posts: allow admins to approve the same post twice.

This is so admins can overrule flags and always have the final say in whether a post is approved, even in the event of coordinated or sockpuppet flagging. Fixes #4980: Way to mark flags as invalid for admins
2022-06-05 15:23:24 -05:00
parent 907194fc6f
commit acc4a21687
3 changed files with 27 additions and 1 deletions
--- a/app/models/post_approval.rb
+++ b/app/models/post_approval.rb
@@ -18,7 +18,7 @@ class PostApproval < ApplicationRecord
      errors.add(:base, "You cannot approve a post you uploaded")
    end

-    if post.approver == user || post.approvals.exists?(user: user)
+    if (post.approver == user || post.approvals.exists?(user: user)) && !policy(user).can_bypass_approval_limits?
      errors.add(:base, "You have previously approved this post and cannot approve it again")
    end
  end
--- a/app/policies/post_approval_policy.rb
+++ b/app/policies/post_approval_policy.rb
@@ -4,4 +4,8 @@ class PostApprovalPolicy < ApplicationPolicy
  def create?
    user.is_approver?
  end
+
+  def can_bypass_approval_limits?
+    user.is_admin?
+  end
 end
--- a/test/unit/post_approval_test.rb
+++ b/test/unit/post_approval_test.rb
@@ -26,6 +26,28 @@ class PostApprovalTest < ActiveSupport::TestCase
          assert_equal(false, @approval2.valid?)
          assert_equal(["You have previously approved this post and cannot approve it again"], @approval2.errors[:base])
        end
+
+        should "allow an admin to approve the same post twice" do
+          @approver = create(:admin_user)
+
+          create(:post_approval, post: @post, user: @approver)
+          assert_equal(1, @post.approvals.count)
+          assert_equal(@approver, @post.approver)
+          assert_equal(false, @post.reload.is_pending?)
+          assert_equal(true, @post.reload.is_active?)
+
+          flag = create(:post_flag, post: @post, creator: create(:user))
+          assert_equal(true, @post.reload.is_flagged?)
+          assert_equal(false, @post.reload.is_active?)
+          assert_equal("pending", flag.reload.status)
+
+          create(:post_approval, post: @post, user: @approver)
+          assert_equal(2, @post.approvals.count)
+          assert_equal(@approver, @post.approver)
+          assert_equal(false, @post.reload.is_flagged?)
+          assert_equal(true, @post.reload.is_active?)
+          assert_equal("rejected", flag.reload.status)
+        end
      end
    end