github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-02 01:53:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
f1ec8c869a
discourse/spec/lib/category_guardian_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

53 lines
2.0 KiB
Ruby
Raw Normal View History

FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-19 08:35:28 +08:00
# frozen_string_literal: true
RSpec.describe CategoryGuardian do
fab!(:admin) { Fabricate(:admin) }
fab!(:user) { Fabricate(:user) }
fab!(:can_create_user) { Fabricate(:user) }
describe "can_post_in_category?" do
fab!(:category) { Fabricate(:category) }
context "when not restricted category" do
it "returns false for anonymous user" do
expect(Guardian.new.can_post_in_category?(category)).to eq(false)
end
it "returns true for admin" do
expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
end
it "returns true for regular user" do
expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
end
end
context "when restricted category" do
fab!(:category) { Fabricate(:category, read_restricted: true) }
fab!(:group) { Fabricate(:group) }
fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }
fab!(:category_group) { Fabricate(:category_group, group: group, category: category, permission_type: CategoryGroup.permission_types[:readonly]) }
it "returns false for anonymous user" do
expect(Guardian.new.can_post_in_category?(category)).to eq(false)
end
it "returns false for member of group with readonly access" do
expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)
end
it "returns true for admin" do
expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
end
it "returns true for member of group with create_post access" do
category_group.update!(permission_type: CategoryGroup.permission_types[:create_post])
expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
end
it "returns true for member of group with full access" do
category_group.update!(permission_type: CategoryGroup.permission_types[:full])
expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
end
end
end
end
Reference in New Issue Copy Permalink