edshot99/eBooru
1
0
Fork 0
forked from e621ng/e621ng
Code Issues 11 Releases 1 Activity
master2
eBooru/test/functional/tickets_controller_test.rb
Donovan Daniels 852129269b [Tickets] Refactor viewing access and add JSON API (#664) 
resolves #657
2024-07-28 18:12:41 -07:00

270 lines
11 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
require "test_helper"
class TicketsControllerTest < ActionDispatch::IntegrationTest
def assert_ticket_create_permissions(users, params)
users.each do |user, allow_create|
if allow_create
assert_difference(-> { Ticket.count }) do
post_auth tickets_path, user, params: { ticket: { **params, disp_id: @content.id, reason: "test" } }
assert_response :redirect
end
else
assert_no_difference(-> { Ticket.count }) do
post_auth tickets_path, user, params: { ticket: { **params, disp_id: @content.id, reason: "test" } }
assert_response :forbidden
end
end
end
end
def assert_ticket_view_permissions(users, ticket)
users.each do |user, allow_view|
get_auth ticket_path(ticket), user
if allow_view
assert_response :success
else
assert_response :forbidden
end
end
end
def assert_ticket_json(users, ticket)
users.each do |user, hash|
get_auth ticket_path(ticket), user, params: { format: :json }
hash.each do |key, value|
if value.nil?
assert_nil(@response.parsed_body[key])
else
assert_equal(value, @response.parsed_body[key])
end
end
end
end
context "The tickets controller" do
setup do
@admin = create(:admin_user)
@bystander = create(:user)
@reporter = create(:user)
@janitor = create(:janitor_user)
@bad_actor = create(:user, created_at: 2.weeks.ago)
end
context "update action" do
setup do
as(@bad_actor) do
@ticket = create(:ticket, creator: @reporter, content: create(:comment), qtype: "comment")
end
end
should "send a new dmail if the status is changed" do
assert_difference(-> { Dmail.count }, 2) do
put_auth ticket_path(@ticket), @admin, params: { ticket: { status: "approved", response: "abc" } }
end
end
should "send a new dmail if the response is changed" do
assert_no_difference(-> { Dmail.count }) do
put_auth ticket_path(@ticket), @admin, params: { ticket: { response: "abc" } }
end
assert_difference(-> { Dmail.count }, 2) do
put_auth ticket_path(@ticket), @admin, params: { ticket: { response: "def", send_update_dmail: true } }
end
end
should "reject empty responses" do
assert_no_changes(-> { @ticket.reload.status }) do
put_auth ticket_path(@ticket), @admin, params: { ticket: { status: "approved", response: "" } }
end
end
end
context "for a blip ticket" do
setup do
as @bad_actor do
@content = create(:blip, creator: @bad_actor)
end
end
should "disallow reporting blips you can't see" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "blip")
@content.update_columns(is_hidden: true)
assert_ticket_create_permissions([[@bystander, false], [@admin, true], [@bad_actor, true]], qtype: "blip")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "blip")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
@content.update_columns(is_hidden: true)
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, false], [@admin, true]], @ticket)
end
end
context "for a comment ticket" do
setup do
as @bad_actor do
@content = create(:comment, creator: @bad_actor)
end
end
should "restrict reporting" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "comment")
@content.update_columns(is_hidden: true)
assert_ticket_create_permissions([[@bystander, false], [@admin, true], [@bad_actor, true]], qtype: "comment")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "comment")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
@content.update_columns(is_hidden: true)
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, false], [@admin, true]], @ticket)
end
end
context "for a dmail ticket" do
setup do
as @bad_actor do
@content = create(:dmail, from: @bad_actor, to: @reporter, owner: @reporter)
end
end
should "disallow reporting dmails you did not receive" do
assert_ticket_create_permissions([[@reporter, true], [@admin, false], [@bad_actor, false]], qtype: "dmail")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "dmail")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, false], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@admin, { creator_id: @reporter.id }]], @ticket)
end
end
context "for a forum post ticket" do
setup do
as @bad_actor do
@content = create(:forum_topic, creator: @bad_actor).original_post
end
end
should "restrict reporting" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "forum")
@content.update_columns(is_hidden: true)
assert_ticket_create_permissions([[@bystander, false], [@admin, true], [@bad_actor, true]], qtype: "forum")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "forum")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
@content.topic.update_columns(is_hidden: true)
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, false], [@admin, true]], @ticket)
end
end
context "for a pool ticket" do
setup do
as @bad_actor do
@content = create(:pool, creator: @bad_actor)
end
end
should "allow reporting pools" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "pool")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "pool")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
end
end
context "for a post ticket" do
setup do
as @bad_actor do
@content = create(:post, uploader: @bad_actor)
end
end
should "require a post reason" do
assert_no_difference(-> { Ticket.count }) do
post_auth tickets_path, @bystander, params: { ticket: { qtype: "post", reason: "test" } }
end
end
should "allow reports" do
create(:post_report_reason, reason: "test")
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "post", report_reason: "test")
end
should "restrict access" do
create(:post_report_reason, reason: "test")
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "post", report_reason: "test")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
end
end
context "for a set ticket" do
setup do
as @bad_actor do
@content = create(:post_set, is_public: true, creator: @bad_actor)
end
end
should "dissallow reporting sets you can't see" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "set")
@content.update_columns(is_public: false)
assert_ticket_create_permissions([[@bystander, false], [@admin, true], [@bad_actor, true]], qtype: "set")
end
should "not restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "set")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
@content.update_columns(is_public: false)
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, false], [@admin, true]], @ticket)
end
end
context "for a user ticket" do
setup do
@content = create(:user)
end
should "allow reporting users" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "user")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "user")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, false], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@admin, { creator_id: @reporter.id }]], @ticket)
end
end
context "for a wiki page ticket" do
setup do
as @bad_actor do
@content = create(:wiki_page, creator: @bad_actor)
end
end
should "allow reporting wiki pages" do
assert_ticket_create_permissions([[@bystander, true], [@admin, true], [@bad_actor, true]], qtype: "wiki")
end
should "restrict access" do
@ticket = create(:ticket, creator: @reporter, content: @content, qtype: "wiki")
assert_ticket_view_permissions([[@bystander, false], [@reporter, true], [@janitor, true], [@admin, true]], @ticket)
assert_ticket_json([[@reporter, { creator_id: @reporter.id }], [@janitor, { creator_id: nil }], [@admin, { creator_id: @reporter.id }]], @ticket)
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink