[MODERATION] QoL improvements (squash)

- Ensure that organisations cannot be blocked. It currently has no effect, as all blocked operations cannot be executed from an organisation standpoint. - Refactored the API route to make use of the `UserAssignmentAPI` middleware. - Make more use of `t.Run` so that the test code is more clear about which block of code belongs to which test case. - Added more integration testing (to ensure the organisations cannot be blocked and some authorization/permission checks).
2023-08-07 16:00:55 +02:00 · 2023-08-07 16:00:55 +02:00 · e9d638d075
commit e9d638d075
parent 2bdcb83fb2
8 changed files with 266 additions and 56 deletions
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -902,8 +902,10 @@ func Routes() *web.Route {

 			m.Group("", func() {
 				m.Get("/list_blocked", user.ListBlockedUsers)
-				m.Put("/block/{username}", user.BlockUser)
-				m.Put("/unblock/{username}", user.UnblockUser)
+				m.Group("", func() {
+					m.Put("/block/{username}", user.BlockUser)
+					m.Put("/unblock/{username}", user.UnblockUser)
+				}, context_service.UserAssignmentAPI())
 			})

 			m.Group("/avatar", func() {
@ -1336,9 +1338,11 @@ func Routes() *web.Route {
 			m.Get("/activities/feeds", org.ListOrgActivityFeeds)

 			m.Group("", func() {
-				m.Get("/list_blocked", reqToken(), reqOrgOwnership(), org.ListBlockedUsers)
-				m.Put("/block/{username}", reqToken(), reqOrgOwnership(), org.BlockUser)
-				m.Put("/unblock/{username}", reqToken(), reqOrgOwnership(), org.UnblockUser)
+				m.Get("/list_blocked", org.ListBlockedUsers)
+				m.Group("", func() {
+					m.Put("/block/{username}", org.BlockUser)
+					m.Put("/unblock/{username}", org.UnblockUser)
+				}, context_service.UserAssignmentAPI())
 			}, reqToken(), reqOrgOwnership())
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(true))
 		m.Group("/teams/{teamid}", func() {