accounts_controller_spec.rb 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212
  1. require 'rails_helper'
  2. RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
  3. render_views
  4. let(:role) { UserRole.find_by(name: 'Moderator') }
  5. let(:user) { Fabricate(:user, role: role) }
  6. let(:scopes) { 'admin:read admin:write' }
  7. let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
  8. let(:account) { Fabricate(:account) }
  9. before do
  10. allow(controller).to receive(:doorkeeper_token) { token }
  11. end
  12. shared_examples 'forbidden for wrong scope' do |wrong_scope|
  13. let(:scopes) { wrong_scope }
  14. it 'returns http forbidden' do
  15. expect(response).to have_http_status(403)
  16. end
  17. end
  18. shared_examples 'forbidden for wrong role' do |wrong_role|
  19. let(:role) { UserRole.find_by(name: wrong_role) }
  20. it 'returns http forbidden' do
  21. expect(response).to have_http_status(403)
  22. end
  23. end
  24. describe 'GET #index' do
  25. let!(:remote_account) { Fabricate(:account, domain: 'example.org') }
  26. let!(:other_remote_account) { Fabricate(:account, domain: 'foo.bar') }
  27. let!(:suspended_account) { Fabricate(:account, suspended: true) }
  28. let!(:suspended_remote) { Fabricate(:account, domain: 'foo.bar', suspended: true) }
  29. let!(:disabled_account) { Fabricate(:user, disabled: true).account }
  30. let!(:pending_account) { Fabricate(:user, approved: false).account }
  31. let!(:admin_account) { user.account }
  32. let(:params) { {} }
  33. before do
  34. pending_account.user.update(approved: false)
  35. get :index, params: params
  36. end
  37. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  38. it_behaves_like 'forbidden for wrong role', ''
  39. [
  40. [{ active: 'true', local: 'true', staff: 'true' }, [:admin_account]],
  41. [{ by_domain: 'example.org', remote: 'true' }, [:remote_account]],
  42. [{ suspended: 'true' }, [:suspended_account]],
  43. [{ disabled: 'true' }, [:disabled_account]],
  44. [{ pending: 'true' }, [:pending_account]],
  45. ].each do |params, expected_results|
  46. context "when called with #{params.inspect}" do
  47. let(:params) { params }
  48. it 'returns http success' do
  49. expect(response).to have_http_status(200)
  50. end
  51. it "returns the correct accounts (#{expected_results.inspect})" do
  52. json = body_as_json
  53. expect(json.map { |a| a[:id].to_i }).to eq (expected_results.map { |symbol| send(symbol).id })
  54. end
  55. end
  56. end
  57. end
  58. describe 'GET #show' do
  59. before do
  60. get :show, params: { id: account.id }
  61. end
  62. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  63. it_behaves_like 'forbidden for wrong role', ''
  64. it 'returns http success' do
  65. expect(response).to have_http_status(200)
  66. end
  67. end
  68. describe 'POST #approve' do
  69. before do
  70. account.user.update(approved: false)
  71. post :approve, params: { id: account.id }
  72. end
  73. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  74. it_behaves_like 'forbidden for wrong role', ''
  75. it 'returns http success' do
  76. expect(response).to have_http_status(200)
  77. end
  78. it 'approves user' do
  79. expect(account.reload.user_approved?).to be true
  80. end
  81. it 'logs action' do
  82. log_item = Admin::ActionLog.last
  83. expect(log_item).to_not be_nil
  84. expect(log_item.action).to eq :approve
  85. expect(log_item.account_id).to eq user.account_id
  86. expect(log_item.target_id).to eq account.user.id
  87. end
  88. end
  89. describe 'POST #reject' do
  90. before do
  91. account.user.update(approved: false)
  92. post :reject, params: { id: account.id }
  93. end
  94. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  95. it_behaves_like 'forbidden for wrong role', ''
  96. it 'returns http success' do
  97. expect(response).to have_http_status(200)
  98. end
  99. it 'removes user' do
  100. expect(User.where(id: account.user.id).count).to eq 0
  101. end
  102. it 'logs action' do
  103. log_item = Admin::ActionLog.last
  104. expect(log_item).to_not be_nil
  105. expect(log_item.action).to eq :reject
  106. expect(log_item.account_id).to eq user.account_id
  107. expect(log_item.target_id).to eq account.user.id
  108. end
  109. end
  110. describe 'POST #enable' do
  111. before do
  112. account.user.update(disabled: true)
  113. post :enable, params: { id: account.id }
  114. end
  115. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  116. it_behaves_like 'forbidden for wrong role', ''
  117. it 'returns http success' do
  118. expect(response).to have_http_status(200)
  119. end
  120. it 'enables user' do
  121. expect(account.reload.user_disabled?).to be false
  122. end
  123. end
  124. describe 'POST #unsuspend' do
  125. before do
  126. account.suspend!
  127. post :unsuspend, params: { id: account.id }
  128. end
  129. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  130. it_behaves_like 'forbidden for wrong role', ''
  131. it 'returns http success' do
  132. expect(response).to have_http_status(200)
  133. end
  134. it 'unsuspends account' do
  135. expect(account.reload.suspended?).to be false
  136. end
  137. end
  138. describe 'POST #unsensitive' do
  139. before do
  140. account.touch(:sensitized_at)
  141. post :unsensitive, params: { id: account.id }
  142. end
  143. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  144. it_behaves_like 'forbidden for wrong role', ''
  145. it 'returns http success' do
  146. expect(response).to have_http_status(200)
  147. end
  148. it 'unsensitizes account' do
  149. expect(account.reload.sensitized?).to be false
  150. end
  151. end
  152. describe 'POST #unsilence' do
  153. before do
  154. account.touch(:silenced_at)
  155. post :unsilence, params: { id: account.id }
  156. end
  157. it_behaves_like 'forbidden for wrong scope', 'write:statuses'
  158. it_behaves_like 'forbidden for wrong role', ''
  159. it 'returns http success' do
  160. expect(response).to have_http_status(200)
  161. end
  162. it 'unsilences account' do
  163. expect(account.reload.silenced?).to be false
  164. end
  165. end
  166. end