Disallow interactions by blocked users; new "get objections" Members API route (#8755)

* Make flags.chatRevoked prevent sending private messages (issue #7971) * Disallow sending gems when messages aren't allowed. * Created function to check for objections to an interaction to user model and wired it into the API (issue #7971) * Fixes for issues raised by reviewers. * Added allowed values to apidoc for api.getObjectionsToInteraction. * Refactoring of getObjectionsToInteraction and minor API changes. * fix(objections): address PR comments * fix(strings): use US English for base edits * refactor(test): typos and phrasing
2025-12-18 15:17:25 +01:00 · 2017-06-06 18:49:05 -07:00
parent 00e5896ac6
commit 018976a723
8 changed files with 235 additions and 22 deletions
--- a/test/api/v3/integration/members/GET-objections_interaction.test.js
+++ b/test/api/v3/integration/members/GET-objections_interaction.test.js
@@ -0,0 +1,64 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('GET /members/:toUserId/objections/:interaction', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('validates req.params.memberId', async () => {
+    await expect(
+      user.get('/members/invalidUUID/objections/send-private-message')
+    ).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('handles non-existing members', async () => {
+    let dummyId = generateUUID();
+    await expect(
+      user.get(`/members/${dummyId}/objections/send-private-message`)
+    ).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('userWithIDNotFound', {userId: dummyId}),
+    });
+  });
+
+  it('handles non-existing interactions', async () => {
+    let receiver = await generateUser();
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/hug-a-whole-forest-of-trees`)
+    ).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('returns an empty array if there are no objections', async () => {
+    let receiver = await generateUser();
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/send-private-message`)
+    ).to.eventually.be.fulfilled.and.eql([]);
+  });
+
+  it('returns an array of objections if any exist', async () => {
+    let receiver = await generateUser({'inbox.blocks': [user._id]});
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/send-private-message`)
+    ).to.eventually.be.fulfilled.and.eql([
+      t('notAuthorizedToSendMessageToThisUser'),
+    ]);
+  });
+});