From fbb4962d768a48ae1bd6d445843759ba75396752 Mon Sep 17 00:00:00 2001 From: Brian Austin <13002992+brianjaustin@users.noreply.github.com> Date: Wed, 3 Apr 2024 20:47:10 -0400 Subject: [PATCH] AO3-5283 Prevent loading ModeratedWorks with missing Work (#4567) * AO3-5283 Prevent loading ModeratedWorks with missing Work * Use includes to combine (moderated_)work queries --- app/controllers/admin/spam_controller.rb | 7 +++++-- spec/controllers/admin/spam_controller_spec.rb | 16 ++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/spam_controller.rb b/app/controllers/admin/spam_controller.rb index d7f1422fce9..8b652789aa0 100644 --- a/app/controllers/admin/spam_controller.rb +++ b/app/controllers/admin/spam_controller.rb @@ -1,5 +1,4 @@ class Admin::SpamController < Admin::BaseController - def index authorize ModeratedWork @@ -11,7 +10,11 @@ def index else { reviewed: false, approved: false } end - @works = ModeratedWork.where(conditions).order(:created_at).page(params[:page]) + @works = ModeratedWork.where(conditions) + .joins(:work) + .includes(:work) + .order(:created_at) + .page(params[:page]) end def bulk_update diff --git a/spec/controllers/admin/spam_controller_spec.rb b/spec/controllers/admin/spam_controller_spec.rb index 30c4061494f..82733db091c 100644 --- a/spec/controllers/admin/spam_controller_spec.rb +++ b/spec/controllers/admin/spam_controller_spec.rb @@ -41,6 +41,22 @@ end end end + + context "when a ModeratedWork has no corresponding Work" do + let!(:spam_with_work) { create(:moderated_work) } + let!(:spam_missing_work) { create(:moderated_work, work_id: -1) } + + before do + fake_login_admin(create(:superadmin)) + end + + it "only loads the existing work" do + get :index + + expect(assigns(:works)).to include(spam_with_work) + expect(assigns(:works)).not_to include(spam_missing_work) + end + end end describe "POST #bulk_update" do