :new, { user_id: user_id }
+
+        expect(response).to redirect_to root_path
+        expect(flash[:alert]).to eq('Cannot create the abuse report. The user has been deleted.')
+      end
+    end
+
+    context 'when the user has already been blocked' do
+      it 'redirects the reporter to the user\'s profile' do
+        user.block
+
+        get :new, { user_id: user.id }
+
+        expect(response).to redirect_to user
+        expect(flash[:alert]).to eq('Cannot create the abuse report. This user has been blocked.')
+      end
+    end
+  end
+
   describe 'POST create' do
     context 'with valid attributes' do
       it 'saves the abuse report' do
diff --git a/spec/features/abuse_report_spec.rb b/spec/features/abuse_report_spec.rb
index 5e6cd64c5c1..b88e801c3d7 100644
--- a/spec/features/abuse_report_spec.rb
+++ b/spec/features/abuse_report_spec.rb
@@ -12,7 +12,7 @@ feature 'Abuse reports', feature: true do
 
     click_link 'Report abuse'
 
-    fill_in 'abuse_report_message', with: 'This user send spam'
+    fill_in 'abuse_report_message', with: 'This user sends spam'
     click_button 'Send report'
 
     expect(page).to have_content 'Thank you for your report'