AO3-6204 Allow certain admins to remove non-default orphan pseuds from orphaned works (#5022)

* AO3-6204 Allow certain admins to remove non-default orphan pseuds from works

* AO3-6204 ERB lint

* AO3-6204 Pressed TAB but not alt

* AO3-6204 Add test for attempting to remove a normal users pseud

* AO3-6204 Add test for attempting to remove a normal users pseud

* AO3-6204 Review fixes

* AO3-6204 Move authorized admin shared example to shared file

* AO3-6204 Fix test

Author: Bilka2

app/controllers/admin/user_creations_controller.rb

@@ -1,5 +1,5 @@
 class Admin::UserCreationsController < Admin::BaseController
-  before_action :get_creation
+  before_action :get_creation, only: [:hide, :set_spam, :destroy]
   before_action :can_be_marked_as_spam, only: [:set_spam]
 
   def get_creation
@@ -62,4 +62,40 @@ def destroy
       redirect_to works_path
     end
   end
+
+  def confirm_remove_pseud
+    @work = authorize Work.find(params[:id])
+
+    @orphan_pseuds = @work.orphan_pseuds
+    return unless @orphan_pseuds.empty?
+
+    flash[:error] = t(".must_have_orphan_pseuds")
+    redirect_to work_path(@work) and return
+  end
+
+  def remove_pseud
+    @work = authorize Work.find(params[:id])
+
+    pseuds = params[:pseuds]
+    orphan_account = User.orphan_account
+    if pseuds.blank?
+      pseuds = @work.orphan_pseuds
+      if pseuds.length > 1
+        flash[:error] = t(".must_select_pseud")
+        redirect_to work_path(@work) and return
+      end
+    else
+      pseuds = Pseud.find(pseuds).select { |p| p.user_id == orphan_account.id }
+    end
+
+    orphan_pseud = orphan_account.default_pseud
+    pseuds.each do |pseud|
+      pseud.change_ownership(@work, orphan_pseud)
+    end
+    unless pseuds.empty?
+      AdminActivity.log_action(current_admin, @work, action: "remove orphan_account pseuds")
+      flash[:notice] = t(".success", pseuds: pseuds.map(&:byline).to_sentence, count: pseuds.length)
+    end
+    redirect_to work_path(@work)
+  end
 end

app/controllers/orphans_controller.rb

@@ -33,7 +33,7 @@ def create
     use_default = params[:use_default] == "true"
     Creatorship.orphan(@pseuds, @orphans, use_default)
     flash[:notice] = ts("Orphaning was successful.")
-    redirect_to(current_user)
+    redirect_to user_path(current_user)
   end
 
   protected

app/models/concerns/creatable.rb

@@ -220,4 +220,9 @@ def user_is_owner_or_invited?(user)
     return false unless user.is_a?(User)
     creatorships.for_user(user).exists?
   end
+
+  # Get all orphan_account pseuds that (co-)created this creatable, excluding the orphan_account's default_pseud
+  def orphan_pseuds
+    self.pseuds.where(user_id: User.orphan_account.id, is_default: false)
+  end
 end

app/policies/work_policy.rb

@@ -19,4 +19,10 @@ def destroy?
   def set_spam?
     user_has_roles?(%w[superadmin policy_and_abuse])
   end
+
+  def remove_pseud?
+    user_has_roles?(%w[superadmin support policy_and_abuse])
+  end
+
+  alias confirm_remove_pseud? remove_pseud?
 end

app/views/admin/_admin_options.html.erb

@@ -37,6 +37,20 @@
           <% end %>
         </li>
       <% end %>
+      <% if policy(@work).remove_pseud? %>
+        <% orphan_pseuds = @work.orphan_pseuds %>
+        <% if orphan_pseuds.length == 1 %>
+          <li>
+            <%= link_to t(".remove_pseud"),
+                  confirm_remove_pseud_admin_user_creation_path(@work),
+                  data: { confirm: t(".remove_pseud_confirmation") } %>
+          </li>
+        <% elsif orphan_pseuds.length > 1 %>
+          <li>
+            <%= link_to t(".remove_pseud"), confirm_remove_pseud_admin_user_creation_path(@work) %>
+          </li>
+        <% end %>
+      <% end %>
     <% end %>
     <% if item.class == ExternalWork %>
       <% if policy(item).edit? %>

app/views/admin/user_creations/confirm_remove_pseud.html.erb

@@ -0,0 +1,30 @@
+<!--Descriptive page name, messages and instructions-->
+<h2 class="heading"><%= t(".page_heading") %></h2>
+
+<!--main content-->
+<%= form_with url: remove_pseud_admin_user_creation_path(@work), method: :put, class: "simple destroy" do |f| %>
+  <% if @orphan_pseuds.length > 1 %>
+    <p class="caution notice">
+      <%= t(".choose") %>
+    </p>
+    <ul>
+      <%= f.collection_check_boxes :pseuds, @orphan_pseuds, :id, :byline, { include_hidden: false } do |builder| %>
+        <li>
+          <%= builder.check_box %>
+          <%= builder.label %>
+        </li>
+      <% end %>
+    </ul>
+    <p class="actions">
+      <%= f.submit t(".submit_multiple") %>
+    </p>
+  <% else %>
+    <p class="caution notice">
+      <%= t(".caution") %>
+    </p>
+    <p class="actions">
+      <%= f.submit t(".submit_one") %>
+    </p>
+  <% end %>
+<% end %>
+<!--/content-->

config/locales/controllers/en.yml

@@ -15,6 +15,14 @@ en:
     admin_users:
       destroy_user_creations:
         success: All creations by user %{login} have been deleted.
+    user_creations:
+      confirm_remove_pseud:
+        must_have_orphan_pseuds: Sorry, this action is only available for works by orphan_account pseuds.
+      remove_pseud:
+        must_select_pseud: You must select which orphan_account pseud to remove.
+        success:
+          one: Successfully removed pseud %{pseuds} from this work.
+          other: Successfully removed pseuds %{pseuds} from this work.
   archive_faqs:
     create:
       success: Archive FAQ was successfully created.

config/locales/views/en.yml

@@ -119,6 +119,8 @@ en:
         work: Hide Work
       landmark: Admin Actions
       not_spam: Mark Not Spam
+      remove_pseud: Remove Pseud
+      remove_pseud_confirmation: Are you sure you want to remove the creator's pseud from this work?
       spam: Mark As Spam
       unhide:
         bookmark: Make Bookmark Visible
@@ -352,6 +354,13 @@ en:
         update: Update
       update:
         success: Archive settings were successfully updated.
+    user_creations:
+      confirm_remove_pseud:
+        caution: Are you sure you want to remove the creator's pseud from this work?
+        choose: Please choose which creators' pseuds you would like to remove from this work.
+        page_heading: Remove Pseud
+        submit_multiple: Remove Pseuds
+        submit_one: Yes, Remove Pseud
   admin_posts:
     admin_post_form:
       comment_permissions:

config/routes.rb

@@ -197,6 +197,8 @@
       member do
         put :hide
         put :set_spam
+        get :confirm_remove_pseud
+        put :remove_pseud
       end
     end
     resources :users, controller: "admin_users", only: [:index, :show] do

features/admins/admin_works.feature

@@ -62,7 +62,7 @@ Feature: Admin Actions for Works, Comments, Series, Bookmarks
   Scenario Outline: Can unhide works
     Given I am logged in as "regular_user"
       And I post the work "ToS Violation"
-    When I am logged in as a "policy_and_abuse" admin
+    When I am logged in as a "<role>" admin
       And I view the work "ToS Violation"
       And I follow "Hide Work"
       And all indexing jobs have been run
@@ -541,3 +541,115 @@ Feature: Admin Actions for Works, Comments, Series, Bookmarks
       | superadmin       |
       | legal            |
       | policy_and_abuse |
+
+  Scenario Outline: Certain admins can remove orphan_account pseuds from works
+    Given I have an orphan account
+      And I am logged in as "Leaver"
+      And I post the work "Bye"
+      And I orphan and keep my pseud on the work "Bye"
+    When I am logged in as a "<role>" admin
+      And I view the work "Bye"
+    Then I should see "Remove Pseud"
+    When I follow "Remove Pseud"
+    Then I should see "Are you sure you want to remove the creator's pseud from this work?"
+    # Expire byline cache
+    When it is currently 1 second from now
+      And I press "Yes, Remove Pseud"
+    Then I should see "Successfully removed pseud Leaver (orphan_account) from this work."
+      And I should see "orphan_account" within ".byline"
+      But I should not see "Leaver" within ".byline"
+
+    Examples:
+      | role             |
+      | superadmin       |
+      | policy_and_abuse |
+      | support          |
+
+  @javascript
+  Scenario Outline: Removing orphan_account pseuds from works with JavaScript shows a confirmation pop-up instead of a page
+    Given I have an orphan account
+      And I am logged in as "Leaver"
+      And I post the work "Bye"
+      And I orphan and keep my pseud on the work "Bye"
+    When I am logged in as a "<role>" admin
+      And I view the work "Bye"
+    Then I should see "Remove Pseud"
+    # Expire byline cache
+    When it is currently 1 second from now
+      And I follow "Remove Pseud"
+      And I confirm I want to remove the pseud
+    Then I should see "Successfully removed pseud Leaver (orphan_account) from this work."
+      And I should see "orphan_account" within ".byline"
+      But I should not see "Leaver" within ".byline"
+
+    Examples:
+      | role             |
+      | superadmin       |
+      | policy_and_abuse |
+      | support          |
+
+  Scenario: When removing orphan_account pseuds from a work with multiple pseuds admins choose which pseud to remove
+    Given I have an orphan account
+      And I am logged in as "Leaver"
+      And I post the work "Bye"
+      And I add the co-author "Another" to the work "Bye"
+      And it is currently 1 second from now
+      And I add the co-author "Third" to the work "Bye"
+      And I orphan and keep my pseud on the work "Bye"
+      And I am logged in as "Another"
+      And I orphan and keep my pseud on the work "Bye"
+      And I am logged in as "Third"
+      And I orphan and keep my pseud on the work "Bye"
+    When I am logged in as a "policy_and_abuse" admin
+      And I view the work "Bye"
+    Then I should see "Remove Pseud"
+    When I follow "Remove Pseud"
+    Then I should see "Please choose which creators' pseuds you would like to remove from this work."
+      And I should see "Third (orphan_account)"
+    When I check "Leaver (orphan_account)"
+      And I check "Another (orphan_account)"
+      # Expire byline cache
+      And it is currently 1 second from now
+      And I press "Remove Pseud"
+    Then I should see "Successfully removed pseuds Leaver (orphan_account) and Another (orphan_account) from this work."
+      And I should see "orphan_account, " within ".byline"
+      And I should see "Third (orphan_account)" within ".byline"
+      But I should not see "Leaver" within ".byline"
+      And I should not see "Another" within ".byline"
+    When I go to the admin-activities page
+    Then I should see 1 admin activity log entry
+      And I should see "remove orphan_account pseuds"
+
+  Scenario: The Remove pseud option is only shown on orphaned works with non-default pseuds
+    Given I have an orphan account
+      And I am logged in as "Leaver"
+    And I post the work "Hey"
+      And I post the work "Bye"
+      And I orphan and take my pseud off the work "Bye"
+    When I am logged in as a "superadmin" admin
+      And I view the work "Hey"
+    Then I should not see "Remove Pseud"
+    When I view the work "Bye"
+    Then I should not see "Remove Pseud"
+
+  Scenario Outline: The Remove pseud option is not shown to admins who don't have permissions to remove pseuds
+    Given I have an orphan account
+    And I am logged in as "Leaver"
+    And I post the work "Bye"
+    And I orphan and keep my pseud on the work "Bye"
+    When I am logged in as a "<role>" admin
+      And I view the work "Bye"
+    Then I should not see "Remove Pseud"
+
+    Examples:
+      | role                       |
+      | board                      |
+      | board_assistants_team      |
+      | communications             |
+      | development_and_membership |
+      | docs                       |
+      | elections                  |
+      | legal                      |
+      | translation                |
+      | tag_wrangling              |
+      | open_doors                 |

features/step_definitions/admin_steps.rb

@@ -349,6 +349,10 @@
   step "it is currently #{days} days from now"
 end
 
+When "I confirm I want to remove the pseud" do
+  expect(page.accept_alert).to eq("Are you sure you want to remove the creator's pseud from this work?") if @javascript
+end
+
 ### THEN
 
 Then (/^the translation information should still be filled in$/) do

public/javascripts/application.js

@@ -407,6 +407,12 @@ function prepareDeleteLinks() {
     $j(this).attr("data-method", "delete");
   });
 
+  // Removing non-default orphan_account pseuds from works
+  $j('a[href$="/confirm_remove_pseud"][data-confirm]').each(function() {
+    this.href = this.href.replace(/\/confirm_remove_pseud$/, "/remove_pseud");
+    $j(this).attr("data-method", "put");
+  });
+
   // For purging assignments in gift exchanges. This is only on one page and easy to
   // check, so don't worry about adding a fallback data-confirm message.
   $j('a[href$="/confirm_purge"][data-confirm]').each(function() {