mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-05 06:38:46 +00:00
feat: don't allow blocking the doer
- In the case of organization blocking users, disallow blocking the doer. - Resolves #5390 - Added integration test.
This commit is contained in:
parent
d071c09bf7
commit
e14f2d0c84
3 changed files with 21 additions and 0 deletions
|
@ -1042,6 +1042,7 @@ visibility.private_tooltip = Visible only to members of organizations you have j
|
||||||
blocked_since = Blocked since %s
|
blocked_since = Blocked since %s
|
||||||
user_unblock_success = The user has been unblocked successfully.
|
user_unblock_success = The user has been unblocked successfully.
|
||||||
user_block_success = The user has been blocked successfully.
|
user_block_success = The user has been blocked successfully.
|
||||||
|
user_block_yourself = You cannot block yourself.
|
||||||
|
|
||||||
[repo]
|
[repo]
|
||||||
rss.must_be_on_branch = You must be on a branch to have an RSS feed.
|
rss.must_be_on_branch = You must be on a branch to have an RSS feed.
|
||||||
|
|
|
@ -53,6 +53,12 @@ func BlockedUsersBlock(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if u.ID == ctx.Doer.ID {
|
||||||
|
ctx.Flash.Error(ctx.Tr("settings.user_block_yourself"))
|
||||||
|
ctx.Redirect(ctx.Org.OrgLink + "/settings/blocked_users")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err := user_service.BlockUser(ctx, ctx.Org.Organization.ID, u.ID); err != nil {
|
if err := user_service.BlockUser(ctx, ctx.Org.Organization.ID, u.ID); err != nil {
|
||||||
ctx.ServerError("BlockUser", err)
|
ctx.ServerError("BlockUser", err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -147,6 +147,20 @@ func TestBlockUserFromOrganization(t *testing.T) {
|
||||||
session.MakeRequest(t, req, http.StatusInternalServerError)
|
session.MakeRequest(t, req, http.StatusInternalServerError)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("Block the doer", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", org.OrganisationLink()+"/settings/blocked_users/block", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, org.OrganisationLink()+"/settings/blocked_users"),
|
||||||
|
"uname": doer.Name,
|
||||||
|
})
|
||||||
|
session.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
assert.False(t, unittest.BeanExists(t, &user_model.BlockedUser{BlockID: doer.ID, UserID: org.ID}))
|
||||||
|
flashCookie := session.GetCookie(forgejo_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.EqualValues(t, "error%3DYou%2Bcannot%2Bblock%2Byourself.", flashCookie.Value)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestBlockActions ensures that certain actions cannot be performed as a doer
|
// TestBlockActions ensures that certain actions cannot be performed as a doer
|
||||||
|
|
Loading…
Reference in a new issue