From de82bd946d80733c764d6960ba91ccd6777d15eb Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Tue, 26 Apr 2016 14:17:53 -0400 Subject: [PATCH] FIX: Group members should be able to see their groups even if private --- lib/guardian.rb | 6 +++++- spec/components/guardian_spec.rb | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/lib/guardian.rb b/lib/guardian.rb index 576d477b130..5821e6c0371 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -122,7 +122,11 @@ class Guardian end def can_see_group?(group) - group.present? && (is_admin? || group.visible?) + return false if group.blank? + return true if is_admin? || group.visible? + return false if user.blank? + + group.group_users.where(user_id: user.id).exists? end diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index c7a5146f635..5a6d9776fdf 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -362,17 +362,24 @@ describe Guardian do describe 'a Group' do let(:group) { Group.new } - let(:invisible_group) { Group.new(visible: false) } + let(:invisible_group) { Group.new(visible: false, name: 'invisible') } it "returns true when the group is visible" do expect(Guardian.new.can_see?(group)).to be_truthy end - it "returns true when the group is visible but the user is an admin" do + it "returns true when the group is invisible but the user is an admin" do admin = Fabricate.build(:admin) expect(Guardian.new(admin).can_see?(invisible_group)).to be_truthy end + it "returns true when the group is invisible but the user is a member" do + invisible_group.save! + member = Fabricate.build(:user) + GroupUser.create(group: invisible_group, user: member) + expect(Guardian.new(member).can_see?(invisible_group)).to be_truthy + end + it "returns false when the group is invisible" do expect(Guardian.new.can_see?(invisible_group)).to be_falsey end