From 2374a00c1062a70e9092d88579e1351e4c8128f9 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 22 Aug 2018 11:53:41 +0200
Subject: Add confirmation step to account suspensions (#8353)

* Add confirmation page for suspensions

* Suspension confirmation closes reports, linked from report UI

* Fix tests
---
 app/controllers/admin/suspensions_controller.rb | 39 +++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 3 deletions(-)

(limited to 'app/controllers/admin/suspensions_controller.rb')

diff --git a/app/controllers/admin/suspensions_controller.rb b/app/controllers/admin/suspensions_controller.rb
index 5f222e125..0c7bdad9e 100644
--- a/app/controllers/admin/suspensions_controller.rb
+++ b/app/controllers/admin/suspensions_controller.rb
@@ -4,11 +4,24 @@ module Admin
   class SuspensionsController < BaseController
     before_action :set_account
 
+    def new
+      @suspension = Form::AdminSuspensionConfirmation.new(report_id: params[:report_id])
+    end
+
     def create
       authorize @account, :suspend?
-      Admin::SuspensionWorker.perform_async(@account.id)
-      log_action :suspend, @account
-      redirect_to admin_accounts_path
+
+      @suspension = Form::AdminSuspensionConfirmation.new(suspension_params)
+
+      if suspension_params[:acct] == @account.acct
+        resolve_report! if suspension_params[:report_id]
+        perform_suspend!
+        mark_reports_resolved!
+        redirect_to admin_accounts_path
+      else
+        flash.now[:alert] = I18n.t('admin.suspensions.bad_acct_msg')
+        render :new
+      end
     end
 
     def destroy
@@ -23,5 +36,25 @@ module Admin
     def set_account
       @account = Account.find(params[:account_id])
     end
+
+    def suspension_params
+      params.require(:form_admin_suspension_confirmation).permit(:acct, :report_id)
+    end
+
+    def resolve_report!
+      report = Report.find(suspension_params[:report_id])
+      report.resolve!(current_account)
+      log_action :resolve, report
+    end
+
+    def perform_suspend!
+      @account.suspend!
+      Admin::SuspensionWorker.perform_async(@account.id)
+      log_action :suspend, @account
+    end
+
+    def mark_reports_resolved!
+      Report.where(target_account: @account).unresolved.update_all(action_taken: true, action_taken_by_account_id: current_account.id)
+    end
   end
 end
-- 
cgit