From 6ec3d42b16515bf0db1710840318205d8161c039 Mon Sep 17 00:00:00 2001 From: Mark VanLandingham Date: Fri, 20 Dec 2019 10:37:12 -0600 Subject: [PATCH] FEATURE: Allow complex post params from plugin (#8598) --- app/controllers/posts_controller.rb | 13 +++++- lib/plugin/instance.rb | 4 +- spec/requests/posts_controller_spec.rb | 56 ++++++++++++++++++++++++++ 3 files changed, 69 insertions(+), 4 deletions(-) diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 44dd116c19f..580d10a9943 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -684,8 +684,17 @@ class PostsController < ApplicationController :draft_key ] - Post.plugin_permitted_create_params.each do |key, plugin| - permitted << key if plugin.enabled? + Post.plugin_permitted_create_params.each do |key, value| + if value[:plugin].enabled? + permitted << case value[:type] + when :string + key.to_sym + when :array + { key => [] } + when :hash + { key => {} } + end + end end # param munging for WordPress diff --git a/lib/plugin/instance.rb b/lib/plugin/instance.rb index 5ab61aa1bdc..958e608df3d 100644 --- a/lib/plugin/instance.rb +++ b/lib/plugin/instance.rb @@ -250,9 +250,9 @@ class Plugin::Instance end # Add a permitted_create_param to Post, respecting if the plugin is enabled - def add_permitted_post_create_param(name) + def add_permitted_post_create_param(name, type = :string) reloadable_patch do |plugin| - ::Post.plugin_permitted_create_params[name] = plugin + ::Post.plugin_permitted_create_params[name] = { plugin: plugin, type: type } end end diff --git a/spec/requests/posts_controller_spec.rb b/spec/requests/posts_controller_spec.rb index ee043ae5b6e..24bc394b549 100644 --- a/spec/requests/posts_controller_spec.rb +++ b/spec/requests/posts_controller_spec.rb @@ -1871,4 +1871,60 @@ describe PostsController do expect(public_post.custom_fields[Post::NOTICE_ARGS]).to eq(nil) end end + + describe Plugin::Instance do + describe '#add_permitted_post_create_param' do + fab!(:user) { Fabricate(:user) } + let(:instance) { Plugin::Instance.new } + let(:request) do + Proc.new { + post "/posts.json", params: { + raw: 'this is the test content', + title: 'this is the test title for the topic', + composer_open_duration_msecs: 204, + typing_duration_msecs: 100, + reply_to_post_number: 123, + string_arg: '123', + hash_arg: { key1: 'val' }, + array_arg: ['1', '2', '3'] + } + } + end + + before do + sign_in(user) + SiteSetting.min_first_post_typing_time = 0 + end + + it 'allows strings to be added' do + request.call + expect(@controller.send(:create_params)).not_to include(string_arg: '123') + + instance.add_permitted_post_create_param(:string_arg) + request.call + expect(@controller.send(:create_params)).to include(string_arg: '123') + end + + it 'allows hashes to be added' do + instance.add_permitted_post_create_param(:hash_arg) + request.call + expect(@controller.send(:create_params)).not_to include(hash_arg: { key1: 'val' }) + + instance.add_permitted_post_create_param(:hash_arg, :hash) + request.call + expect(@controller.send(:create_params)).to include(hash_arg: { key1: 'val' }) + end + + it 'allows strings to be added' do + instance.add_permitted_post_create_param(:array_arg) + request.call + expect(@controller.send(:create_params)).not_to include(array_arg: ['1', '2', '3']) + + instance.add_permitted_post_create_param(:array_arg, :array) + request.call + expect(@controller.send(:create_params)).to include(array_arg: ['1', '2', '3']) + end + + end + end end