Use expect for admin/ controllers (mastodon#33686)

BakaAC · Jan 27, 2025 · 65d9171 · 65d9171
1 parent 5938428
commit 65d9171
Show file tree

Hide file tree

Showing 57 changed files with 551 additions and 41 deletions.
diff --git a/app/controllers/admin/account_actions_controller.rb b/app/controllers/admin/account_actions_controller.rb
@@ -34,7 +34,8 @@ def set_account
     end
 
     def resource_params
-      params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification, :include_statuses)
+      params
+        .expect(admin_account_action: [:type, :report_id, :warning_preset_id, :text, :send_email_notification, :include_statuses])
     end
   end
 end
diff --git a/app/controllers/admin/account_moderation_notes_controller.rb b/app/controllers/admin/account_moderation_notes_controller.rb
@@ -29,10 +29,8 @@ def destroy
     private
 
     def resource_params
-      params.require(:account_moderation_note).permit(
-        :content,
-        :target_account_id
-      )
+      params
+        .expect(account_moderation_note: [:content, :target_account_id])
     end
 
     def set_account_moderation_note

diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
@@ -158,7 +158,8 @@ def filter_params
     end
 
     def form_account_batch_params
-      params.require(:form_account_batch).permit(:action, account_ids: [])
+      params
+        .expect(form_account_batch: [:action, account_ids: []])
     end
 
     def action_from_button

diff --git a/app/controllers/admin/announcements_controller.rb b/app/controllers/admin/announcements_controller.rb
@@ -84,6 +84,7 @@ def filter_params
   end
 
   def resource_params
-    params.require(:announcement).permit(:text, :scheduled_at, :starts_at, :ends_at, :all_day)
+    params
+      .expect(announcement: [:text, :scheduled_at, :starts_at, :ends_at, :all_day])
   end
 end
diff --git a/app/controllers/admin/change_emails_controller.rb b/app/controllers/admin/change_emails_controller.rb
@@ -41,9 +41,8 @@ def require_local_account!
     end
 
     def resource_params
-      params.require(:user).permit(
-        :unconfirmed_email
-      )
+      params
+        .expect(user: [:unconfirmed_email])
     end
   end
 end
diff --git a/app/controllers/admin/custom_emojis_controller.rb b/app/controllers/admin/custom_emojis_controller.rb
@@ -44,7 +44,8 @@ def batch
     private
 
     def resource_params
-      params.require(:custom_emoji).permit(:shortcode, :image, :visible_in_picker)
+      params
+        .expect(custom_emoji: [:shortcode, :image, :visible_in_picker])
     end
 
     def filtered_custom_emojis
@@ -74,7 +75,8 @@ def action_from_button
     end
 
     def form_custom_emoji_batch_params
-      params.require(:form_custom_emoji_batch).permit(:action, :category_id, :category_name, custom_emoji_ids: [])
+      params
+        .expect(form_custom_emoji_batch: [:action, :category_id, :category_name, custom_emoji_ids: []])
     end
   end
 end
diff --git a/app/controllers/admin/domain_allows_controller.rb b/app/controllers/admin/domain_allows_controller.rb
@@ -37,6 +37,7 @@ def set_domain_allow
   end
 
   def resource_params
-    params.require(:domain_allow).permit(:domain)
+    params
+      .expect(domain_allow: [:domain])
   end
 end
diff --git a/app/controllers/admin/domain_blocks_controller.rb b/app/controllers/admin/domain_blocks_controller.rb
@@ -25,7 +25,9 @@ def batch
     rescue Mastodon::NotPermittedError
       flash[:alert] = I18n.t('admin.domain_blocks.not_permitted')
     else
-      redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
+      flash[:notice] = I18n.t('admin.domain_blocks.created_msg')
+    ensure
+      redirect_to admin_instances_path(limited: '1')
     end
 
     def new
@@ -114,7 +116,12 @@ def resource_params
     end
 
     def form_domain_block_batch_params
-      params.require(:form_domain_block_batch).permit(domain_blocks_attributes: [:enabled, :domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate])
+      params
+        .expect(
+          form_domain_block_batch: [
+            domain_blocks_attributes: [[:enabled, :domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate]],
+          ]
+        )
     end
 
     def action_from_button

diff --git a/app/controllers/admin/email_domain_blocks_controller.rb b/app/controllers/admin/email_domain_blocks_controller.rb
@@ -62,11 +62,13 @@ def set_resolved_records
     end
 
     def resource_params
-      params.require(:email_domain_block).permit(:domain, :allow_with_approval, other_domains: [])
+      params
+        .expect(email_domain_block: [:domain, :allow_with_approval, other_domains: []])
     end
 
     def form_email_domain_block_batch_params
-      params.require(:form_email_domain_block_batch).permit(email_domain_block_ids: [])
+      params
+        .expect(form_email_domain_block_batch: [email_domain_block_ids: []])
     end
 
     def action_from_button

diff --git a/app/controllers/admin/follow_recommendations_controller.rb b/app/controllers/admin/follow_recommendations_controller.rb
@@ -37,7 +37,8 @@ def follow_recommendation_filter
     end
 
     def form_account_batch_params
-      params.require(:form_account_batch).permit(:action, account_ids: [])
+      params
+        .expect(form_account_batch: [:action, account_ids: []])
     end
 
     def filter_params

diff --git a/app/controllers/admin/invites_controller.rb b/app/controllers/admin/invites_controller.rb
@@ -39,7 +39,8 @@ def deactivate_all
     private
 
     def resource_params
-      params.require(:invite).permit(:max_uses, :expires_in)
+      params
+        .expect(invite: [:max_uses, :expires_in])
     end
 
     def filtered_invites

diff --git a/app/controllers/admin/ip_blocks_controller.rb b/app/controllers/admin/ip_blocks_controller.rb
@@ -44,15 +44,17 @@ def batch
     private
 
     def resource_params
-      params.require(:ip_block).permit(:ip, :severity, :comment, :expires_in)
+      params
+        .expect(ip_block: [:ip, :severity, :comment, :expires_in])
     end
 
     def action_from_button
       'delete' if params[:delete]
     end
 
     def form_ip_block_batch_params
-      params.require(:form_ip_block_batch).permit(ip_block_ids: [])
+      params
+        .expect(form_ip_block_batch: [ip_block_ids: []])
     end
   end
 end
diff --git a/app/controllers/admin/relays_controller.rb b/app/controllers/admin/relays_controller.rb
@@ -57,7 +57,8 @@ def set_relay
     end
 
     def resource_params
-      params.require(:relay).permit(:inbox_url)
+      params
+        .expect(relay: [:inbox_url])
     end
 
     def warn_signatures_not_enabled!

diff --git a/app/controllers/admin/report_notes_controller.rb b/app/controllers/admin/report_notes_controller.rb
@@ -47,10 +47,8 @@ def after_create_redirect_path
     end
 
     def resource_params
-      params.require(:report_note).permit(
-        :content,
-        :report_id
-      )
+      params
+        .expect(report_note: [:content, :report_id])
     end
 
     def set_report_note

diff --git a/app/controllers/admin/roles_controller.rb b/app/controllers/admin/roles_controller.rb
@@ -61,7 +61,8 @@ def set_role
     end
 
     def resource_params
-      params.require(:user_role).permit(:name, :color, :highlighted, :position, permissions_as_keys: [])
+      params
+        .expect(user_role: [:name, :color, :highlighted, :position, permissions_as_keys: []])
     end
   end
 end
diff --git a/app/controllers/admin/rules_controller.rb b/app/controllers/admin/rules_controller.rb
@@ -53,7 +53,8 @@ def set_rule
     end
 
     def resource_params
-      params.require(:rule).permit(:text, :hint, :priority)
+      params
+        .expect(rule: [:text, :hint, :priority])
     end
   end
 end
diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb
@@ -28,7 +28,8 @@ def after_update_redirect_path
     end
 
     def settings_params
-      params.require(:form_admin_settings).permit(*Form::AdminSettings::KEYS)
+      params
+        .expect(form_admin_settings: [*Form::AdminSettings::KEYS])
     end
   end
 end
diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb
@@ -39,7 +39,8 @@ def batched_ordered_status_edits
     helper_method :batched_ordered_status_edits
 
     def admin_status_batch_action_params
-      params.require(:admin_status_batch_action).permit(status_ids: [])
+      params
+        .expect(admin_status_batch_action: [status_ids: []])
     end
 
     def after_create_redirect_path

diff --git a/app/controllers/admin/tags_controller.rb b/app/controllers/admin/tags_controller.rb
@@ -37,7 +37,8 @@ def set_tag
     end
 
     def tag_params
-      params.require(:tag).permit(:name, :display_name, :trendable, :usable, :listable)
+      params
+        .expect(tag: [:name, :display_name, :trendable, :usable, :listable])
     end
 
     def filtered_tags

diff --git a/app/controllers/admin/terms_of_service/drafts_controller.rb b/app/controllers/admin/terms_of_service/drafts_controller.rb
@@ -31,6 +31,7 @@ def current_terms_of_service
   end
 
   def resource_params
-    params.require(:terms_of_service).permit(:text, :changelog)
+    params
+      .expect(terms_of_service: [:text, :changelog])
   end
 end
diff --git a/app/controllers/admin/terms_of_service/generates_controller.rb b/app/controllers/admin/terms_of_service/generates_controller.rb
@@ -32,6 +32,7 @@ def set_instance_presenter
   end
 
   def resource_params
-    params.require(:terms_of_service_generator).permit(*TermsOfService::Generator::VARIABLES)
+    params
+      .expect(terms_of_service_generator: [*TermsOfService::Generator::VARIABLES])
   end
 end
diff --git a/app/controllers/admin/trends/links/preview_card_providers_controller.rb b/app/controllers/admin/trends/links/preview_card_providers_controller.rb
@@ -31,7 +31,8 @@ def filter_params
   end
 
   def trends_preview_card_provider_batch_params
-    params.require(:trends_preview_card_provider_batch).permit(:action, preview_card_provider_ids: [])
+    params
+      .expect(trends_preview_card_provider_batch: [:action, preview_card_provider_ids: []])
   end
 
   def action_from_button

diff --git a/app/controllers/admin/trends/links_controller.rb b/app/controllers/admin/trends/links_controller.rb
@@ -31,7 +31,8 @@ def filter_params
   end
 
   def trends_preview_card_batch_params
-    params.require(:trends_preview_card_batch).permit(:action, preview_card_ids: [])
+    params
+      .expect(trends_preview_card_batch: [:action, preview_card_ids: []])
   end
 
   def action_from_button

diff --git a/app/controllers/admin/trends/statuses_controller.rb b/app/controllers/admin/trends/statuses_controller.rb
@@ -31,7 +31,8 @@ def filter_params
   end
 
   def trends_status_batch_params
-    params.require(:trends_status_batch).permit(:action, status_ids: [])
+    params
+      .expect(trends_status_batch: [:action, status_ids: []])
   end
 
   def action_from_button

diff --git a/app/controllers/admin/trends/tags_controller.rb b/app/controllers/admin/trends/tags_controller.rb
@@ -31,7 +31,8 @@ def filter_params
   end
 
   def trends_tag_batch_params
-    params.require(:trends_tag_batch).permit(:action, tag_ids: [])
+    params
+      .expect(trends_tag_batch: [:action, tag_ids: []])
   end
 
   def action_from_button

diff --git a/app/controllers/admin/users/roles_controller.rb b/app/controllers/admin/users/roles_controller.rb
@@ -28,7 +28,8 @@ def set_user
     end
 
     def resource_params
-      params.require(:user).permit(:role_id)
+      params
+        .expect(user: [:role_id])
     end
   end
 end
diff --git a/app/controllers/admin/warning_presets_controller.rb b/app/controllers/admin/warning_presets_controller.rb
@@ -52,7 +52,8 @@ def set_warning_preset
     end
 
     def warning_preset_params
-      params.require(:account_warning_preset).permit(:title, :text)
+      params
+        .expect(account_warning_preset: [:title, :text])
     end
   end
 end
diff --git a/app/controllers/admin/webhooks_controller.rb b/app/controllers/admin/webhooks_controller.rb
@@ -74,7 +74,8 @@ def set_webhook
     end
 
     def resource_params
-      params.require(:webhook).permit(:url, :template, events: [])
+      params
+        .expect(webhook: [:url, :template, events: []])
     end
   end
 end
diff --git a/spec/controllers/admin/settings/branding_controller_spec.rb b/spec/controllers/admin/settings/branding_controller_spec.rb
@@ -16,7 +16,8 @@
 
         patch :update, params: { form_admin_settings: { new_setting_key: 'New key value' } }
 
-        expect(response).to redirect_to(admin_settings_branding_path)
+        expect(response)
+          .to have_http_status(400)
         expect(Setting.new_setting_key).to be_nil
       end
     end

diff --git a/spec/requests/admin/account_actions_spec.rb b/spec/requests/admin/account_actions_spec.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin Account Actions' do
+  describe 'POST /admin/accounts/:account_id/action' do
+    before { sign_in Fabricate(:admin_user) }
+
+    let(:account) { Fabricate :account }
+
+    it 'gracefully handles invalid nested params' do
+      post admin_account_action_path(account.id, admin_account_action: 'invalid')
+
+      expect(response)
+        .to have_http_status(400)
+    end
+  end
+end
diff --git a/spec/requests/admin/account_moderation_notes_spec.rb b/spec/requests/admin/account_moderation_notes_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin Account Moderation Notes' do
+  describe 'POST /admin/account_moderation_notes' do
+    before { sign_in Fabricate(:admin_user) }
+
+    it 'gracefully handles invalid nested params' do
+      post admin_account_moderation_notes_path(account_moderation_note: 'invalid')
+
+      expect(response)
+        .to have_http_status(400)
+    end
+  end
+end
diff --git a/spec/requests/admin/accounts_spec.rb b/spec/requests/admin/accounts_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin Accounts' do
+  describe 'POST /admin/accounts/batch' do
+    before { sign_in Fabricate(:admin_user) }
+
+    it 'gracefully handles invalid nested params' do
+      post batch_admin_accounts_path(form_account_batch: 'invalid')
+
+      expect(response)
+        .to redirect_to(admin_accounts_path)
+    end
+  end
+end