mirror of
https://github.com/basecamp/once-campfire.git
synced 2026-02-21 20:20:34 +09:00
30fe6ab121
This adds the ability to ban a user by their IP address. When an admin is viewing a user profile, a new "Ban user" button is present. Clicking on that will: - Create a ban on the IP addresses that were tracked for that user's sessions - Remove all the messages authored by that user - Log the user out immediately In addition, that user will no longer be shown in most user lists in the app. They are still shown to admins, in account settings. Viewing their profile from there will now show a "Remove ban" button which can be used to restore their access (it doesn't restore their messages though -- those are already gone -- it just removes the blocks so they can log in again).
86 lines
2.1 KiB
Ruby
86 lines
2.1 KiB
Ruby
require "test_helper"
|
|
|
|
class Users::BansControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
sign_in :david
|
|
end
|
|
|
|
test "create bans user and creates ban records from sessions" do
|
|
user = users(:kevin)
|
|
user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
|
|
user.sessions.create!(ip_address: "203.0.113.2", user_agent: "Test")
|
|
|
|
assert_difference -> { Ban.count }, 2 do
|
|
post user_ban_url(user)
|
|
end
|
|
|
|
assert_redirected_to user_url(user)
|
|
assert Ban.exists?(ip_address: "203.0.113.1", user: user)
|
|
assert Ban.exists?(ip_address: "203.0.113.2", user: user)
|
|
end
|
|
|
|
test "create destroys user sessions" do
|
|
user = users(:kevin)
|
|
user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
|
|
|
|
assert_difference -> { user.sessions.count }, -1 do
|
|
post user_ban_url(user)
|
|
end
|
|
end
|
|
|
|
test "create enqueues RemoveBannedContentJob" do
|
|
user = users(:kevin)
|
|
|
|
assert_enqueued_with(job: RemoveBannedContentJob, args: [ user ]) do
|
|
post user_ban_url(user)
|
|
end
|
|
end
|
|
|
|
test "RemoveBannedContentJob deletes messages" do
|
|
user = users(:kevin)
|
|
user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
|
|
user.messages.create!(room: rooms(:hq), body: "Test message", client_message_id: "test-123")
|
|
|
|
perform_enqueued_jobs do
|
|
post user_ban_url(user)
|
|
end
|
|
|
|
assert_empty user.reload.messages
|
|
end
|
|
|
|
test "non-admins cannot ban users" do
|
|
sign_in :kevin
|
|
|
|
post user_ban_url(users(:jz))
|
|
|
|
assert_response :forbidden
|
|
end
|
|
|
|
test "destroy removes ban records and sets user to active" do
|
|
user = users(:kevin)
|
|
user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
|
|
user.ban
|
|
|
|
assert user.reload.banned?
|
|
assert_equal 1, user.bans.count
|
|
|
|
assert_difference -> { Ban.count }, -1 do
|
|
delete user_ban_url(user)
|
|
end
|
|
|
|
assert_redirected_to user_url(user)
|
|
assert user.reload.active?
|
|
end
|
|
|
|
test "non-admins cannot unban users" do
|
|
sign_in :kevin
|
|
|
|
user = users(:jz)
|
|
user.banned!
|
|
|
|
delete user_ban_url(user)
|
|
|
|
assert_response :forbidden
|
|
end
|
|
end
|