From d54dc8983ac0c76db456371cb51f9a448a59108e Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Wed, 20 Nov 2024 20:18:56 +0100 Subject: [PATCH] Implement Admin Account Moderation Notes API --- .../api/v1/admin/accounts/notes_controller.rb | 60 +++++++++++++++++++ .../rest/admin/moderation_note_serializer.rb | 4 +- config/routes/api.rb | 3 +- 3 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 app/controllers/api/v1/admin/accounts/notes_controller.rb diff --git a/app/controllers/api/v1/admin/accounts/notes_controller.rb b/app/controllers/api/v1/admin/accounts/notes_controller.rb new file mode 100644 index 00000000000..7dfe3cfd39c --- /dev/null +++ b/app/controllers/api/v1/admin/accounts/notes_controller.rb @@ -0,0 +1,60 @@ +# frozen_string_literal: true + +class Api::V1::Admin::Accounts::NotesController < Api::BaseController + include Authorization + include AccountableConcern + + PERMITTED_PARAMS = %i( + content + ).freeze + + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] + before_action :set_account + before_action :set_account_note, except: [:index, :create] + + rescue_from ArgumentError do |e| + render json: { error: e.to_s }, status: 422 + end + + def index + authorize @account, :show? + render json: @account.targeted_moderation_notes.chronological.includes(:account), each_serializer: REST::Admin::ModerationNoteSerializer + end + + def show + authorize @account_moderation_note, :show? + render json: @account_moderation_note, serializer: REST::Admin::ModerationNoteSerializer + end + + def create + authorize AccountModerationNote, :create? + + @account_moderation_note = current_account.account_moderation_notes.new(account_note_params.merge(target_account_id: @account.id)) + @account_moderation_note.save! + + render json: @account_moderation_note, serializer: REST::Admin::ModerationNoteSerializer + end + + def destroy + authorize @account_moderation_note, :destroy? + @account_moderation_note.destroy! + render_empty + end + + private + + def set_account + @account = Account.find(params[:account_id]) + end + + def set_account_note + @account_moderation_note = AccountModerationNote.where(target_account_id: params[:account_id]).find(params[:id]) + end + + def account_note_params + params + .slice(*PERMITTED_PARAMS) + .permit(*PERMITTED_PARAMS) + end +end diff --git a/app/serializers/rest/admin/moderation_note_serializer.rb b/app/serializers/rest/admin/moderation_note_serializer.rb index 06829112ae6..b381e7114c7 100644 --- a/app/serializers/rest/admin/moderation_note_serializer.rb +++ b/app/serializers/rest/admin/moderation_note_serializer.rb @@ -17,9 +17,9 @@ class REST::Admin::ModerationNoteSerializer < ActiveModel::Serializer def target case object when ReportNote - { type: 'Report', id: object.report_id.to_s, url: api_v1_admin_report_url(object.report) } + { type: 'Report', id: object.report_id.to_s, url: api_v1_admin_report_url(object.report.id) } when AccountModerationNote - { type: 'Account', id: object.target_account_id.to_s, url: api_v1_admin_account_url(object.target_account) } + { type: 'Account', id: object.target_account_id.to_s, url: api_v1_admin_account_url(object.target_account.id) } end end end diff --git a/config/routes/api.rb b/config/routes/api.rb index 3d4dbd8cebb..2326225c4a8 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -245,6 +245,7 @@ namespace :api, format: false do end resource :action, only: [:create], controller: 'account_actions' + resources :notes, controller: 'accounts/notes', only: [:index, :show, :create, :destroy] end resources :reports, only: [:index, :update, :show] do @@ -255,7 +256,7 @@ namespace :api, format: false do post :resolve end - resources :notes, controller: 'reports/notes', except: [:new, :edit, :update] + resources :notes, controller: 'reports/notes', only: [:index, :show, :create, :destroy] end resources :domain_allows, only: [:index, :show, :create, :destroy]