[MODERATION] QoL improvements (squash)

- Ensure that organisations cannot be blocked. It currently has no effect, as all blocked operations cannot be executed from an organisation standpoint. - Refactored the API route to make use of the `UserAssignmentAPI` middleware. - Make more use of `t.Run` so that the test code is more clear about which block of code belongs to which test case. - Added more integration testing (to ensure the organisations cannot be blocked and some authorization/permission checks).
2023-08-07 16:00:55 +02:00 · 2023-08-07 16:00:55 +02:00 · e9d638d075
commit e9d638d075
parent 2bdcb83fb2
8 changed files with 266 additions and 56 deletions
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@ -5,6 +5,7 @@
 package user

 import (
+	"fmt"
 	"net/http"

 	activities_model "code.gitea.io/gitea/models/activities"
@ -244,13 +245,15 @@ func BlockUser(ctx *context.APIContext) {
 	//     "$ref": "#/responses/empty"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/validationError"

-	user := GetUserByParams(ctx)
-	if ctx.Written() {
+	if ctx.ContextUser.IsOrganization() {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("%s is an organization not a user", ctx.ContextUser.Name))
 		return
 	}

-	utils.BlockUser(ctx, ctx.Doer, user)
+	utils.BlockUser(ctx, ctx.Doer, ctx.ContextUser)
 }

 // UnblockUser unblocks a user from the doer.
@ -271,11 +274,13 @@ func UnblockUser(ctx *context.APIContext) {
 	//     "$ref": "#/responses/empty"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/validationError"

-	user := GetUserByParams(ctx)
-	if ctx.Written() {
+	if ctx.ContextUser.IsOrganization() {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("%s is an organization not a user", ctx.ContextUser.Name))
 		return
 	}

-	utils.UnblockUser(ctx, ctx.Doer, user)
+	utils.UnblockUser(ctx, ctx.Doer, ctx.ContextUser)
 }