otwcode · brianjaustin · Aug 14, 2024 · Jun 9, 2024 · Jun 9, 2024 · Jun 9, 2024
diff --git a/app/controllers/admin/admin_users_controller.rb b/app/controllers/admin/admin_users_controller.rb
@@ -139,12 +139,23 @@ def confirm_delete_user_creations
 
   def destroy_user_creations
     authorize @user
-    creations = @user.works + @user.bookmarks + @user.sole_owned_collections + @user.comments
+
+    creations = @user.works + @user.bookmarks + @user.sole_owned_collections
     creations.each do |creation|
       AdminActivity.log_action(current_admin, creation, action: "destroy spam", summary: creation.inspect)
       creation.mark_as_spam! if creation.respond_to?(:mark_as_spam!)
       creation.destroy
     end
+
+    # comments are special and needs to be handled separately
+    @user.comments.each do |comment|
+      AdminActivity.log_action(current_admin, comment, action: "destroy spam", summary: comment.inspect)
+      # Submit spam sample to Akismet if in production mode
+      # comment.mark_as_spam cannot be used here because it also sets :approved to false, which would hide the whole thread
+      Akismetor.submit_spam(akismet_attributes) if Rails.env.production?
+      comment.destroy_or_mark_deleted # comments with replies cannot be destroyed, mark deleted instead
+    end
+
     flash[:notice] = ts("All creations by user %{login} have been deleted.", login: @user.login)
     redirect_to(admin_users_path)
   end

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -389,10 +389,10 @@
  # Prevents banned and suspended users from adding/editing content
   def check_user_status
     if current_user.is_a?(User) && (current_user.suspended? || current_user.banned?)
       if current_user.suspended?
-        flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.", suspended_until: localize(current_user.suspended_until)).html_safe
+        flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.".html_safe, suspended_until: localize(current_user.suspended_until))
       else
-        flash[:error] = t("ban_notice", default: "Your account has been banned. You are not permitted to add or edit archive content. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.").html_safe
+        flash[:error] = t("ban_notice", default: "Your account has been banned. You are not permitted to add or edit archive content. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.".html_safe)
       end
       redirect_to current_user
     end
@@ -402,7 +402,7 @@
   def check_user_not_suspended
     return unless current_user.is_a?(User) && current_user.suspended?
 
-    flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.", suspended_until: localize(current_user.suspended_until)).html_safe
+    flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.".html_safe, suspended_until: localize(current_user.suspended_until))
     redirect_to current_user
   end
 

diff --git a/features/admins/users/admin_abuse_users.feature b/features/admins/users/admin_abuse_users.feature
@@ -183,6 +183,24 @@ Feature: Admin Abuse actions
       And there should be no bookmarks on the work "Not Spam"
       And there should be no comments on the work "Not Spam"
 
+  Scenario: A permabanned spammer's comments' replies from others should stay visible
+    Given I have a work "Generic Work"
+      And a comment "I like spam" by "Spamster" on the work "Generic Work"
+      And a reply "I don't :(" by "NotSpamster" on the work "Generic Work"
+    When I am logged in as a "policy_and_abuse" admin
+      And I go to the user administration page for "Spamster"
+      And I choose "Spammer: ban and delete all creations"
+      And I press "Update"
+    Then I should see "permanently suspended"
+      And the user "Spamster" should be permanently banned
+      And I should see "I like spam"
+    When I press "Yes, Delete All Spammer Creations"
+    Then I should see "All creations by user Spamster have been deleted."
+    When I go to the work comments page for "Generic Work"
+    Then I should not see "I like spam"
+      And I should see "(Previous comment deleted.)"
+      And I should see "I don't :("
+
   Scenario: A user's works cannot be destroyed unless they are banned
     Given I am logged in as "Spamster"
       And I post the work "Loads of Spam"