Skip blocks check when getting active blocks list

openstreetmap · Jan 1, 2025 · 00b3d9a · 00b3d9a
1 parent 621efb7
commit 00b3d9a
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 7 deletions.
diff --git a/app/controllers/api/user_blocks/active_lists_controller.rb b/app/controllers/api/user_blocks/active_lists_controller.rb
@@ -1,13 +1,20 @@
 module Api
   module UserBlocks
     class ActiveListsController < ApiController
+      before_action :disable_blocks_check
       before_action :authorize
 
       authorize_resource :class => :active_user_blocks_list
 
       before_action :set_request_formats
 
       def show; end
+
+      private
+
+      def disable_blocks_check
+        flash.now[:skip_blocks] = true
+      end
     end
   end
 end
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
@@ -100,13 +100,15 @@ def setup_user_auth
     # have we identified the user?
     if current_user
       # check if the user has been banned
-      user_block = current_user.blocks.active.take
-      unless user_block.nil?
-        set_locale
-        if user_block.zero_hour?
-          report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
-        else
-          report_error t("application.setup_user_auth.blocked"), :forbidden
+      if flash.now[:skip_blocks].nil?
+        user_block = current_user.blocks.active.take
+        unless user_block.nil?
+          set_locale
+          if user_block.zero_hour?
+            report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
+          else
+            report_error t("application.setup_user_auth.blocked"), :forbidden
+          end
         end
       end
 

diff --git a/test/controllers/api/user_blocks/active_lists_controller_test.rb b/test/controllers/api/user_blocks/active_lists_controller_test.rb
@@ -38,6 +38,32 @@ def test_show_empty
         assert_response :success
         assert_dom "user_block", :count => 0
       end
+
+      def test_show
+        user = create(:moderator_user)
+        user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
+        create(:user_block, :expired, :user => user)
+        block0 = create(:user_block, :user => user)
+        block1 = create(:user_block, :user => user)
+        create(:user_block)
+        create(:user_block, :creator => user)
+
+        get api_user_blocks_active_list_path, :headers => user_auth_header
+        assert_response :success
+      end
+
+      def test_show_json
+        user = create(:moderator_user)
+        user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
+        create(:user_block, :expired, :user => user)
+        block0 = create(:user_block, :user => user)
+        block1 = create(:user_block, :user => user)
+        create(:user_block)
+        create(:user_block, :creator => user)
+
+        get api_user_blocks_active_list_path(:format => "json"), :headers => user_auth_header
+        assert_response :success
+      end
     end
   end
 end