github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-28 20:48:53 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Staff users can bypass tag validation rule (#9924)

Browse Source
This commit is contained in:
Dan Ungureanu 2020-06-02 09:11:25 +03:00 committed by GitHub
parent f9e715672b
commit ef3e3077d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/assets/javascripts/discourse/app/controllers/composer.js
View File

@ -1157,6 +1157,7 @@ export default Controller.extend({
const tagsArray = tags || []; const tagsArray = tags || [];
if ( if (
this.site.can_tag_topics && this.site.can_tag_topics &&
!this.currentUser.staff &&
category && category &&
category.minimum_required_tags > tagsArray.length category.minimum_required_tags > tagsArray.length
) { ) {

2
app/assets/javascripts/discourse/app/models/composer.js
View File

@ -374,7 +374,7 @@ const Composer = RestModel.extend({
"tags", "tags",
"topicFirstPost", "topicFirstPost",
"minimumRequiredTags", "minimumRequiredTags",
"isStaffUser" "user.staff"
) )
cantSubmitPost( cantSubmitPost(
loading, loading,

58
test/javascripts/acceptance/composer-tags-test.js Normal file
View File

@ -0,0 +1,58 @@
import Category from "discourse/models/category";
import { acceptance, updateCurrentUser } from "helpers/qunit-helpers";
import selectKit from "helpers/select-kit-helper";
acceptance("Composer - Tags", {
loggedIn: true,
pretend(pretenderServer, helper) {
pretenderServer.post("/uploads/lookup-urls", () => {
return helper.response([]);
});
},
site: {
can_tag_topics: true
}
});
QUnit.test("staff bypass tag validation rule", async assert => {
await visit("/");
await click("#create-topic");
await fillIn("#reply-title", "this is my new topic title");
await fillIn(".d-editor-input", "this is the *content* of a post");
Category.findById(2).set("minimum_required_tags", 1);
const categoryChooser = selectKit(".category-chooser");
await categoryChooser.expand();
await categoryChooser.selectRowByValue(2);
await click("#reply-control button.create");
assert.notEqual(currentURL(), "/");
});
QUnit.test("users do not bypass tag validation rule", async assert => {
await visit("/");
await click("#create-topic");
await fillIn("#reply-title", "this is my new topic title");
await fillIn(".d-editor-input", "this is the *content* of a post");
Category.findById(2).set("minimum_required_tags", 1);
const categoryChooser = selectKit(".category-chooser");
await categoryChooser.expand();
await categoryChooser.selectRowByValue(2);
updateCurrentUser({ moderator: false, admin: false, trust_level: 1 });
await click("#reply-control button.create");
assert.equal(currentURL(), "/");
const tags = selectKit(".mini-tag-chooser");
await tags.expand();
await tags.selectRowByValue("monkey");
await click("#reply-control button.create");
assert.notEqual(currentURL(), "/");
});