Skip to content

Allow direct suspension without requiring flagging first#4364

Merged
slavingia merged 4 commits intomainfrom
fix/direct-suspension-without-flagging
Apr 9, 2026
Merged

Allow direct suspension without requiring flagging first#4364
slavingia merged 4 commits intomainfrom
fix/direct-suspension-without-flagging

Conversation

@gumclaw
Copy link
Copy Markdown
Contributor

@gumclaw gumclaw commented Apr 8, 2026

Summary

  • Expand the user risk state machine to allow suspending users directly from not_reviewed, compliant, and cross-flag states (e.g., flagged_for_tos_violationsuspended_for_fraud)
  • Simplify callers that previously did flag-then-suspend: suspend_due_to_stripe_risk, Iffy::User::BanService, SuspendUsersWorker, and SuspendAccountsWithPaymentAddressWorker
  • Flag events (flag_for_fraud, flag_for_tos_violation) are preserved for graduated response — they're now optional, not eliminated

Closes #4290

Test plan

  • Verify direct suspension from not_reviewed and compliant states works
  • Verify cross-flag suspension (e.g., flagged_for_tos_violationsuspended_for_fraud) works
  • Verify existing flag-then-suspend paths still work
  • Verify mass suspension via admin still works
  • Verify cascade suspension of related accounts (same payment address/fingerprint) still works

🤖 Generated with Claude Code

@gumclaw gumclaw requested a review from gianfrancopiana April 8, 2026 02:59
@gumclaw gumclaw force-pushed the fix/direct-suspension-without-flagging branch from 78c515f to 01ffb32 Compare April 8, 2026 14:19
gumclaw and others added 2 commits April 8, 2026 15:27
@gumclaw @claude
Allow direct suspension without requiring flagging first
5405045 
Expand the user risk state machine to allow suspending users directly
from not_reviewed, compliant, and cross-flag states. Flagging remains
available as an optional graduated response but is no longer a
prerequisite for suspension.

Simplifies several callers that previously did flag-then-suspend in
sequence: suspend_due_to_stripe_risk, Iffy::User::BanService,
SuspendUsersWorker, and SuspendAccountsWithPaymentAddressWorker.

Closes #4290

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gumclaw
Remove unrelated currency_helper changes
ccc60d9
@gumclaw gumclaw force-pushed the fix/direct-suspension-without-flagging branch from 01ffb32 to ccc60d9 Compare April 8, 2026 19:27
@gumclaw
Copy link
Copy Markdown
Contributor Author

gumclaw commented Apr 9, 2026

Local spec results ✅

PR-related specs: 15 passed, 0 failures

spec/services/iffy/user/ban_service_spec.rb         1 example, 0 failures
spec/sidekiq/suspend_users_worker_spec.rb            3 examples, 0 failures
spec/sidekiq/suspend_accounts_with_payment_address_worker_spec.rb  11 examples, 0 failures

user_spec.rb state machine tests: The 4 new direct-suspension tests all pass. 21 failures in the full user_spec, but all 21 also fail on main (pre-existing DB/env issues, unrelated to this PR).

Ready to merge.

slavingia
slavingia reviewed Apr 9, 2026
View reviewed changes
Comment thread app/sidekiq/suspend_accounts_with_payment_address_worker.rb Outdated
@@ -40,10 +40,6 @@ def suspend_users_with_same_stripe_fingerprint(suspended_user)
end

def flag_and_suspend_user(user, suspended_user, identifier_type, identifier_value)
Copy link
Copy Markdown
Contributor

@slavingia slavingia Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gumclaw rename this method

@gumclaw
Rename flag_and_suspend_user to suspend_user
e4872ed 
The method no longer flags, just suspends.
@slavingia slavingia merged commit fa38a1c into main Apr 9, 2026
91 of 94 checks passed
@slavingia slavingia deleted the fix/direct-suspension-without-flagging branch April 9, 2026 15:01
@gianfrancopiana gianfrancopiana mentioned this pull request Apr 9, 2026
Merged
slavingia pushed a commit that referenced this pull request Apr 9, 2026
@gianfrancopiana @claude
Update schema.rb for AddIdempotencyKeyToComments migration (#4390)
9fe20c6 
## What

Adds the missing `idempotency_key` column and its unique composite index
on the `comments` table to `db/schema.rb`, and bumps the schema version
to `2026_11_19_011938`.

PR #4317 added migration
`20261119011938_add_idempotency_key_to_comments.rb` but did not include
the corresponding `schema.rb` update.

## Why

The missing schema update causes `db:abort_if_pending_migrations` to
fire during CI Docker image builds. The CI build runs `bundle exec rake
db:setup assets:precompile` — when `db:setup` detects the pending
migration, it aborts the rake process before `assets:precompile` can
execute. This leaves the Shakapacker manifest empty (`{}`), which causes
every test job to fail with:

```
Shakapacker::Manifest::MissingEntryError: Shakapacker can't find email.css
```

All main CI runs since #4317 was merged (2026-04-08) are affected, as
well as any branch forked from main after that point (e.g., #4364).

---

This PR was implemented with AI assistance using Claude Opus 4.6 and
gpt‑5.4 xhigh

Co-authored-by: Gianfranco Piana <gianfrancopiana@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
gumclaw added a commit that referenced this pull request Apr 9, 2026
@gumclaw
Fix purchase spec: pass author_name to suspend_for_fraud
861106b 
#4364 expanded suspend_for_fraud to allow direct suspension from
not_reviewed, which now triggers add_user_comment requiring author_id
or author_name.
@gumclaw gumclaw mentioned this pull request Apr 9, 2026
Merged
slavingia pushed a commit that referenced this pull request Apr 9, 2026
@gumclaw
Fix purchase spec: pass author_name to suspend_for_fraud (#4398)
6385bdd 
#4364 expanded `suspend_for_fraud` to allow direct suspension from
`not_reviewed`. The test calls `u.suspend_for_fraud` without arguments,
which now triggers `add_user_comment` requiring `author_id` or
`author_name`.

Root cause PR: [#4364](#4364)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slavingia slavingia slavingia left review comments

@gianfrancopiana gianfrancopiana Awaiting requested review from gianfrancopiana

Assignees

@slavingia slavingia

@gianfrancopiana gianfrancopiana

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow suspending users without flagging them first

3 participants

@gumclaw @slavingia @gianfrancopiana