Add ability to delete avatar or header picture via the API (#25124)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>local
parent
bb23116e8d
commit
d24a87ce4f
3 changed files with 142 additions and 0 deletions
@ -0,0 +1,29 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
class Api::V1::ProfilesController < Api::BaseController |
||||
before_action -> { doorkeeper_authorize! :write, :'write:accounts' } |
||||
before_action :require_user! |
||||
before_action :set_image |
||||
before_action :validate_image_param |
||||
|
||||
def destroy |
||||
@account = current_account |
||||
UpdateAccountService.new.call(@account, { @image => nil }, raise_error: true) |
||||
ActivityPub::UpdateDistributionWorker.perform_async(@account.id) |
||||
render json: @account, serializer: REST::CredentialAccountSerializer |
||||
end |
||||
|
||||
private |
||||
|
||||
def set_image |
||||
@image = params[:image] |
||||
end |
||||
|
||||
def validate_image_param |
||||
raise(Mastodon::InvalidParameterError, 'Image must be either "avatar" or "header"') unless valid_image? |
||||
end |
||||
|
||||
def valid_image? |
||||
%w(avatar header).include?(@image) |
||||
end |
||||
end |
@ -0,0 +1,112 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'rails_helper' |
||||
|
||||
RSpec.describe 'Deleting profile images' do |
||||
let(:account) do |
||||
Fabricate( |
||||
:account, |
||||
avatar: fixture_file_upload('avatar.gif', 'image/gif'), |
||||
header: fixture_file_upload('attachment.jpg', 'image/jpeg') |
||||
) |
||||
end |
||||
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: account.user.id, scopes: scopes) } |
||||
let(:scopes) { 'write:accounts' } |
||||
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } |
||||
|
||||
describe 'DELETE /api/v1/profile' do |
||||
before do |
||||
allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async) |
||||
end |
||||
|
||||
context 'when deleting an avatar' do |
||||
context 'with wrong scope' do |
||||
before do |
||||
delete '/api/v1/profile/avatar', headers: headers |
||||
end |
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'read' |
||||
end |
||||
|
||||
it 'returns http success' do |
||||
delete '/api/v1/profile/avatar', headers: headers |
||||
|
||||
expect(response).to have_http_status(200) |
||||
end |
||||
|
||||
it 'deletes the avatar' do |
||||
delete '/api/v1/profile/avatar', headers: headers |
||||
|
||||
account.reload |
||||
|
||||
expect(account.avatar).to_not exist |
||||
end |
||||
|
||||
it 'does not delete the header' do |
||||
delete '/api/v1/profile/avatar', headers: headers |
||||
|
||||
account.reload |
||||
|
||||
expect(account.header).to exist |
||||
end |
||||
|
||||
it 'queues up an account update distribution' do |
||||
delete '/api/v1/profile/avatar', headers: headers |
||||
|
||||
expect(ActivityPub::UpdateDistributionWorker).to have_received(:perform_async).with(account.id) |
||||
end |
||||
end |
||||
|
||||
context 'when deleting a header' do |
||||
context 'with wrong scope' do |
||||
before do |
||||
delete '/api/v1/profile/header', headers: headers |
||||
end |
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'read' |
||||
end |
||||
|
||||
it 'returns http success' do |
||||
delete '/api/v1/profile/header', headers: headers |
||||
|
||||
expect(response).to have_http_status(200) |
||||
end |
||||
|
||||
it 'does not delete the avatar' do |
||||
delete '/api/v1/profile/header', headers: headers |
||||
|
||||
account.reload |
||||
|
||||
expect(account.avatar).to exist |
||||
end |
||||
|
||||
it 'deletes the header' do |
||||
delete '/api/v1/profile/header', headers: headers |
||||
|
||||
account.reload |
||||
|
||||
expect(account.header).to_not exist |
||||
end |
||||
|
||||
it 'queues up an account update distribution' do |
||||
delete '/api/v1/profile/header', headers: headers |
||||
|
||||
expect(ActivityPub::UpdateDistributionWorker).to have_received(:perform_async).with(account.id) |
||||
end |
||||
end |
||||
|
||||
context 'when provided picture value is invalid' do |
||||
it 'returns http bad request' do |
||||
delete '/api/v1/profile/invalid', headers: headers |
||||
|
||||
expect(response).to have_http_status(400) |
||||
end |
||||
|
||||
it 'does not queue up an account update distribution' do |
||||
delete '/api/v1/profile/invalid', headers: headers |
||||
|
||||
expect(ActivityPub::UpdateDistributionWorker).to_not have_received(:perform_async).with(account.id) |
||||
end |
||||
end |
||||
end |
||||
end |
Loading…
Reference in new issue