FIX: Remove action buttons if post has already been reviewed (#20126)

* FIX: Remove action buttons if post has already been reviewed

* Change the approve to reject test to expect an error

* Adds a controller spec to ensure you can't edit a non-pending review item

* Remove unnessary conditional

app/models/reviewable_queued_post.rb

@@ -32,7 +32,7 @@ class ReviewableQueuedPost < Reviewable
       end
     end
 
-    unless rejected?
+    if pending?
       actions.add(:reject_post) do |a|
         a.icon = "times"
         a.label = "reviewables.actions.reject_post.title"
@@ -45,17 +45,19 @@ class ReviewableQueuedPost < Reviewable
   end
 
   def build_editable_fields(fields, guardian, args)
-    # We can edit category / title if it's a new topic
-    if topic_id.blank?
-      # Only staff can edit category for now, since in theory a category group reviewer could
-      # post in a category they don't have access to.
-      fields.add("category_id", :category) if guardian.is_staff?
+    if pending?
+      # We can edit category / title if it's a new topic
+      if topic_id.blank?
+        # Only staff can edit category for now, since in theory a category group reviewer could
+        # post in a category they don't have access to.
+        fields.add("category_id", :category) if guardian.is_staff?
 
-      fields.add("payload.title", :text)
-      fields.add("payload.tags", :tags)
+        fields.add("payload.title", :text)
+        fields.add("payload.tags", :tags)
+      end
+
+      fields.add("payload.raw", :editor)
     end
-
-    fields.add("payload.raw", :editor)
   end
 
   def create_options

spec/models/reviewable_spec.rb

@@ -394,14 +394,15 @@ RSpec.describe Reviewable, type: :model do
     it "triggers a notification on approve -> reject to update status" do
       reviewable = Fabricate(:reviewable_queued_post, status: Reviewable.statuses[:approved])
 
-      expect do reviewable.perform(moderator, :reject_post) end.to change {
-        Jobs::NotifyReviewable.jobs.size
-      }.by(1)
+      expect { reviewable.perform(moderator, :reject_post) }.to raise_error(
+        Reviewable::InvalidAction,
+      )
+    end
 
-      job = Jobs::NotifyReviewable.jobs.last
+    it "triggers a notification on approve -> edit to update status" do
+      reviewable = Fabricate(:reviewable_queued_post, status: Reviewable.statuses[:approved])
 
-      expect(job["args"].first["reviewable_id"]).to eq(reviewable.id)
-      expect(job["args"].first["updated_reviewable_ids"]).to contain_exactly(reviewable.id)
+      expect { reviewable.perform(moderator, :edit_post) }.to raise_error(Reviewable::InvalidAction)
     end
 
     it "triggers a notification on reject -> approve to update status" do

spec/requests/reviewables_controller_spec.rb

@@ -663,6 +663,9 @@ RSpec.describe ReviewablesController do
       fab!(:reviewable_post) { Fabricate(:reviewable_queued_post) }
       fab!(:reviewable_topic) { Fabricate(:reviewable_queued_post_topic) }
       fab!(:moderator) { Fabricate(:moderator) }
+      fab!(:reviewable_approved_post) do
+        Fabricate(:reviewable_queued_post, status: Reviewable.statuses[:approved])
+      end
 
       before { sign_in(moderator) }
 
@@ -740,6 +743,19 @@ RSpec.describe ReviewablesController do
         expect(json["version"] > 0).to eq(true)
       end
 
+      it "prevents you from updating an approved post" do
+        put "/review/#{reviewable_approved_post.id}.json?version=#{reviewable_approved_post.version}",
+            params: {
+              reviewable: {
+                payload: {
+                  raw: "new raw content",
+                },
+              },
+            }
+
+        expect(response.code).to eq("403")
+      end
+
       it "allows you to update a queued post (for new topic)" do
         new_category_id = Fabricate(:category).id