debian-mirror-gitlab/spec/requests/abuse_reports_controller_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe AbuseReportsController, feature_category: :insider_threat do
  let(:reporter) { create(:user) }
  let(:user)     { create(:user) }
  let(:abuse_category) { 'spam' }

  let(:attrs) do
    attributes_for(:abuse_report) do |hash|
      hash[:user_id] = user.id
      hash[:category] = abuse_category
    end
  end

  before do
    sign_in(reporter)
  end

  describe 'GET new' do
    let(:ref_url) { 'http://example.com' }

    it 'sets the instance variables' do
      get new_abuse_report_path(user_id: user.id, ref_url: ref_url)

      expect(assigns(:abuse_report)).to be_kind_of(AbuseReport)
      expect(assigns(:abuse_report)).to have_attributes(
        user_id: user.id,
        reported_from_url: ref_url
      )
    end

    context 'when the user has already been deleted' do
      it 'redirects the reporter to root_path' do
        user_id = user.id
        user.destroy!

        get new_abuse_report_path(user_id: user_id)

        expect(response).to redirect_to root_path
        expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))
      end
    end

    context 'when the user has already been blocked' do
      it 'redirects the reporter to the user\'s profile' do
        user.block

        get new_abuse_report_path(user_id: user.id)

        expect(response).to redirect_to user
        expect(flash[:alert]).to eq(_('Cannot create the abuse report. This user has been blocked.'))
      end
    end
  end

  describe 'POST add_category', :aggregate_failures do
    subject(:request) { post add_category_abuse_reports_path, params: request_params }

    context 'when user is reported for abuse' do
      let(:ref_url) { 'http://example.com' }
      let(:request_params) do
        { user_id: user.id, abuse_report: { category: abuse_category, reported_from_url: ref_url } }
      end

      it 'renders new template' do
        subject

        expect(response).to have_gitlab_http_status(:ok)
        expect(response).to render_template(:new)
      end

      it 'sets the instance variables' do
        subject

        expect(assigns(:abuse_report)).to be_kind_of(AbuseReport)
        expect(assigns(:abuse_report)).to have_attributes(
          user_id: user.id,
          category: abuse_category,
          reported_from_url: ref_url
        )
      end

      it 'tracks the snowplow event' do
        subject

        expect_snowplow_event(
          category: 'ReportAbuse',
          action: 'select_abuse_category',
          property: abuse_category,
          user: user
        )
      end
    end

    context 'when abuse_report is missing in params' do
      let(:request_params) { { user_id: user.id } }

      it 'raises an error' do
        expect { subject }.to raise_error(ActionController::ParameterMissing)
      end
    end

    context 'when user_id is missing in params' do
      let(:request_params) { { abuse_report: { category: abuse_category } } }

      it 'redirects the reporter to root_path' do
        subject

        expect(response).to redirect_to root_path
        expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))
      end
    end

    context 'when the user has already been deleted' do
      let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category } } }

      it 'redirects the reporter to root_path' do
        user.destroy!

        subject

        expect(response).to redirect_to root_path
        expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))
      end
    end

    context 'when the user has already been blocked' do
      let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category } } }

      it 'redirects the reporter to the user\'s profile' do
        user.block

        subject

        expect(response).to redirect_to user
        expect(flash[:alert]).to eq(_('Cannot create the abuse report. This user has been blocked.'))
      end
    end
  end

  describe 'POST create' do
    context 'with valid attributes' do
      it 'saves the abuse report' do
        expect do
          post abuse_reports_path(abuse_report: attrs)
        end.to change { AbuseReport.count }.by(1)
      end

      it 'calls notify' do
        expect_next_instance_of(AbuseReport) do |instance|
          expect(instance).to receive(:notify)
        end

        post abuse_reports_path(abuse_report: attrs)
      end

      it 'redirects back to root' do
        post abuse_reports_path(abuse_report: attrs)

        expect(response).to redirect_to root_path
      end

      it 'tracks the snowplow event' do
        post abuse_reports_path(abuse_report: attrs)

        expect_snowplow_event(
          category: 'ReportAbuse',
          action: 'submit_form',
          property: abuse_category,
          user: user
        )
      end
    end

    context 'with invalid attributes' do
      before do
        attrs.delete(:user_id)
      end

      it 'redirects back to root' do
        post abuse_reports_path(abuse_report: attrs)

        expect(response).to redirect_to root_path
      end

      it 'does not track the snowplow event' do
        post abuse_reports_path(abuse_report: attrs)

        expect_no_snowplow_event
      end
    end
  end
end
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`# frozen_string_literal: true`

Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`require 'spec_helper'`

New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`RSpec.describe AbuseReportsController, feature_category: :insider_threat do`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`let(:reporter) { create(:user) }`
			`let(:user) { create(:user) }`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`let(:abuse_category) { 'spam' }`

Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`let(:attrs) do`
			`attributes_for(:abuse_report) do \|hash\|`
			`hash[:user_id] = user.id`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`hash[:category] = abuse_category`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
			`end`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30
			`before do`
			`sign_in(reporter)`
			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`describe 'GET new' do`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`let(:ref_url) { 'http://example.com' }`

			`it 'sets the instance variables' do`
			`get new_abuse_report_path(user_id: user.id, ref_url: ref_url)`

			`expect(assigns(:abuse_report)).to be_kind_of(AbuseReport)`
			`expect(assigns(:abuse_report)).to have_attributes(`
			`user_id: user.id,`
			`reported_from_url: ref_url`
			`)`
			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`context 'when the user has already been deleted' do`
			`it 'redirects the reporter to root_path' do`
			`user_id = user.id`
New upstream version 14.6.3+ds1 2022-01-26 12:08:38 +05:30			`user.destroy!`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`get new_abuse_report_path(user_id: user_id)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`expect(response).to redirect_to root_path`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`end`
			`end`

			`context 'when the user has already been blocked' do`
			`it 'redirects the reporter to the user\'s profile' do`
			`user.block`

New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`get new_abuse_report_path(user_id: user.id)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`expect(response).to redirect_to user`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`expect(flash[:alert]).to eq(_('Cannot create the abuse report. This user has been blocked.'))`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`end`
			`end`
			`end`

New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`describe 'POST add_category', :aggregate_failures do`
			`subject(:request) { post add_category_abuse_reports_path, params: request_params }`

			`context 'when user is reported for abuse' do`
			`let(:ref_url) { 'http://example.com' }`
			`let(:request_params) do`
			`{ user_id: user.id, abuse_report: { category: abuse_category, reported_from_url: ref_url } }`
			`end`

			`it 'renders new template' do`
			`subject`

			`expect(response).to have_gitlab_http_status(:ok)`
			`expect(response).to render_template(:new)`
			`end`

			`it 'sets the instance variables' do`
			`subject`

			`expect(assigns(:abuse_report)).to be_kind_of(AbuseReport)`
			`expect(assigns(:abuse_report)).to have_attributes(`
			`user_id: user.id,`
			`category: abuse_category,`
			`reported_from_url: ref_url`
			`)`
			`end`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
			`it 'tracks the snowplow event' do`
			`subject`

			`expect_snowplow_event(`
			`category: 'ReportAbuse',`
			`action: 'select_abuse_category',`
			`property: abuse_category,`
			`user: user`
			`)`
			`end`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`end`

			`context 'when abuse_report is missing in params' do`
			`let(:request_params) { { user_id: user.id } }`

			`it 'raises an error' do`
			`expect { subject }.to raise_error(ActionController::ParameterMissing)`
			`end`
			`end`

			`context 'when user_id is missing in params' do`
			`let(:request_params) { { abuse_report: { category: abuse_category } } }`

			`it 'redirects the reporter to root_path' do`
			`subject`

			`expect(response).to redirect_to root_path`
			`expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))`
			`end`
			`end`

			`context 'when the user has already been deleted' do`
			`let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category } } }`

			`it 'redirects the reporter to root_path' do`
			`user.destroy!`

			`subject`

			`expect(response).to redirect_to root_path`
			`expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))`
			`end`
			`end`

			`context 'when the user has already been blocked' do`
			`let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category } } }`

			`it 'redirects the reporter to the user\'s profile' do`
			`user.block`

			`subject`

			`expect(response).to redirect_to user`
			`expect(flash[:alert]).to eq(_('Cannot create the abuse report. This user has been blocked.'))`
			`end`
			`end`
			`end`

Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`describe 'POST create' do`
			`context 'with valid attributes' do`
			`it 'saves the abuse report' do`
			`expect do`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`post abuse_reports_path(abuse_report: attrs)`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end.to change { AbuseReport.count }.by(1)`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`end`

Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`it 'calls notify' do`
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`expect_next_instance_of(AbuseReport) do \|instance\|`
			`expect(instance).to receive(:notify)`
			`end`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`post abuse_reports_path(abuse_report: attrs)`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`end`

New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30			`it 'redirects back to root' do`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`post abuse_reports_path(abuse_report: attrs)`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`expect(response).to redirect_to root_path`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`end`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
			`it 'tracks the snowplow event' do`
			`post abuse_reports_path(abuse_report: attrs)`

			`expect_snowplow_event(`
			`category: 'ReportAbuse',`
			`action: 'submit_form',`
			`property: abuse_category,`
			`user: user`
			`)`
			`end`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`context 'with invalid attributes' do`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`before do`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`attrs.delete(:user_id)`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`end`

			`it 'redirects back to root' do`
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`post abuse_reports_path(abuse_report: attrs)`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30
New upstream version 14.8.5+ds1 2022-04-04 11:22:00 +05:30			`expect(response).to redirect_to root_path`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`end`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
			`it 'does not track the snowplow event' do`
			`post abuse_reports_path(abuse_report: attrs)`

			`expect_no_snowplow_event`
			`end`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`end`
			`end`
			`end`