FIX: validate topic deletion when acting on a flag

FIX: validate topic deletion when acting on a flag

From b5bf182ad548eeb9654357746cad5a47b4ff7458 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Fri, 23 Nov 2018 19:28:04 +0530
Subject: [PATCH] FIX: validate topic deletion when acting on a flag


diff --git a/app/controllers/admin/flags_controller.rb b/app/controllers/admin/flags_controller.rb
index a58dbaa..a94eae4 100644
--- a/app/controllers/admin/flags_controller.rb
+++ b/app/controllers/admin/flags_controller.rb
@@ -87,7 +87,7 @@ class Admin::FlagsController < Admin::AdminController
 
     if delete_post
       # PostDestroy calls PostAction.agree_flags!
-      PostDestroyer.new(current_user, post).destroy
+      destroy_post(post)
     elsif restore_post
       PostAction.agree_flags!(post, current_user, delete_post)
       PostDestroyer.new(current_user, post).recover
@@ -131,9 +131,19 @@ class Admin::FlagsController < Admin::AdminController
     )
 
     PostAction.defer_flags!(post, current_user, params[:delete_post])
-    PostDestroyer.new(current_user, post).destroy if params[:delete_post]
+    destroy_post(post) if params[:delete_post]
 
     render body: nil
   end
 
+  private
+
+  def destroy_post(post)
+    if post.is_first_post?
+      topic = Topic.find_by(id: post.topic_id)
+      guardian.ensure_can_delete!(topic) if topic.present?
+    end
+
+    PostDestroyer.new(current_user, post).destroy
+  end
 end
diff --git a/spec/requests/admin/flags_controller_spec.rb b/spec/requests/admin/flags_controller_spec.rb
index 325cb83..75f58ee 100644
--- a/spec/requests/admin/flags_controller_spec.rb
+++ b/spec/requests/admin/flags_controller_spec.rb
@@ -1,9 +1,11 @@
 require 'rails_helper'
 
 RSpec.describe Admin::FlagsController do
+  let(:user) { Fabricate(:user) }
   let(:admin) { Fabricate(:admin) }
   let(:post_1) { Fabricate(:post) }
-  let(:user) { Fabricate(:user) }
+  let(:category) { Fabricate(:category) }
+  let(:first_post) { Fabricate(:post, post_number: 1) }
 
   before do
     sign_in(admin)
@@ -72,7 +74,7 @@ RSpec.describe Admin::FlagsController do
       post_action = PostAction.act(user, post_1, PostActionType.types[:spam], message: 'bad')
       admin.update!(locale: 'ja')
 
-      post "/admin/flags/agree/#{post_1.id}.json"
+      post "/admin/flags/agree/#{post_1.id}.json", params: { action_on_post: 'delete' }
       expect(response.status).to eq(200)
 
       post_action.reload
@@ -81,7 +83,23 @@ RSpec.describe Admin::FlagsController do
       expect(user.user_stat.reload.flags_agreed).to eq(1)
 
       agree_post = Topic.joins(:topic_allowed_users).where('topic_allowed_users.user_id = ?', user.id).order(:id).last.posts.last
-      expect(agree_post.raw).to eq(I18n.with_locale(:en) { I18n.t('flags_dispositions.agreed') })
+      expect(agree_post.raw).to eq(I18n.with_locale(:en) { I18n.t('flags_dispositions.agreed_and_deleted') })
+
+      post_1.reload
+      expect(post_1.deleted_at).to be_present
+    end
+
+    it 'should not delete category topic' do
+      SiteSetting.queue_jobs = false
+      category.update_column(:topic_id, first_post.topic_id)
+
+      post_action = PostAction.act(user, first_post, PostActionType.types[:spam], message: 'bad')
+
+      post "/admin/flags/agree/#{first_post.id}.json", params: { action_on_post: 'delete' }
+      expect(response.status).to eq(403)
+
+      first_post.reload
+      expect(first_post.deleted_at).to eq(nil)
     end
   end
 end

GitHub

1 Like