2016-11-25 16:45:15 +08:00
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
describe "Groups" do
|
2016-12-07 17:28:43 +08:00
|
|
|
let(:user) { Fabricate(:user) }
|
2016-12-07 12:06:56 +08:00
|
|
|
let(:group) { Fabricate(:group, users: [user]) }
|
2016-11-29 16:25:02 +08:00
|
|
|
|
2016-12-07 17:28:43 +08:00
|
|
|
def sign_in(user)
|
|
|
|
password = 'somecomplicatedpassword'
|
|
|
|
user.update!(password: password)
|
|
|
|
Fabricate(:email_token, confirmed: true, user: user)
|
2016-11-29 16:25:02 +08:00
|
|
|
post "/session.json", { login: user.username, password: password }
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
2016-11-25 16:45:15 +08:00
|
|
|
describe "checking if a group can be mentioned" do
|
|
|
|
it "should return the right response" do
|
2016-12-07 17:28:43 +08:00
|
|
|
sign_in(user)
|
2016-12-07 12:06:56 +08:00
|
|
|
group.update_attributes!(name: 'test')
|
2016-11-25 16:45:15 +08:00
|
|
|
|
|
|
|
get "/groups/test/mentionable.json", { name: group.name }
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
response_body = JSON.parse(response.body)
|
|
|
|
expect(response_body["mentionable"]).to eq(false)
|
|
|
|
|
|
|
|
group.update_attributes!(alias_level: Group::ALIAS_LEVELS[:everyone])
|
|
|
|
|
|
|
|
get "/groups/test/mentionable.json", { name: group.name }
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
response_body = JSON.parse(response.body)
|
|
|
|
expect(response_body["mentionable"]).to eq(true)
|
|
|
|
end
|
|
|
|
end
|
2016-11-29 16:25:02 +08:00
|
|
|
|
|
|
|
describe "group can be updated" do
|
2016-12-07 12:06:56 +08:00
|
|
|
let(:group) { Fabricate(:group, name: 'test', users: [user], public: false) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-11-29 16:25:02 +08:00
|
|
|
|
|
|
|
context "when user is group owner" do
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
2016-12-07 17:28:43 +08:00
|
|
|
sign_in(user)
|
2016-11-29 16:25:02 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "should be able update the group" do
|
2016-12-11 23:36:15 +08:00
|
|
|
expect do
|
|
|
|
xhr :put, "/groups/#{group.id}", { group: {
|
|
|
|
flair_bg_color: 'FFF',
|
|
|
|
flair_color: 'BBB',
|
|
|
|
flair_url: 'fa-adjust',
|
|
|
|
bio_raw: 'testing',
|
|
|
|
title: 'awesome team',
|
|
|
|
public: true
|
|
|
|
} }
|
|
|
|
end.to change { GroupHistory.count }.by(6)
|
2016-11-29 16:25:02 +08:00
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
group.reload
|
|
|
|
|
|
|
|
expect(group.flair_bg_color).to eq('FFF')
|
|
|
|
expect(group.flair_color).to eq('BBB')
|
|
|
|
expect(group.flair_url).to eq('fa-adjust')
|
2016-12-05 16:18:24 +08:00
|
|
|
expect(group.bio_raw).to eq('testing')
|
2016-12-07 10:26:28 +08:00
|
|
|
expect(group.title).to eq('awesome team')
|
2016-12-07 12:06:56 +08:00
|
|
|
expect(group.public).to eq(true)
|
2016-12-11 23:36:15 +08:00
|
|
|
expect(GroupHistory.last.subject).to eq('public')
|
2016-11-29 16:25:02 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is group admin" do
|
|
|
|
before do
|
|
|
|
user.update_attributes!(admin: true)
|
2016-12-07 17:28:43 +08:00
|
|
|
sign_in(user)
|
2016-11-29 16:25:02 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'should be able to update the group' do
|
|
|
|
xhr :put, "/groups/#{group.id}", { group: { flair_color: 'BBB' } }
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
expect(group.reload.flair_color).to eq('BBB')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is not a group owner or admin" do
|
|
|
|
it 'should not be able to update the group' do
|
2016-12-07 17:28:43 +08:00
|
|
|
sign_in(user)
|
|
|
|
|
2016-11-29 16:25:02 +08:00
|
|
|
xhr :put, "/groups/#{group.id}", { group: { name: 'testing' } }
|
|
|
|
|
|
|
|
expect(response.status).to eq(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-12-07 17:28:43 +08:00
|
|
|
|
|
|
|
describe 'members' do
|
|
|
|
let(:user1) do
|
|
|
|
Fabricate(:user,
|
|
|
|
last_seen_at: Time.zone.now,
|
|
|
|
last_posted_at: Time.zone.now - 1.day,
|
|
|
|
email: 'b@test.org'
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:user2) do
|
|
|
|
Fabricate(:user,
|
|
|
|
last_seen_at: Time.zone.now - 1 .day,
|
|
|
|
last_posted_at: Time.zone.now,
|
|
|
|
email: 'a@test.org'
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:group) { Fabricate(:group, users: [user1, user2]) }
|
|
|
|
|
|
|
|
it "should allow members to be sorted by" do
|
2016-12-08 14:26:50 +08:00
|
|
|
xhr :get, "/groups/#{group.name}/members", order: 'last_seen_at', desc: true
|
2016-12-07 17:28:43 +08:00
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
members = JSON.parse(response.body)["members"]
|
|
|
|
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user1.id, user2.id])
|
|
|
|
|
|
|
|
xhr :get, "/groups/#{group.name}/members", order: 'last_seen_at'
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
members = JSON.parse(response.body)["members"]
|
|
|
|
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user2.id, user1.id])
|
|
|
|
|
2016-12-08 14:26:50 +08:00
|
|
|
xhr :get, "/groups/#{group.name}/members", order: 'last_posted_at', desc: true
|
2016-12-07 17:28:43 +08:00
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
members = JSON.parse(response.body)["members"]
|
|
|
|
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user2.id, user1.id])
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not allow members to be sorted by columns that are not allowed" do
|
|
|
|
xhr :get, "/groups/#{group.name}/members", order: 'email'
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
members = JSON.parse(response.body)["members"]
|
|
|
|
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user1.id, user2.id])
|
|
|
|
end
|
|
|
|
end
|
2016-12-07 12:06:56 +08:00
|
|
|
|
|
|
|
describe "membership edit permissions" do
|
|
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
|
|
|
|
context 'when user is not signed in' do
|
|
|
|
it 'should be fobidden' do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: "bob"
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", username: "bob"
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'public group' do
|
|
|
|
it 'should be fobidden' do
|
|
|
|
group.update_attributes!(public: true)
|
|
|
|
|
|
|
|
expect { xhr :put, "/groups/#{group.id}/members", usernames: "bob" }
|
|
|
|
.to raise_error(Discourse::NotLoggedIn)
|
|
|
|
|
|
|
|
expect { xhr :delete, "/groups/#{group.id}/members", username: "bob" }
|
|
|
|
.to raise_error(Discourse::NotLoggedIn)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user is not an owner of the group' do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "refuses membership changes to unauthorized users" do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: "bob"
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", username: "bob"
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user is an admin' do
|
|
|
|
let(:user) { Fabricate(:admin) }
|
|
|
|
let(:group) { Fabricate(:group, users: [user], automatic: true) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "cannot add members to automatic groups" do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: "bob"
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", username: "bob"
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "membership edits" do
|
|
|
|
let(:admin) { Fabricate(:admin) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(admin)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'adding members' do
|
|
|
|
it "can make incremental adds" do
|
|
|
|
user2 = Fabricate(:user)
|
|
|
|
|
2016-12-11 23:36:15 +08:00
|
|
|
expect do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: user2.username
|
|
|
|
end.to change { group.users.count }.by(1)
|
2016-12-07 12:06:56 +08:00
|
|
|
|
|
|
|
expect(response).to be_success
|
2016-12-11 23:36:15 +08:00
|
|
|
|
|
|
|
group_history = GroupHistory.last
|
|
|
|
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:add_user_to_group])
|
|
|
|
expect(group_history.acting_user).to eq(admin)
|
|
|
|
expect(group_history.target_user).to eq(user2)
|
2016-12-07 12:06:56 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "can make incremental deletes" do
|
2016-12-11 23:36:15 +08:00
|
|
|
expect do
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", username: user.username
|
|
|
|
end.to change { group.users.count }.by(-1)
|
2016-12-07 12:06:56 +08:00
|
|
|
|
|
|
|
expect(response).to be_success
|
2016-12-11 23:36:15 +08:00
|
|
|
|
|
|
|
group_history = GroupHistory.last
|
|
|
|
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:remove_user_from_group])
|
|
|
|
expect(group_history.acting_user).to eq(admin)
|
|
|
|
expect(group_history.target_user).to eq(user)
|
2016-12-07 12:06:56 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "cannot add members to automatic groups" do
|
|
|
|
group.update!(automatic: true)
|
|
|
|
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: "l77t"
|
|
|
|
expect(response.status).to eq(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "is able to add several members to a group" do
|
|
|
|
let(:user1) { Fabricate(:user) }
|
|
|
|
let(:user2) { Fabricate(:user) }
|
|
|
|
|
|
|
|
it "adds by username" do
|
|
|
|
expect { xhr :put, "/groups/#{group.id}/members", usernames: [user1.username, user2.username].join(",") }
|
|
|
|
.to change { group.users.count }.by(2)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
it "adds by id" do
|
|
|
|
expect { xhr :put, "/groups/#{group.id}/members", user_ids: [user1.id, user2.id].join(",") }
|
|
|
|
.to change { group.users.count }.by(2)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns 422 if member already exists" do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: user.username
|
|
|
|
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns 404 if member is not found" do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: 'some donkey'
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'public group' do
|
|
|
|
let(:other_user) { Fabricate(:user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
group.update!(public: true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should allow a user to join the group' do
|
|
|
|
sign_in(other_user)
|
|
|
|
|
|
|
|
expect { xhr :put, "/groups/#{group.id}/members", usernames: other_user.username }
|
|
|
|
.to change { group.users.count }.by(1)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should not allow a user to add another user to a group' do
|
|
|
|
xhr :put, "/groups/#{group.id}/members", usernames: other_user.username
|
|
|
|
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'removing members' do
|
|
|
|
it "cannot remove members from automatic groups" do
|
|
|
|
group.update!(automatic: true)
|
|
|
|
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", user_id: 42
|
|
|
|
expect(response.status).to eq(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error if user to be removed is not found" do
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", user_id: -10
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "is able to remove a member" do
|
|
|
|
it "removes by id" do
|
|
|
|
expect { xhr :delete, "/groups/#{group.id}/members", user_id: user.id }
|
|
|
|
.to change { group.users.count }.by(-1)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
it "removes by username" do
|
|
|
|
expect { xhr :delete, "/groups/#{group.id}/members", username: user.username }
|
|
|
|
.to change { group.users.count }.by(-1)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
it "removes user.primary_group_id when user is removed from group" do
|
|
|
|
user.update!(primary_group_id: group.id)
|
|
|
|
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", user_id: user.id
|
|
|
|
|
|
|
|
expect(user.reload.primary_group_id).to eq(nil)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "removes by user_email" do
|
|
|
|
expect { xhr :delete, "/groups/#{group.id}/members", user_email: user.email }
|
|
|
|
.to change { group.users.count }.by(-1)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'public group' do
|
|
|
|
let(:other_user) { Fabricate(:user) }
|
|
|
|
let(:group) { Fabricate(:group, users: [other_user]) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
group.update!(public: true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should allow a user to leave a group' do
|
|
|
|
sign_in(other_user)
|
|
|
|
|
|
|
|
expect { xhr :delete, "/groups/#{group.id}/members", username: other_user.username }
|
|
|
|
.to change { group.users.count }.by(-1)
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should not allow a user to leave a group for another user' do
|
|
|
|
xhr :delete, "/groups/#{group.id}/members", username: other_user.username
|
|
|
|
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-12-11 23:36:15 +08:00
|
|
|
|
|
|
|
describe "group histories" do
|
|
|
|
context 'when user is not signed in' do
|
|
|
|
it 'should raise the right error' do
|
|
|
|
expect { xhr :get, "/groups/#{group.name}/logs" }
|
|
|
|
.to raise_error(Discourse::NotLoggedIn)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user is not a group owner' do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should be forbidden' do
|
|
|
|
xhr :get, "/groups/#{group.name}/logs"
|
|
|
|
|
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'viewing history' do
|
|
|
|
context 'public group' do
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
group.update_attributes!(public: true)
|
|
|
|
GroupActionLogger.new(user, group).log_change_group_settings
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should allow group owner to view history' do
|
|
|
|
xhr :get, "/groups/#{group.name}/logs"
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
result = JSON.parse(response.body)["logs"].first
|
|
|
|
|
|
|
|
expect(result["action"]).to eq(GroupHistory.actions[1].to_s)
|
|
|
|
expect(result["subject"]).to eq('public')
|
|
|
|
expect(result["prev_value"]).to eq('f')
|
|
|
|
expect(result["new_value"]).to eq('t')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'admin' do
|
|
|
|
let(:admin) { Fabricate(:admin) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(admin)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should be able to view history' do
|
|
|
|
GroupActionLogger.new(admin, group).log_remove_user_from_group(user)
|
|
|
|
|
|
|
|
xhr :get, "/groups/#{group.name}/logs"
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
result = JSON.parse(response.body)["logs"].first
|
|
|
|
|
|
|
|
expect(result["action"]).to eq(GroupHistory.actions[3].to_s)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should be able to filter through the history' do
|
|
|
|
GroupActionLogger.new(admin, group).log_add_user_to_group(user)
|
|
|
|
GroupActionLogger.new(admin, group).log_remove_user_from_group(user)
|
|
|
|
|
|
|
|
xhr :get, "/groups/#{group.name}/logs", filters: { "action" => "add_user_to_group" }
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
logs = JSON.parse(response.body)["logs"]
|
|
|
|
|
|
|
|
expect(logs.count).to eq(1)
|
|
|
|
expect(logs.first["action"]).to eq(GroupHistory.actions[2].to_s)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-11-25 16:45:15 +08:00
|
|
|
end
|