AO3-6728 Delete comments properly for spammer bans

app/controllers/admin/admin_users_controller.rb

@@ -139,12 +139,23 @@ def confirm_delete_user_creations
 
   def destroy_user_creations
     authorize @user
-    creations = @user.works + @user.bookmarks + @user.sole_owned_collections + @user.comments
+
+    creations = @user.works + @user.bookmarks + @user.sole_owned_collections
     creations.each do |creation|
       AdminActivity.log_action(current_admin, creation, action: "destroy spam", summary: creation.inspect)
       creation.mark_as_spam! if creation.respond_to?(:mark_as_spam!)
       creation.destroy
     end
+
+    # comments are special and needs to be handled separately
+    @user.comments.each do |comment|
+      AdminActivity.log_action(current_admin, comment, action: "destroy spam", summary: comment.inspect)
+      # Submit spam sample to Akismet if in production mode
+      # comment.mark_as_spam cannot be used here because it also sets :approved to false, which would hide the whole thread
+      Akismetor.submit_spam(akismet_attributes) if Rails.env.production?
+      comment.destroy_or_mark_deleted # comments with replies cannot be destroyed, mark deleted instead
+    end
+
     flash[:notice] = ts("All creations by user %{login} have been deleted.", login: @user.login)
     redirect_to(admin_users_path)
   end

app/controllers/application_controller.rb

@@ -389,11 +389,11 @@ def use_caching?
   # Prevents banned and suspended users from adding/editing content
   def check_user_status
     if current_user.is_a?(User) && (current_user.suspended? || current_user.banned?)
-      if current_user.suspended?
-        flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.", suspended_until: localize(current_user.suspended_until)).html_safe
-      else
-        flash[:error] = t("ban_notice", default: "Your account has been banned. You are not permitted to add or edit archive content. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.").html_safe
-      end
+      flash[:error] = if current_user.suspended?
+                        t("users.status.suspension_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path), suspended_until: localize(current_user.suspended_until))
+                      else
+                        t("users.status.ban_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path))
+                      end
       redirect_to current_user
     end
   end
@@ -402,7 +402,7 @@ def check_user_status
   def check_user_not_suspended
     return unless current_user.is_a?(User) && current_user.suspended?
 
-    flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.", suspended_until: localize(current_user.suspended_until)).html_safe
+    flash[:error] = t("users.status.suspension_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path), suspended_until: localize(current_user.suspended_until))
     redirect_to current_user
   end
 

config/i18n-tasks.yml

@@ -123,9 +123,6 @@ ignore_missing:
   - no_email # should be admin.admin_invitations.create.no_email
   - sent # should be admin.admin_invitations.create.sent
   - user_not_found # should be admin.admin_invitations.find.user_not_found
-  # File: app/controllers/application_controller.rb
-  - ban_notice # should be application.check_user_status.ban_notice
-  - suspension_notice # should be application.check_user_status.suspension_notice
   # File: app/controllers/challenge_assignments_controller.rb
   - challenge_assignments.assignments_not_sent
   - challenge_assignments.assignments_sent

config/locales/controllers/en.yml

@@ -101,3 +101,7 @@ en:
           one: You may reset your password %{count} more time.
           other: You may reset your password %{count} more times.
         user_not_found: We couldn't find an account with that email address or username. Please try again.
+    status:
+      ban_notice_html: Your account has been banned. You are not permitted to add or edit archive content. Please %{contact_abuse_link} for more information.
+      contact_abuse: contact Abuse
+      suspension_notice_html: Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please %{contact_abuse_link} for more information.

features/admins/users/admin_abuse_users.feature

@@ -183,6 +183,24 @@ Feature: Admin Abuse actions
       And there should be no bookmarks on the work "Not Spam"
       And there should be no comments on the work "Not Spam"
 
+  Scenario: A permabanned spammer's comments' replies from others should stay visible
+    Given I have a work "Generic Work"
+      And a comment "I like spam" by "Spamster" on the work "Generic Work"
+      And a reply "I don't :(" by "NotSpamster" on the work "Generic Work"
+    When I am logged in as a "policy_and_abuse" admin
+      And I go to the user administration page for "Spamster"
+      And I choose "Spammer: ban and delete all creations"
+      And I press "Update"
+    Then I should see "permanently suspended"
+      And the user "Spamster" should be permanently banned
+      And I should see "I like spam"
+    When I press "Yes, Delete All Spammer Creations"
+    Then I should see "All creations by user Spamster have been deleted."
+    When I go to the work comments page for "Generic Work"
+    Then I should not see "I like spam"
+      And I should see "(Previous comment deleted.)"
+      And I should see "I don't :("
+
   Scenario: A user's works cannot be destroyed unless they are banned
     Given I am logged in as "Spamster"
       And I post the work "Loads of Spam"