Add confirmation step to account suspensions (#8353)

* Add confirmation page for suspensions

* Suspension confirmation closes reports, linked from report UI

* Fix tests
This commit is contained in:
Eugen Rochko 2018-08-22 11:53:41 +02:00 committed by GitHub
parent 28de046b8b
commit 2374a00c10
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 92 additions and 29 deletions

View File

@ -44,14 +44,8 @@ module Admin
when 'resolve' when 'resolve'
@report.resolve!(current_account) @report.resolve!(current_account)
log_action :resolve, @report log_action :resolve, @report
when 'suspend'
Admin::SuspensionWorker.perform_async(@report.target_account.id)
log_action :resolve, @report
log_action :suspend, @report.target_account
resolve_all_target_account_reports
when 'silence' when 'silence'
@report.resolve!(current_account)
@report.target_account.update!(silenced: true) @report.target_account.update!(silenced: true)
log_action :resolve, @report log_action :resolve, @report

View File

@ -4,11 +4,24 @@ module Admin
class SuspensionsController < BaseController class SuspensionsController < BaseController
before_action :set_account before_action :set_account
def new
@suspension = Form::AdminSuspensionConfirmation.new(report_id: params[:report_id])
end
def create def create
authorize @account, :suspend? authorize @account, :suspend?
Admin::SuspensionWorker.perform_async(@account.id)
log_action :suspend, @account @suspension = Form::AdminSuspensionConfirmation.new(suspension_params)
if suspension_params[:acct] == @account.acct
resolve_report! if suspension_params[:report_id]
perform_suspend!
mark_reports_resolved!
redirect_to admin_accounts_path redirect_to admin_accounts_path
else
flash.now[:alert] = I18n.t('admin.suspensions.bad_acct_msg')
render :new
end
end end
def destroy def destroy
@ -23,5 +36,25 @@ module Admin
def set_account def set_account
@account = Account.find(params[:account_id]) @account = Account.find(params[:account_id])
end end
def suspension_params
params.require(:form_admin_suspension_confirmation).permit(:acct, :report_id)
end
def resolve_report!
report = Report.find(suspension_params[:report_id])
report.resolve!(current_account)
log_action :resolve, report
end
def perform_suspend!
@account.suspend!
Admin::SuspensionWorker.perform_async(@account.id)
log_action :suspend, @account
end
def mark_reports_resolved!
Report.where(target_account: @account).unresolved.update_all(action_taken: true, action_taken_by_account_id: current_account.id)
end
end end
end end

View File

@ -50,6 +50,12 @@ code {
color: $highlight-text-color; color: $highlight-text-color;
} }
} }
code {
border-radius: 3px;
padding: 0.2em 0.4em;
background: darken($ui-base-color, 12%);
}
} }
.card { .card {

View File

@ -193,6 +193,13 @@ class Account < ApplicationRecord
ResolveAccountService.new.call(acct) ResolveAccountService.new.call(acct)
end end
def suspend!
transaction do
user&.disable! if local?
update!(suspended: true)
end
end
def unsuspend! def unsuspend!
transaction do transaction do
user&.enable! if local? user&.enable! if local?

View File

@ -0,0 +1,7 @@
# frozen_string_literal: true
class Form::AdminSuspensionConfirmation
include ActiveModel::Model
attr_accessor :acct, :report_id
end

View File

@ -123,7 +123,7 @@
- if @account.suspended? - if @account.suspended?
= link_to t('admin.accounts.undo_suspension'), admin_account_suspension_path(@account.id), method: :delete, class: 'button' if can?(:unsuspend, @account) = link_to t('admin.accounts.undo_suspension'), admin_account_suspension_path(@account.id), method: :delete, class: 'button' if can?(:unsuspend, @account)
- else - else
= link_to t('admin.accounts.perform_full_suspension'), admin_account_suspension_path(@account.id), method: :post, data: { confirm: t('admin.accounts.are_you_sure') }, class: 'button' if can?(:suspend, @account) = link_to t('admin.accounts.perform_full_suspension'), new_admin_account_suspension_path(@account.id), class: 'button' if can?(:suspend, @account)
- if !@account.local? && @account.hub_url.present? - if !@account.local? && @account.hub_url.present?
%hr.spacer/ %hr.spacer/

View File

@ -8,7 +8,7 @@
- if @report.unresolved? - if @report.unresolved?
%div{ style: 'float: right' } %div{ style: 'float: right' }
= link_to t('admin.reports.silence_account'), admin_report_path(@report, outcome: 'silence'), method: :put, class: 'button' = link_to t('admin.reports.silence_account'), admin_report_path(@report, outcome: 'silence'), method: :put, class: 'button'
= link_to t('admin.reports.suspend_account'), admin_report_path(@report, outcome: 'suspend'), method: :put, class: 'button' = link_to t('admin.reports.suspend_account'), new_admin_account_suspension_path(@report.target_account_id, report_id: @report.id), class: 'button'
%div{ style: 'float: left' } %div{ style: 'float: left' }
= link_to t('admin.reports.mark_as_resolved'), admin_report_path(@report, outcome: 'resolve'), method: :put, class: 'button' = link_to t('admin.reports.mark_as_resolved'), admin_report_path(@report, outcome: 'resolve'), method: :put, class: 'button'
- else - else

View File

@ -0,0 +1,25 @@
- content_for :page_title do
= t('admin.suspensions.title', acct: @account.acct)
= simple_form_for @suspension, url: admin_account_suspension_path(@account.id), method: :post do |f|
%p.hint= t('admin.suspensions.warning_html')
.fields-group
%ul
%li.negative-hint
= number_to_human @account.statuses_count, strip_insignificant_zeros: true
= t('accounts.posts')
%li.negative-hint
= number_to_human @account.following_count, strip_insignificant_zeros: true
= t('accounts.following')
%li.negative-hint
= number_to_human @account.followers_count, strip_insignificant_zeros: true
= t('accounts.followers')
%p.hint= t('admin.suspensions.hint_html', value: content_tag(:code, @account.acct))
= f.input :acct
= f.input_field :report_id, as: :hidden
.actions
= f.button :button, t('admin.suspensions.proceed'), type: :submit, class: 'negative'

View File

@ -414,6 +414,12 @@ en:
last_delivery: Last delivery last_delivery: Last delivery
title: WebSub title: WebSub
topic: Topic topic: Topic
suspensions:
bad_acct_msg: The confirmation value didn't match up. Are you suspending the right account?
hint_html: 'To confirm the suspension of the account, please enter %{value} into the field below:'
proceed: Proceed
title: Suspend %{acct}
warning_html: 'Suspending this account will <strong>irreversibly</strong> delete data from this account, which includes:'
title: Administration title: Administration
admin_mailer: admin_mailer:
new_report: new_report:

View File

@ -174,7 +174,7 @@ Rails.application.routes.draw do
resource :change_email, only: [:show, :update] resource :change_email, only: [:show, :update]
resource :reset, only: [:create] resource :reset, only: [:create]
resource :silence, only: [:create, :destroy] resource :silence, only: [:create, :destroy]
resource :suspension, only: [:create, :destroy] resource :suspension, only: [:new, :create, :destroy]
resources :statuses, only: [:index, :create, :update, :destroy] resources :statuses, only: [:index, :create, :update, :destroy]
resource :confirmation, only: [:create] do resource :confirmation, only: [:create] do

View File

@ -68,21 +68,6 @@ describe Admin::ReportsController do
end end
end end
describe 'with an outcome of `suspend`' do
it 'suspends the reported account' do
report = Fabricate(:report)
allow(Admin::SuspensionWorker).to receive(:perform_async)
put :update, params: { id: report, outcome: 'suspend' }
expect(response).to redirect_to(admin_reports_path)
report.reload
expect(report.action_taken_by_account).to eq user.account
expect(report.action_taken).to eq true
expect(Admin::SuspensionWorker).
to have_received(:perform_async).with(report.target_account_id)
end
end
describe 'with an outsome of `silence`' do describe 'with an outsome of `silence`' do
it 'silences the reported account' do it 'silences the reported account' do
report = Fabricate(:report) report = Fabricate(:report)

View File

@ -12,7 +12,7 @@ describe Admin::SuspensionsController do
account = Fabricate(:account, suspended: false) account = Fabricate(:account, suspended: false)
expect(Admin::SuspensionWorker).to receive(:perform_async).with(account.id) expect(Admin::SuspensionWorker).to receive(:perform_async).with(account.id)
post :create, params: { account_id: account.id } post :create, params: { account_id: account.id, form_admin_suspension_confirmation: { acct: account.acct } }
expect(response).to redirect_to(admin_accounts_path) expect(response).to redirect_to(admin_accounts_path)
end end