Fix policies for abuse report notes (!138874) · Merge requests · GitLab.org / GitLab

Hinam Mehra requested to merge anti-abuse/168-fix-note-policies into master Dec 06, 2023

What does this MR do and why?

Partially resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/168
Fixes a bug in abuse report notes, where admins were only seeing their notes, not notes from other admins
It also only renders the edit button for the user that authored the note.

Screenshots or screen recordings

Before	After
before	after

How to set up and validate locally

In the rails console, enable the feature flag abuse_report_notes

> Feature.enable(:abuse_report_notes)

Log-in as root and navigate to /admin/abuse_reports and click on any abuse report. If there aren't any abuse reports available, you can create one:

AbuseReport.create(user_id: User.last.id, reporter_id: User.first.id, message: "obvious spam")

Try to add a new comment and then refresh the page.
Then try to edit that comment.
Create another admin user, log-in as that user and navigate to the same abuse report. You should see the comment left by the previous without any edit button next to that comment.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 08, 2023 by Hinam Mehra

Fix policies for abuse report notes

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports