mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 10:20:58 -06:00
FIX: Do not deactivate admin accounts with recent posts or api keys (#8342)
This prevents 'bot' users being deactivated
This commit is contained in:
parent
213ebc3b32
commit
836b3f4d82
@ -8,10 +8,14 @@ module Jobs
|
||||
def execute(_)
|
||||
return if SiteSetting.invalidate_inactive_admin_email_after_days == 0
|
||||
|
||||
timestamp = SiteSetting.invalidate_inactive_admin_email_after_days.days.ago
|
||||
|
||||
User.human_users
|
||||
.where(admin: true)
|
||||
.where(active: true)
|
||||
.where('last_seen_at < ?', SiteSetting.invalidate_inactive_admin_email_after_days.days.ago)
|
||||
.where('last_seen_at < ?', timestamp)
|
||||
.where("NOT EXISTS ( SELECT 1 from api_keys WHERE api_keys.user_id = users.id AND COALESCE(last_used_at, updated_at) > ? )", timestamp)
|
||||
.where("NOT EXISTS ( SELECT 1 from posts WHERE posts.user_id = users.id AND created_at > ?)", timestamp)
|
||||
.each do |user|
|
||||
|
||||
User.transaction do
|
||||
|
@ -46,6 +46,18 @@ describe Jobs::InvalidateInactiveAdmins do
|
||||
expect(UserAssociatedAccount.where(user_id: not_seen_admin.id).exists?).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
it "doesn't deactivate admins with recent posts" do
|
||||
Fabricate(:post, user: not_seen_admin)
|
||||
subject
|
||||
expect(not_seen_admin.reload.active).to eq(true)
|
||||
end
|
||||
|
||||
it "doesn't deactivate admins with recently used api keys" do
|
||||
Fabricate(:api_key, user: not_seen_admin, last_used_at: 1.day.ago)
|
||||
subject
|
||||
expect(not_seen_admin.reload.active).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
context 'invalidate_inactive_admin_email_after_days = 0 to disable this feature' do
|
||||
|
Loading…
Reference in New Issue
Block a user