From 6d6ebd297e52bcba49ce19c5d091f1b90f61b40b Mon Sep 17 00:00:00 2001
From: Lukas Matt <lukas@zauberstuhl.de>
Date: Thu, 15 May 2014 17:34:00 -0400
Subject: Do not try to render posts/comments which are not present

refs diaspora/diaspora#4959
---
 app/assets/stylesheets/report.css.scss |  3 +++
 app/helpers/report_helper.rb           | 15 ++++++++-------
 app/views/report/index.html.haml       |  2 +-
 config/locales/diaspora/en.yml         |  1 +
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/app/assets/stylesheets/report.css.scss b/app/assets/stylesheets/report.css.scss
index 2ee1789e7..d964b55cd 100644
--- a/app/assets/stylesheets/report.css.scss
+++ b/app/assets/stylesheets/report.css.scss
@@ -5,6 +5,9 @@
     span {
       display: block;
     }
+    span.text {
+      padding-bottom: 1em;
+    }
   }
   .options {
     float: right;
diff --git a/app/helpers/report_helper.rb b/app/helpers/report_helper.rb
index 370981314..10509ccfd 100644
--- a/app/helpers/report_helper.rb
+++ b/app/helpers/report_helper.rb
@@ -4,13 +4,14 @@
 
 module ReportHelper
   def report_content(id, type)
-    raw case type
-      when 'post'
-        t('report.post_label', title: link_to(post_page_title(Post.find_by_id(id)), post_path(id)))
-      when 'comment'
-        # comment_message is not html_safe. To prevent
-        # cross-site-scripting we have to escape html
-        t('report.comment_label', data: h(comment_message(Comment.find_by_id(id))))
+    if type == 'post' && !(post = Post.find_by_id(id)).nil?
+      raw t('report.post_label', title: link_to(post_page_title(post), post_path(id)))
+    elsif type == 'comment' && !(comment = Comment.find_by_id(id)).nil?
+      # comment_message is not html_safe. To prevent
+      # cross-site-scripting we have to escape html
+      raw t('report.comment_label', data: h(comment_message(comment)))
+    else
+      raw t('report.not_found')
     end
   end
 end
diff --git a/app/views/report/index.html.haml b/app/views/report/index.html.haml
index b5026c643..1268c56c7 100644
--- a/app/views/report/index.html.haml
+++ b/app/views/report/index.html.haml
@@ -8,7 +8,7 @@
     - @reports.each do |r|
       - username = User.find_by_id(r.user_id).username
       %div.content
-        %span
+        %span.text
           = report_content(r.item_id, r.item_type)
         %span
           = raw t('report.reported_label', person: link_to(username, user_profile_path(username)))
diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml
index 5fc467451..44ac3630e 100644
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@@ -894,6 +894,7 @@ en:
     review_link: "Mark as reviewed"
     delete_link: "Delete item"
     confirm_deletion: "Are you sure to delete the item?"
+    not_found: "<u>The post/comment was not found. It seams that it was deleted by the user!</u>"
     status:
       marked: "The report was marked as reviewed"
       destroyed: "The post was destroyed"
-- 
cgit v1.2.3


From 8170ef8363e8db5427a8d24a0f47bf2142e9875a Mon Sep 17 00:00:00 2001
From: Lukas Matt <lukas@zauberstuhl.de>
Date: Fri, 16 May 2014 08:28:18 -0400
Subject: Validate on report that post or comment does exist

---
 app/models/report.rb       |  7 +++++++
 spec/models/report_spec.rb | 20 ++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/models/report.rb b/app/models/report.rb
index 6ee562293..36356c48f 100644
--- a/app/models/report.rb
+++ b/app/models/report.rb
@@ -6,6 +6,7 @@ class Report < ActiveRecord::Base
   validates :text, presence: true
 
   validate :entry_does_not_exist, :on => :create
+  validate :post_or_comment_does_exist, :on => :create
 
   belongs_to :user
   belongs_to :post
@@ -19,6 +20,12 @@ class Report < ActiveRecord::Base
     end
   end
 
+  def post_or_comment_does_exist
+    if Post.find_by_id(item_id).nil? && Comment.find_by_id(item_id).nil?
+      errors[:base] << 'Post or comment was already deleted or doesn\'t exists.'
+    end
+  end
+
   def destroy_reported_item
     if item_type == 'post'
       delete_post
diff --git a/spec/models/report_spec.rb b/spec/models/report_spec.rb
index 82d5d8603..3595a6a1a 100644
--- a/spec/models/report_spec.rb
+++ b/spec/models/report_spec.rb
@@ -25,11 +25,27 @@ describe Report do
 
   describe '#validation' do
     it 'validates that post ID is required' do
-      @user.reports.build(:item_type => 'post', :text => 'blub').should_not be_valid
+      report = @valid_post_report
+      report.delete(:item_id)
+      @user.reports.build(report).should_not be_valid
     end
     
     it 'validates that post type is required' do
-      @user.reports.build(:item_id => 666, :text => 'blub').should_not be_valid
+      report = @valid_post_report
+      report.delete(:item_type)
+      @user.reports.build(report).should_not be_valid
+    end
+
+    it 'validates that post does exist' do
+      report = @valid_post_report
+      report[:item_id] = 666;
+      @user.reports.build(report).should_not be_valid
+    end
+
+    it 'validates that comment does exist' do
+      report = @valid_comment_report
+      report[:item_id] = 666;
+      @user.reports.build(report).should_not be_valid
     end
 
     it 'validates that entry does not exist' do
-- 
cgit v1.2.3