diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2016-01-13 09:14:30 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2016-01-13 09:14:30 +0000 |
| commit | 73e0754070865f8a38643df08438566b27c4c092 (patch) | |
| tree | e1e167ee727d332083ec3840d6d188f2a636a96b | |
| parent | 9552db2fa7d1ea5031a3243c17f7968e5911de43 (diff) | |
| parent | da40274fdc60fe17f928b80eb71c211e27523d5e (diff) | |
| download | gitlab-ce-73e0754070865f8a38643df08438566b27c4c092.tar.gz | |
Merge branch 'rs-block-user-before-removal' into 'master'
Block the reported user before destroying the record
This is intended to prevent the user from creating new objects while the
transaction that removes them is being run, resulting in objects with
nil authors which can then not be edited.
See https://gitlab.com/gitlab-org/gitlab-ce/issues/7117
See merge request !2402
| -rw-r--r-- | app/controllers/admin/abuse_reports_controller.rb | 6 | ||||
| -rw-r--r-- | app/models/abuse_report.rb | 5 | ||||
| -rw-r--r-- | spec/models/abuse_report_spec.rb | 16 |
3 files changed, 23 insertions, 4 deletions
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb index 38a5a9fca08..2463cfa87be 100644 --- a/app/controllers/admin/abuse_reports_controller.rb +++ b/app/controllers/admin/abuse_reports_controller.rb @@ -6,11 +6,9 @@ class Admin::AbuseReportsController < Admin::ApplicationController def destroy abuse_report = AbuseReport.find(params[:id]) - if params[:remove_user] - abuse_report.user.destroy - end - + abuse_report.remove_user if params[:remove_user] abuse_report.destroy + render nothing: true end end diff --git a/app/models/abuse_report.rb b/app/models/abuse_report.rb index 55864236b2f..2bc15c60d57 100644 --- a/app/models/abuse_report.rb +++ b/app/models/abuse_report.rb @@ -19,6 +19,11 @@ class AbuseReport < ActiveRecord::Base validates :message, presence: true validates :user_id, uniqueness: true + def remove_user + user.block + user.destroy + end + def notify return unless self.persisted? diff --git a/spec/models/abuse_report_spec.rb b/spec/models/abuse_report_spec.rb index 46cab1644c7..f9be8fcbcfe 100644 --- a/spec/models/abuse_report_spec.rb +++ b/spec/models/abuse_report_spec.rb @@ -29,6 +29,22 @@ RSpec.describe AbuseReport, type: :model do it { is_expected.to validate_uniqueness_of(:user_id) } end + describe '#remove_user' do + it 'blocks the user' do + report = build(:abuse_report) + + allow(report.user).to receive(:destroy) + + expect { report.remove_user }.to change { report.user.blocked? }.to(true) + end + + it 'removes the user' do + report = build(:abuse_report) + + expect { report.remove_user }.to change { User.count }.by(-1) + end + end + describe '#notify' do it 'delivers' do expect(AbuseReportMailer).to receive(:notify).with(subject.id). |