mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 09:42:07 +08:00
FIX: Topic view breaks with topic timer to publish to restricted category. (#16385)
When a user views a topic that contains a topic timer to publish to a restricted category, an error occurs on the client side because the user does not have access to information about the category. This commit fixes it such that the topic timer is not shown to the user if the user does not have access to the category.
This commit is contained in:
parent
36dcf80aff
commit
0328757ffb
|
@ -112,6 +112,10 @@ class TopicTimer < ActiveRecord::Base
|
|||
true
|
||||
end
|
||||
|
||||
def publishing_to_category?
|
||||
self.status_type.to_i == TopicTimer.types[:publish_to_category]
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def duration_in_range?
|
||||
|
@ -138,10 +142,6 @@ class TopicTimer < ActiveRecord::Base
|
|||
))
|
||||
end
|
||||
|
||||
def publishing_to_category?
|
||||
self.status_type.to_i == TopicTimer.types[:publish_to_category]
|
||||
end
|
||||
|
||||
def schedule_auto_delete_replies_job
|
||||
Jobs.enqueue(TopicTimer.type_job_map[:delete_replies], topic_timer_id: id)
|
||||
end
|
||||
|
|
|
@ -203,6 +203,14 @@ class TopicViewSerializer < ApplicationSerializer
|
|||
end
|
||||
|
||||
def topic_timer
|
||||
topic_timer = object.topic.public_topic_timer
|
||||
|
||||
return nil if topic_timer.blank?
|
||||
|
||||
if topic_timer.publishing_to_category?
|
||||
return nil if !scope.can_see_category?(Category.find_by(id: topic_timer.category_id))
|
||||
end
|
||||
|
||||
TopicTimerSerializer.new(object.topic.public_topic_timer, root: false)
|
||||
end
|
||||
|
||||
|
|
|
@ -544,4 +544,54 @@ describe TopicViewSerializer do
|
|||
expect(json[:requested_group_name]).to eq(nil)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#topic_timer' do
|
||||
it 'does not include the attribute when topic does not have a topic timer' do
|
||||
json = serialize_topic(topic, user)
|
||||
|
||||
expect(json[:topic_timer]).to eq(nil)
|
||||
end
|
||||
|
||||
it 'includes the attribute when topic has a public topic timer' do
|
||||
topic_timer = Fabricate(:topic_timer, topic: topic, execute_at: Time.utc(2022, 4, 6, 16, 23, 56))
|
||||
json = serialize_topic(topic, user)
|
||||
|
||||
expect(json[:topic_timer][:id]).to eq(topic_timer.id)
|
||||
expect(json[:topic_timer][:based_on_last_post]).to eq(false)
|
||||
expect(json[:topic_timer][:category_id]).to eq(nil)
|
||||
expect(json[:topic_timer][:duration_minutes]).to eq(nil)
|
||||
expect(json[:topic_timer][:execute_at]).to eq('2022-04-06T16:23:56.000Z')
|
||||
expect(json[:topic_timer][:status_type]).to eq("close")
|
||||
end
|
||||
|
||||
it 'does not include the attribute for category topic timer where category is restricted to user' do
|
||||
category = Fabricate(:category, read_restricted: true)
|
||||
|
||||
Fabricate(:topic_timer,
|
||||
topic: topic,
|
||||
category_id: category.id,
|
||||
status_type:
|
||||
TopicTimer.types[:publish_to_category]
|
||||
)
|
||||
|
||||
json = serialize_topic(topic, user)
|
||||
|
||||
expect(json[:topic_timer]).to eq(nil)
|
||||
end
|
||||
|
||||
it 'includes the attribute for category topic timer where category is not restricted to user' do
|
||||
category = Fabricate(:category, read_restricted: false)
|
||||
|
||||
topic_timer = Fabricate(:topic_timer,
|
||||
topic: topic,
|
||||
category_id: category.id,
|
||||
status_type:
|
||||
TopicTimer.types[:publish_to_category]
|
||||
)
|
||||
|
||||
json = serialize_topic(topic, user)
|
||||
|
||||
expect(json[:topic_timer][:id]).to eq(topic_timer.id)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user