Delete and restore tests

fdd4d79a · ArtOfCode- · 187c46ca · fdd4d79a · fdd4d79a · fdd4d79a
Commit fdd4d79a authored Dec 14, 2020 by ArtOfCode-
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -5,6 +5,7 @@ class PostsController < ApplicationController
  before_action :set_scoped_post, only: [:change_category, :show, :edit, :update, :close, :reopen, :delete, :restore]
  before_action :verify_moderator, only: [:toggle_comments]
  before_action :edit_checks, only: [:edit, :update]
+  before_action :unless_locked, only: [:edit, :update, :close, :reopen, :delete, :restore]

  def new
    @post_type = PostType.find(params[:post_type])
@@ -236,7 +237,63 @@ class PostsController < ApplicationController
    redirect_to post_path(@post)
  end

-  # TODO: delete, undelete
+  def delete
+    unless check_your_privilege('flag_curate', @post, false)
+      flash[:danger] = helpers.ability_err_msg(:flag_curate, 'delete this post')
+      redirect_to post_path(@post)
+      return
+    end
+
+    if @post.children.any? { |a| a.score >= 0.5 }
+      flash[:danger] = 'This post cannot be deleted because it has responses.'
+      redirect_to post_path(@post)
+      return
+    end
+
+    if @post.deleted
+      flash[:danger] = "Can't delete a deleted post."
+      redirect_to post_path(@post)
+      return
+    end
+
+    if @post.update(deleted: true, deleted_at: DateTime.now, deleted_by: current_user,
+                    last_activity: DateTime.now, last_activity_by: current_user)
+      PostHistory.post_deleted(@post, current_user)
+    else
+      flash[:danger] = "Can't delete this post right now. Try again later."
+    end
+
+    redirect_to post_path(@post)
+  end
+
+  def restore
+    unless check_your_privilege('flag_curate', @post, false)
+      flash[:danger] = helpers.ability_err_msg(:flag_curate, 'restore this post')
+      redirect_to post_path(@post)
+      return
+    end
+
+    unless @post.deleted
+      flash[:danger] = "Can't restore an undeleted post."
+      redirect_to post_path(@post)
+      return
+    end
+
+    if @post.deleted_by.is_moderator && !current_user.is_moderator
+      flash[:danger] = 'You cannot restore this post deleted by a moderator.'
+      redirect_to post_path(@post)
+      return
+    end
+
+    if @post.update(deleted: false, deleted_at: nil, deleted_by: nil,
+                    last_activity: DateTime.now, last_activity_by: current_user)
+      PostHistory.post_undeleted(@post, current_user)
+    else
+      flash[:danger] = "Can't restore this post right now. Try again later."
+    end
+
+    redirect_to post_path(@post)
+  end

  def document
    @post = Post.unscoped.where(doc_slug: params[:slug], community_id: [RequestContext.community_id, nil]).first
@@ -435,5 +492,9 @@ class PostsController < ApplicationController
      redirect_back fallback_location: root_path
    end
  end
+
+  def unless_locked
+    check_if_locked(@post)
+  end
 end
 # rubocop:enable Metrics/ClassLength
--- a/app/controllers/questions_controller.rb
+++ b/app/controllers/questions_controller.rb
@@ -5,15 +5,6 @@ class QuestionsController < ApplicationController
  before_action :set_question, only: [:destroy, :undelete, :close, :reopen]
  before_action :check_if_question_locked, only: [:destroy, :undelete, :close, :reopen]

-  def tagged
-    @tag = Tag.find_by name: params[:tag], tag_set_id: params[:tag_set]
-    if @tag.nil?
-      not_found
-      return
-    end
-    @questions = @tag.posts.list_includes.undeleted.order('updated_at DESC').paginate(page: params[:page], per_page: 50)
-  end
-
  def lottery
    ids = Rails.cache.fetch 'lottery_questions', expires_in: 24.hours do
      # noinspection RailsParamDefResolve
@@ -24,55 +15,6 @@ class QuestionsController < ApplicationController
    @questions = Question.list_includes.where(id: ids).paginate(page: params[:page], per_page: 25)
  end

-  def destroy
-    unless check_your_privilege('flag_curate', @question, false)
-      flash[:danger] = helpers.ability_err_msg(:flag_curate, 'delete this question')
-      redirect_to(question_path(@question)) && return
-    end
-
-    if @question.answer_count.positive? && @question.answers.any? { |a| a.score >= 0.5 }
-      flash[:danger] = 'This question cannot be deleted because it has answers.'
-      redirect_to(question_path(@question)) && return
-    end
-    if @question.deleted
-      flash[:danger] = "Can't delete a deleted question."
-      redirect_to(question_path(@question)) && return
-    end
-
-    if @question.update(deleted: true, deleted_at: DateTime.now, deleted_by: current_user,
-                        last_activity: DateTime.now, last_activity_by: current_user)
-      PostHistory.post_deleted(@question, current_user)
-    else
-      flash[:danger] = "Can't delete this question right now. Try again later."
-    end
-    redirect_to url_for(controller: :questions, action: :show, id: @question.id)
-  end
-
-  def undelete
-    unless check_your_privilege('flag_curate', @question, false)
-      flash[:danger] = helpers.ability_err_msg(:flag_curate, 'undelete this question')
-      redirect_to(question_path(@question)) && return
-    end
-
-    unless @question.deleted
-      flash[:danger] = "Can't undelete an undeleted question."
-      redirect_to(question_path(@question)) && return
-    end
-
-    if @question.deleted_by.is_moderator && !current_user.is_moderator
-      flash[:danger] = 'You cannot undelete this post deleted by a moderator.'
-      redirect_to(question_path(@question)) && return
-    end
-
-    if @question.update(deleted: false, deleted_at: nil, deleted_by: nil,
-                        last_activity: DateTime.now, last_activity_by: current_user)
-      PostHistory.post_undeleted(@question, current_user)
-    else
-      flash[:danger] = "Can't undelete this question right now. Try again later."
-    end
-    redirect_to url_for(controller: :questions, action: :show, id: @question.id)
-  end
-
  def feed
    @questions = Rails.cache.fetch('questions_rss', expires_in: 5.minutes) do
      Question.all.order(created_at: :desc).limit(25)

--- a/test/controllers/posts_controller_test.rb
+++ b/test/controllers/posts_controller_test.rb
@@ -242,6 +242,12 @@ class PostsControllerTest < ActionController::TestCase
    assert_redirected_to new_user_session_path
  end

+  test 'cannot edit locked post' do
+    sign_in users(:standard_user)
+    get :edit, params: { id: posts(:locked).id }
+    assert_response 401
+  end
+
  # Update

  test 'can update post' do
@@ -313,6 +319,17 @@ class PostsControllerTest < ActionController::TestCase
    assert_equal before_history, after_history, 'PostHistory event incorrectly created on no-change update'
  end

+  test 'cannot update locked post' do
+    sign_in users(:standard_user)
+    before_history = PostHistory.where(post: posts(:locked)).count
+    patch :update, params: { id: posts(:locked).id,
+                             post: { title: sample.edit.title, body_markdown: sample.edit.body_markdown,
+                                     tags_cache: sample.edit.tags_cache } }
+    after_history = PostHistory.where(post: posts(:locked)).count
+    assert_response 401
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on update'
+  end
+
  # Close

  test 'can close question' do
@@ -391,6 +408,15 @@ class PostsControllerTest < ActionController::TestCase
    assert_equal 'failed', JSON.parse(response.body)['status']
  end

+  test 'cannot close a locked post' do
+    sign_in users(:closer)
+    before_history = PostHistory.where(post: posts(:locked)).count
+    post :close, params: { id: posts(:locked).id, reason_id: close_reasons(:not_good).id }
+    after_history = PostHistory.where(post: posts(:locked)).count
+    assert_response 401
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on close'
+  end
+
  # Reopen

  test 'can reopen question' do
@@ -431,4 +457,135 @@ class PostsControllerTest < ActionController::TestCase
    assert_not_nil flash[:danger]
    assert_equal before_history, after_history, 'PostHistory event incorrectly created on reopen'
  end
+
+  test 'cannot reopen a locked post' do
+    sign_in users(:closer)
+    before_history = PostHistory.where(post: posts(:locked)).count
+    post :reopen, params: { id: posts(:locked).id }
+    after_history = PostHistory.where(post: posts(:locked)).count
+    assert_response 401
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on reopen'
+  end
+
+  # Delete
+
+  test 'can delete post' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:question_two)).count
+    post :delete, params: { id: posts(:question_two).id }
+    after_history = PostHistory.where(post: posts(:question_two)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_nil flash[:danger]
+    assert_equal before_history + 1, after_history, 'PostHistory event not created on deletion'
+  end
+
+  test 'delete requires authentication' do
+    post :delete, params: { id: posts(:question_one).id }
+    assert_response 302
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'unprivileged user cannot delete' do
+    sign_in users(:closer)
+    before_history = PostHistory.where(post: posts(:question_one)).count
+    post :delete, params: { id: posts(:question_one).id }
+    after_history = PostHistory.where(post: posts(:question_one)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_not_nil flash[:danger]
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  test 'cannot delete a post with responses' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:question_one)).count
+    post :delete, params: { id: posts(:question_one).id }
+    after_history = PostHistory.where(post: posts(:question_one)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_not_nil flash[:danger]
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  test 'cannot delete a deleted post' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:deleted)).count
+    post :delete, params: { id: posts(:deleted).id }
+    after_history = PostHistory.where(post: posts(:deleted)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_not_nil flash[:danger]
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  test 'cannot delete a locked post' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:locked)).count
+    post :delete, params: { id: posts(:locked).id }
+    after_history = PostHistory.where(post: posts(:locked)).count
+    assert_response 401
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  # Restore
+
+  test 'can restore post' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:deleted)).count
+    post :restore, params: { id: posts(:deleted).id }
+    after_history = PostHistory.where(post: posts(:deleted)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_nil flash[:danger]
+    assert_equal before_history + 1, after_history, 'PostHistory event not created on deletion'
+  end
+
+  test 'restore requires authentication' do
+    post :restore, params: { id: posts(:deleted).id }
+    assert_response 302
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'unprivileged user cannot restore' do
+    sign_in users(:closer)
+    before_history = PostHistory.where(post: posts(:deleted)).count
+    post :restore, params: { id: posts(:deleted).id }
+    after_history = PostHistory.where(post: posts(:deleted)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_not_nil flash[:danger]
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  test 'cannot restore a post deleted by a moderator' do
+    sign_in users(:closer)
+    before_history = PostHistory.where(post: posts(:deleted_mod)).count
+    post :restore, params: { id: posts(:deleted_mod).id }
+    after_history = PostHistory.where(post: posts(:deleted_mod)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_not_nil flash[:danger]
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  test 'cannot restore a restored post' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:question_one)).count
+    post :restore, params: { id: posts(:question_one).id }
+    after_history = PostHistory.where(post: posts(:question_one)).count
+    assert_response 302
+    assert_redirected_to post_path(assigns(:post))
+    assert_not_nil flash[:danger]
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
+
+  test 'cannot restore a locked post' do
+    sign_in users(:deleter)
+    before_history = PostHistory.where(post: posts(:locked)).count
+    post :restore, params: { id: posts(:locked).id }
+    after_history = PostHistory.where(post: posts(:locked)).count
+    assert_response 401
+    assert_equal before_history, after_history, 'PostHistory event incorrectly created on deletion'
+  end
 end
--- a/test/fixtures/posts.yml
+++ b/test/fixtures/posts.yml
@@ -64,6 +64,30 @@ deleted:
  upvote_count: 0
  downvote_count: 0

+deleted_mod:
+  post_type: question
+  title: Q3D ZY XWVUTS RQPONM LKJIHG FEDCBA
+  body: ZY XWVUTS RQPONM LKJIHG FEDCBA ZY XWVUTS RQPONM LKJIHG FEDCBA
+  body_markdown: ZY XWVUTS RQPONM LKJIHG FEDCBA ZY XWVUTS RQPONM LKJIHG FEDCBA
+  tags_cache:
+    - discussion
+    - support
+    - bug
+  tags:
+    - discussion
+    - support
+    - bug
+  score: 0.5
+  user: standard_user
+  deleted: true
+  deleted_at: 2019-01-01T00:00:00.000000Z
+  deleted_by: moderator
+  community: sample
+  category: main
+  license: cc_by_sa
+  upvote_count: 0
+  downvote_count: 0
+
 closed:
  post_type: question
  title: Q4C ABCDEF GHIJKL MNOPQR STUVWX YZ
@@ -88,6 +112,30 @@ closed:
  upvote_count: 0
  downvote_count: 0

+locked:
+  post_type: question
+  title: Q4C ABCDEF GHIJKL MNOPQR STUVWX YZ
+  body: ABCDEF GHIJKL MNOPQR STUVWX YZ ABCDEF GHIJKL MNOPQR STUVWX YZ
+  body_markdown: ZY XWVUTS RQPONM LKJIHG FEDCBA ZY XWVUTS RQPONM LKJIHG FEDCBA
+  tags_cache:
+    - discussion
+    - support
+    - bug
+  tags:
+    - discussion
+    - support
+    - bug
+  score: 0.5
+  locked: true
+  locked_by: moderator
+  locked_at: 2019-01-01T00:00:00.000000Z
+  user: standard_user
+  community: sample
+  category: main
+  license: cc_by_sa
+  upvote_count: 0
+  downvote_count: 0
+
 answer_one:
  post_type: answer
  body: A1 ABCDEF GHIJKL MNOPQR STUVWX YZ ABCDEF GHIJKL MNOPQR STUVWX YZ