discourse/spec/models/reviewable_user_spec.rb

require 'rails_helper'

RSpec.describe ReviewableUser, type: :model do

  let(:moderator) { Fabricate(:moderator) }
  let(:user) do
    user = Fabricate(:user)
    user.activate
    user
  end
  let(:admin) { Fabricate(:admin) }

  context "actions_for" do
    let(:reviewable) { Fabricate(:reviewable) }
    it "returns approve/disapprove in the pending state" do
      actions = reviewable.actions_for(Guardian.new(moderator))
      expect(actions.has?(:approve)).to eq(true)
      expect(actions.has?(:reject)).to eq(true)
    end

    it "doesn't return anything in the approved state" do
      reviewable.status = Reviewable.statuses[:approved]
      actions = reviewable.actions_for(Guardian.new(moderator))
      expect(actions.has?(:approve)).to eq(false)
      expect(actions.has?(:reject)).to eq(false)
    end
  end

  context "#update_fields" do
    let(:moderator) { Fabricate(:moderator) }
    let(:reviewable) { Fabricate(:reviewable) }

    it "doesn't raise errors with an empty update" do
      expect(reviewable.update_fields(nil, moderator)).to eq(true)
      expect(reviewable.update_fields({}, moderator)).to eq(true)
    end
  end

  context "when a user is deleted" do
    it "should reject the reviewable" do
      Jobs::CreateUserReviewable.new.execute(user_id: user.id)
      reviewable = Reviewable.find_by(target: user)
      expect(reviewable.pending?).to eq(true)

      UserDestroyer.new(Discourse.system_user).destroy(user)
      expect(reviewable.reload.rejected?).to eq(true)
    end
  end

  context "perform" do
    let(:reviewable) { Fabricate(:reviewable) }
    context "approve" do
      it "allows us to approve a user" do
        result = reviewable.perform(moderator, :approve)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.approved?).to eq(true)
        expect(reviewable.target.approved?).to eq(true)
        expect(reviewable.target.approved_by_id).to eq(moderator.id)
        expect(reviewable.target.approved_at).to be_present
        expect(reviewable.version > 0).to eq(true)
      end

      it "allows us to reject a user" do
        result = reviewable.perform(moderator, :reject)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.rejected?).to eq(true)

        # Rejecting deletes the user record
        reviewable.reload
        expect(reviewable.target).to be_blank
      end

      it "allows us to reject a user who has posts" do
        Fabricate(:post, user: reviewable.target)
        result = reviewable.perform(moderator, :reject)
        expect(result.success?).to eq(true)

        expect(reviewable.pending?).to eq(false)
        expect(reviewable.rejected?).to eq(true)

        # Rejecting deletes the user record
        reviewable.reload
        expect(reviewable.target).to be_present
        expect(reviewable.target.approved).to eq(false)
      end

      it "allows us to reject a user who has been deleted" do
        reviewable.target.destroy!
        reviewable.reload
        result = reviewable.perform(moderator, :reject)
        expect(result.success?).to eq(true)
        expect(reviewable.rejected?).to eq(true)
        expect(reviewable.target).to be_blank
      end
    end
  end

  describe 'when must_approve_users is true' do
    before do
      SiteSetting.must_approve_users = true
      Jobs.run_immediately!
    end

    it "creates the ReviewableUser for a user, with moderator access" do
      reviewable = ReviewableUser.find_by(target: user)
      expect(reviewable).to be_present
      expect(reviewable.reviewable_by_moderator).to eq(true)
    end

    context "email jobs" do
      let(:reviewable) { ReviewableUser.find_by(target: user) }
      before do
        reviewable

        # We can ignore these notifications for the purpose of this test
        Jobs.stubs(:enqueue).with(:notify_reviewable, has_key(:reviewable_id))
      end

      after do
        ReviewableUser.find_by(target: user).perform(admin, :approve)
      end

      it "enqueues a 'signup after approval' email if must_approve_users is true" do
        Jobs.expects(:enqueue).with(
          :critical_user_email, has_entries(type: :signup_after_approval)
        )
      end

      it "doesn't enqueue a 'signup after approval' email if must_approve_users is false" do
        SiteSetting.must_approve_users = false
        Jobs.expects(:enqueue).with(
          :critical_user_email, has_entries(type: :signup_after_approval)
        ).never
      end
    end

    it 'triggers a extensibility event' do
      user && admin # bypass the user_created event
      event = DiscourseEvent.track_events {
        ReviewableUser.find_by(target: user).perform(admin, :approve)
      }.first

      expect(event[:event_name]).to eq(:user_approved)
      expect(event[:params].first).to eq(user)
    end

    it 'triggers a extensibility event' do
      user && admin # bypass the user_created event
      event = DiscourseEvent.track_events {
        ReviewableUser.find_by(target: user).perform(admin, :approve)
      }.first

      expect(event[:event_name]).to eq(:user_approved)
      expect(event[:params].first).to eq(user)
    end
  end

end
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-04 01:03:01 +08:00			`require 'rails_helper'`

			`RSpec.describe ReviewableUser, type: :model do`

			`let(:moderator) { Fabricate(:moderator) }`
FIX: Reviewables should not be created for users until they are active Conversely, if a user is deactivated the reviewable should automatically be rejected. Before this fix, if a user was not active they'd still show in the review queue but without an "Approve" button which was confusing. 2019-04-04 00:04:05 +08:00			`let(:user) do`
			`user = Fabricate(:user)`
			`user.activate`
			`user`
			`end`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-04 01:03:01 +08:00			`let(:admin) { Fabricate(:admin) }`

			`context "actions_for" do`
			`let(:reviewable) { Fabricate(:reviewable) }`
			`it "returns approve/disapprove in the pending state" do`
			`actions = reviewable.actions_for(Guardian.new(moderator))`
			`expect(actions.has?(:approve)).to eq(true)`
			`expect(actions.has?(:reject)).to eq(true)`
			`end`

			`it "doesn't return anything in the approved state" do`
			`reviewable.status = Reviewable.statuses[:approved]`
			`actions = reviewable.actions_for(Guardian.new(moderator))`
			`expect(actions.has?(:approve)).to eq(false)`
			`expect(actions.has?(:reject)).to eq(false)`
			`end`
			`end`

			`context "#update_fields" do`
			`let(:moderator) { Fabricate(:moderator) }`
			`let(:reviewable) { Fabricate(:reviewable) }`

			`it "doesn't raise errors with an empty update" do`
			`expect(reviewable.update_fields(nil, moderator)).to eq(true)`
			`expect(reviewable.update_fields({}, moderator)).to eq(true)`
			`end`
			`end`

FIX: Deleting Users should work nicely with Reviewable Users "Rejecting" a user in the queue is equivalent to deleting them, which would then making it impossible to review rejected users. Now we store information about the user in the payload so if they are deleted things still display in the Rejected view. Secondly, if a user is destroyed outside of the review queue, it will now automatically "Reject" that queue item. 2019-04-04 04:41:04 +08:00			`context "when a user is deleted" do`
			`it "should reject the reviewable" do`
			`Jobs::CreateUserReviewable.new.execute(user_id: user.id)`
			`reviewable = Reviewable.find_by(target: user)`
			`expect(reviewable.pending?).to eq(true)`

			`UserDestroyer.new(Discourse.system_user).destroy(user)`
			`expect(reviewable.reload.rejected?).to eq(true)`
			`end`
			`end`

FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-04 01:03:01 +08:00			`context "perform" do`
			`let(:reviewable) { Fabricate(:reviewable) }`
			`context "approve" do`
			`it "allows us to approve a user" do`
			`result = reviewable.perform(moderator, :approve)`
			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.approved?).to eq(true)`
			`expect(reviewable.target.approved?).to eq(true)`
			`expect(reviewable.target.approved_by_id).to eq(moderator.id)`
			`expect(reviewable.target.approved_at).to be_present`
			`expect(reviewable.version > 0).to eq(true)`
			`end`

			`it "allows us to reject a user" do`
			`result = reviewable.perform(moderator, :reject)`
			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.rejected?).to eq(true)`

			`# Rejecting deletes the user record`
			`reviewable.reload`
			`expect(reviewable.target).to be_blank`
			`end`
FIX: Allow users with posts to be rejected 2019-03-30 01:52:53 +08:00
			`it "allows us to reject a user who has posts" do`
			`Fabricate(:post, user: reviewable.target)`
			`result = reviewable.perform(moderator, :reject)`
			`expect(result.success?).to eq(true)`

			`expect(reviewable.pending?).to eq(false)`
			`expect(reviewable.rejected?).to eq(true)`

			`# Rejecting deletes the user record`
			`reviewable.reload`
			`expect(reviewable.target).to be_present`
			`expect(reviewable.target.approved).to eq(false)`
			`end`
FIX: Always allow us to reject users, even if they are deleted 2019-04-10 23:00:14 +08:00
			`it "allows us to reject a user who has been deleted" do`
			`reviewable.target.destroy!`
			`reviewable.reload`
			`result = reviewable.perform(moderator, :reject)`
			`expect(result.success?).to eq(true)`
			`expect(reviewable.rejected?).to eq(true)`
			`expect(reviewable.target).to be_blank`
			`end`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-04 01:03:01 +08:00			`end`
			`end`

			`describe 'when must_approve_users is true' do`
			`before do`
			`SiteSetting.must_approve_users = true`
FIX: Reviewables should not be created for users until they are active Conversely, if a user is deactivated the reviewable should automatically be rejected. Before this fix, if a user was not active they'd still show in the review queue but without an "Approve" button which was confusing. 2019-04-04 00:04:05 +08:00			`Jobs.run_immediately!`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-04 01:03:01 +08:00			`end`

			`it "creates the ReviewableUser for a user, with moderator access" do`
			`reviewable = ReviewableUser.find_by(target: user)`
			`expect(reviewable).to be_present`
			`expect(reviewable.reviewable_by_moderator).to eq(true)`
			`end`

			`context "email jobs" do`
			`let(:reviewable) { ReviewableUser.find_by(target: user) }`
			`before do`
			`reviewable`

			`# We can ignore these notifications for the purpose of this test`
			`Jobs.stubs(:enqueue).with(:notify_reviewable, has_key(:reviewable_id))`
			`end`

			`after do`
			`ReviewableUser.find_by(target: user).perform(admin, :approve)`
			`end`

			`it "enqueues a 'signup after approval' email if must_approve_users is true" do`
			`Jobs.expects(:enqueue).with(`
			`:critical_user_email, has_entries(type: :signup_after_approval)`
			`)`
			`end`

			`it "doesn't enqueue a 'signup after approval' email if must_approve_users is false" do`
			`SiteSetting.must_approve_users = false`
			`Jobs.expects(:enqueue).with(`
			`:critical_user_email, has_entries(type: :signup_after_approval)`
			`).never`
			`end`
			`end`

			`it 'triggers a extensibility event' do`
			`user && admin # bypass the user_created event`
			`event = DiscourseEvent.track_events {`
			`ReviewableUser.find_by(target: user).perform(admin, :approve)`
			`}.first`

			`expect(event[:event_name]).to eq(:user_approved)`
			`expect(event[:params].first).to eq(user)`
			`end`

			`it 'triggers a extensibility event' do`
			`user && admin # bypass the user_created event`
			`event = DiscourseEvent.track_events {`
			`ReviewableUser.find_by(target: user).perform(admin, :approve)`
			`}.first`

			`expect(event[:event_name]).to eq(:user_approved)`
			`expect(event[:params].first).to eq(user)`
			`end`
			`end`

			`end`