mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 16:42:46 +08:00
FIX: check for inviter group permissions at the time of redeeming invite
This commit is contained in:
parent
402b80f306
commit
a94387c088
|
@ -128,10 +128,14 @@ InviteRedeemer = Struct.new(:invite, :email, :username, :name, :password, :user_
|
|||
end
|
||||
|
||||
def add_user_to_groups
|
||||
guardian = Guardian.new(invite.invited_by)
|
||||
new_group_ids = invite.groups.pluck(:id) - invited_user.group_users.pluck(:group_id)
|
||||
new_group_ids.each do |id|
|
||||
invited_user.group_users.create!(group_id: id)
|
||||
DiscourseEvent.trigger(:user_added_to_group, invited_user, Group.find_by(id: id), automatic: false)
|
||||
group = Group.find_by(id: id)
|
||||
if guardian.can_edit_group?(group)
|
||||
invited_user.group_users.create!(group_id: group.id)
|
||||
DiscourseEvent.trigger(:user_added_to_group, invited_user, group, automatic: false)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -144,9 +144,19 @@ describe InviteRedeemer do
|
|||
expect(user.custom_fields["user_field_#{optional_field.id}"]).to eq('value2')
|
||||
end
|
||||
|
||||
it "does not add user to group if inviter does not have permissions" do
|
||||
group = Fabricate(:group, grant_trust_level: 2)
|
||||
InvitedGroup.create(group_id: group.id, invite_id: invite.id)
|
||||
user = InviteRedeemer.new(invite: invite, email: invite.email, username: username, name: name, password: password).redeem
|
||||
|
||||
expect(user.group_users.count).to eq(0)
|
||||
end
|
||||
|
||||
it "adds user to group" do
|
||||
group = Fabricate(:group, grant_trust_level: 2)
|
||||
InvitedGroup.create(group_id: group.id, invite_id: invite.id)
|
||||
group.add_owner(invite.invited_by)
|
||||
|
||||
user = InviteRedeemer.new(invite: invite, email: invite.email, username: username, name: name, password: password).redeem
|
||||
|
||||
expect(user.group_users.count).to eq(4)
|
||||
|
|
|
@ -306,6 +306,7 @@ describe Invite do
|
|||
context "when inviting to groups" do
|
||||
it "add the user to the correct groups" do
|
||||
group = Fabricate(:group)
|
||||
group.add_owner(invite.invited_by)
|
||||
invite.invited_groups.build(group_id: group.id)
|
||||
invite.save
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user