2019-04-30 08:27:42 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2013-05-27 08:22:37 +08:00
|
|
|
describe UserActionsController do
|
2022-02-22 19:02:04 +08:00
|
|
|
describe "GET index" do
|
|
|
|
subject(:user_actions) { get "/user_actions.json", params: params }
|
2013-05-27 08:22:37 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when 'username' is not specified" do
|
|
|
|
let(:params) { {} }
|
2013-05-27 09:02:58 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
it "fails" do
|
|
|
|
user_actions
|
|
|
|
expect(response).to have_http_status :bad_request
|
|
|
|
end
|
|
|
|
end
|
2013-05-27 08:22:37 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when 'username' is specified" do
|
|
|
|
let(:username) { post.user.username }
|
|
|
|
let(:params) { { username: username } }
|
|
|
|
let(:actions) { response.parsed_body["user_actions"] }
|
|
|
|
let(:post) { create_post }
|
2013-05-27 08:22:37 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
before do
|
|
|
|
UserActionManager.enable
|
|
|
|
end
|
2015-04-22 02:36:46 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
it "renders list correctly" do
|
|
|
|
user_actions
|
|
|
|
expect(response).to have_http_status :ok
|
|
|
|
expect(actions.first).to include "acting_name" => post.user.name,
|
|
|
|
"post_number" => 1
|
|
|
|
expect(actions.first).not_to include "email"
|
|
|
|
end
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when 'acting_username' is provided" do
|
|
|
|
let(:user) { Fabricate(:user) }
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
before do
|
|
|
|
PostActionNotifier.enable
|
|
|
|
PostActionCreator.like(user, post)
|
|
|
|
params[:acting_username] = user.username
|
|
|
|
end
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
it "filters its results" do
|
|
|
|
user_actions
|
|
|
|
expect(response).to have_http_status :ok
|
|
|
|
expect(actions.first).to include "acting_username" => user.username
|
|
|
|
end
|
|
|
|
end
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when user's profile is hidden" do
|
|
|
|
fab!(:post) { Fabricate(:post) }
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
before do
|
|
|
|
post.user.user_option.update_column(:hide_profile_and_presence, true)
|
|
|
|
end
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when `allow_users_to_hide_profile` is disabled" do
|
|
|
|
before do
|
|
|
|
SiteSetting.allow_users_to_hide_profile = false
|
|
|
|
end
|
2019-01-16 10:40:16 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
it "succeeds" do
|
|
|
|
user_actions
|
|
|
|
expect(response).to have_http_status :ok
|
|
|
|
end
|
|
|
|
end
|
2020-10-10 05:18:44 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when `allow_users_to_hide_profile` is enabled" do
|
|
|
|
it "returns a 404" do
|
|
|
|
user_actions
|
|
|
|
expect(response).to have_http_status :not_found
|
|
|
|
end
|
|
|
|
end
|
2020-10-10 05:18:44 +08:00
|
|
|
end
|
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when checking other users' activity" do
|
|
|
|
fab!(:another_user) { Fabricate(:user) }
|
2020-10-10 05:18:44 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when user is anonymous" do
|
|
|
|
UserAction.private_types.each do |action_type|
|
|
|
|
action_name = UserAction.types.key(action_type)
|
|
|
|
it "cannot list other users' actions of type: #{action_name}" do
|
|
|
|
list_and_check(action_type, 404)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is logged in" do
|
|
|
|
fab!(:user) { Fabricate(:user) }
|
2020-10-10 05:18:44 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2021-09-29 20:24:28 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
UserAction.private_types.each do |action_type|
|
|
|
|
action_name = UserAction.types.key(action_type)
|
|
|
|
it "cannot list other users' actions of type: #{action_name}" do
|
|
|
|
list_and_check(action_type, 404)
|
|
|
|
end
|
|
|
|
end
|
2021-09-29 20:24:28 +08:00
|
|
|
end
|
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when user is a moderator" do
|
|
|
|
fab!(:moderator) { Fabricate(:moderator) }
|
2021-09-29 20:24:28 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
before do
|
|
|
|
sign_in(moderator)
|
|
|
|
end
|
|
|
|
|
|
|
|
UserAction.private_types.each do |action_type|
|
|
|
|
action_name = UserAction.types.key(action_type)
|
|
|
|
it "cannot list other users' actions of type: #{action_name}" do
|
|
|
|
list_and_check(action_type, 404)
|
|
|
|
end
|
|
|
|
end
|
2021-09-29 20:24:28 +08:00
|
|
|
end
|
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when user is an admin" do
|
|
|
|
fab!(:admin) { Fabricate(:admin) }
|
2021-09-29 20:24:28 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
before do
|
|
|
|
sign_in(admin)
|
|
|
|
end
|
|
|
|
|
|
|
|
UserAction.private_types.each do |action_type|
|
|
|
|
action_name = UserAction.types.key(action_type)
|
|
|
|
it "can list other users' actions of type: #{action_name}" do
|
|
|
|
list_and_check(action_type, 200)
|
|
|
|
end
|
|
|
|
end
|
2021-09-29 20:24:28 +08:00
|
|
|
end
|
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
def list_and_check(action_type, expected_response)
|
|
|
|
get "/user_actions.json", params: {
|
|
|
|
filter: action_type,
|
|
|
|
username: another_user.username
|
|
|
|
}
|
2021-09-29 20:24:28 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
expect(response.status).to eq(expected_response)
|
2021-09-29 20:24:28 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
context "when bad data is provided" do
|
|
|
|
fab!(:user) { Fabricate(:user) }
|
2021-09-29 20:24:28 +08:00
|
|
|
|
2022-02-22 19:02:04 +08:00
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
filter: filter,
|
|
|
|
username: username,
|
|
|
|
offset: offset,
|
|
|
|
limit: limit
|
|
|
|
}
|
|
|
|
end
|
|
|
|
let(:filter) { "1,2" }
|
|
|
|
let(:username) { user.username }
|
|
|
|
let(:offset) { "0" }
|
|
|
|
let(:limit) { "10" }
|
|
|
|
|
|
|
|
%i[filter username offset limit].each do |parameter|
|
|
|
|
context "when providing bad data for '#{parameter}'" do
|
|
|
|
let(parameter) { { bad: "data" } }
|
|
|
|
|
|
|
|
it "doesn't raise an error" do
|
|
|
|
user_actions
|
|
|
|
expect(response).not_to have_http_status :error
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2021-09-29 20:24:28 +08:00
|
|
|
end
|
|
|
|
end
|
2013-05-27 08:22:37 +08:00
|
|
|
end
|
|
|
|
end
|