diff --git a/app/models/category_list.rb b/app/models/category_list.rb index 7ae4704f388..2a465f63b37 100644 --- a/app/models/category_list.rb +++ b/app/models/category_list.rb @@ -206,12 +206,19 @@ class CategoryList allowed_topic_create = Set.new(Category.topic_create_allowed(@guardian).pluck(:id)) + parent_ids = + Category + .secured(@guardian) + .where(parent_category_id: categories_with_descendants.map(&:id)) + .pluck("DISTINCT parent_category_id") + .to_set + categories_with_descendants.each do |category| category.notification_level = notification_levels[category.id] || default_notification_level category.permission = CategoryGroup.permission_types[:full] if allowed_topic_create.include?( category.id, ) - category.has_children = category.subcategories.present? + category.has_children = parent_ids.include?(category.id) end if @topics_by_category_id diff --git a/spec/models/category_list_spec.rb b/spec/models/category_list_spec.rb index 5fedc0467c5..a972c1db751 100644 --- a/spec/models/category_list_spec.rb +++ b/spec/models/category_list_spec.rb @@ -12,6 +12,29 @@ RSpec.describe CategoryList do fab!(:admin) let(:category_list) { CategoryList.new(Guardian.new(user), include_topics: true) } + context "when a category has a secret subcategory" do + fab!(:category) + + fab!(:secret_subcategory) do + cat = Fabricate(:category, parent_category: category) + cat.set_permissions(admins: :full) + cat.save! + cat + end + + let(:admin_category_list) { CategoryList.new(Guardian.new(admin), include_topics: true) } + + it "doesn't set has_children when an unpriveleged user is querying" do + found = category_list.categories.find { |c| c.id == category.id } + expect(found.has_children).to eq(false) + end + + it "sets has_children when an admin is querying" do + found = admin_category_list.categories.find { |c| c.id == category.id } + expect(found.has_children).to eq(true) + end + end + describe "security" do it "properly hide secure categories" do cat = Fabricate(:category_with_definition)