mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 13:52:50 +08:00
FIX: Do not redirect to a topic user cannot see (#13550)
Inviting a user to a private topic used to redirect them to a 404 page immediately after sign up.
This commit is contained in:
parent
95038856c9
commit
16227e38ac
|
@ -251,11 +251,19 @@ class InvitesController < ApplicationController
|
|||
topic = invite.topics.first
|
||||
response = {}
|
||||
|
||||
if user.present? && user.active?
|
||||
response[:redirect_to] = topic.present? ? path(topic.relative_url) : path("/")
|
||||
elsif user.present?
|
||||
response[:message] = I18n.t('invite.confirm_email')
|
||||
cookies[:destination_url] = path(topic.relative_url) if topic.present?
|
||||
if user.present?
|
||||
if user.active?
|
||||
if user.guardian.can_see?(topic)
|
||||
response[:redirect_to] = path(topic.relative_url)
|
||||
else
|
||||
response[:redirect_to] = path("/")
|
||||
end
|
||||
else
|
||||
response[:message] = I18n.t('invite.confirm_email')
|
||||
if user.guardian.can_see?(topic)
|
||||
cookies[:destination_url] = path(topic.relative_url)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
render json: success_json.merge(response)
|
||||
|
|
|
@ -684,6 +684,40 @@ describe InvitesController do
|
|||
expect(response.body).to include(I18n.t('login.already_logged_in', current_user: user.username))
|
||||
end
|
||||
end
|
||||
|
||||
context 'topic invites' do
|
||||
fab!(:invite) { Fabricate(:invite, email: 'test@example.com') }
|
||||
|
||||
fab!(:secured_category) do
|
||||
secured_category = Fabricate(:category)
|
||||
secured_category.permissions = { staff: :full }
|
||||
secured_category.save!
|
||||
secured_category
|
||||
end
|
||||
|
||||
it 'redirects user to topic if activated' do
|
||||
topic = Fabricate(:topic)
|
||||
TopicInvite.create!(invite: invite, topic: topic)
|
||||
|
||||
put "/invites/show/#{invite.invite_key}.json", params: { email_token: invite.email_token }
|
||||
expect(response.parsed_body['redirect_to']).to eq(topic.relative_url)
|
||||
end
|
||||
|
||||
it 'sets destination_url cookie if user is not activated' do
|
||||
topic = Fabricate(:topic)
|
||||
TopicInvite.create!(invite: invite, topic: topic)
|
||||
|
||||
put "/invites/show/#{invite.invite_key}.json"
|
||||
expect(cookies['destination_url']).to eq(topic.relative_url)
|
||||
end
|
||||
|
||||
it 'does not redirect user if they cannot see topic' do
|
||||
TopicInvite.create!(invite: invite, topic: Fabricate(:topic, category: secured_category))
|
||||
|
||||
put "/invites/show/#{invite.invite_key}.json", params: { email_token: invite.email_token }
|
||||
expect(response.parsed_body['redirect_to']).to eq("/")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context '#destroy_all_expired' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user