From 59db2811b09569b5c467eaff6e281a6f7d8e5a1e Mon Sep 17 00:00:00 2001 From: Dan Ungureanu Date: Tue, 18 Feb 2020 12:13:19 +0200 Subject: [PATCH] FIX: Disable poll options if user groups do not allow them (#8987) --- .../javascripts/widgets/discourse-poll.js.es6 | 29 ++-- .../widgets/discourse-poll-test.js.es6 | 141 ++++++++++++++++++ 2 files changed, 157 insertions(+), 13 deletions(-) create mode 100644 plugins/poll/test/javascripts/widgets/discourse-poll-test.js.es6 diff --git a/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 b/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 index 8891a5df10c..21d24f512c6 100644 --- a/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 +++ b/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 @@ -39,6 +39,20 @@ function _fetchVoters(data) { }); } +function checkUserGroups(user, poll) { + const pollGroups = + poll && poll.groups && poll.groups.split(",").map(g => g.toLowerCase()); + + if (!pollGroups) { + return true; + } + + const userGroups = + user && user.groups && user.groups.map(g => g.name.toLowerCase()); + + return userGroups && pollGroups.some(g => userGroups.includes(g)); +} + createWidget("discourse-poll-option", { tagName: "li", @@ -335,19 +349,7 @@ createWidget("discourse-poll-container", { } else if (options) { const contents = []; - const pollGroups = - poll.groups && poll.groups.split(",").map(g => g.toLowerCase()); - - const userGroups = - this.currentUser && - this.currentUser.groups && - this.currentUser.groups.map(g => g.name.toLowerCase()); - - if ( - pollGroups && - userGroups && - !pollGroups.some(g => userGroups.includes(g)) - ) { + if (!checkUserGroups(this.currentUser, poll)) { contents.push( h( "div.alert.alert-danger", @@ -1012,6 +1014,7 @@ export default createWidget("discourse-poll", { if (this.isClosed()) return; if (!this.currentUser) return this.showLogin(); + if (!checkUserGroups(this.currentUser, this.attrs.poll)) return; const { vote } = attrs; if (!this.isMultiple()) { diff --git a/plugins/poll/test/javascripts/widgets/discourse-poll-test.js.es6 b/plugins/poll/test/javascripts/widgets/discourse-poll-test.js.es6 new file mode 100644 index 00000000000..e7836e3d3ea --- /dev/null +++ b/plugins/poll/test/javascripts/widgets/discourse-poll-test.js.es6 @@ -0,0 +1,141 @@ +import EmberObject from "@ember/object"; +import { moduleForWidget, widgetTest } from "helpers/widget-test"; + +moduleForWidget("discourse-poll"); + +const template = `{{mount-widget + widget="discourse-poll" + args=(hash id=id + post=post + poll=poll + vote=vote + groupableUserFields=groupableUserFields)}}`; + +widgetTest("can vote", { + template, + + beforeEach() { + this.setProperties({ + post: EmberObject.create({ + id: 42, + topic: { + archived: false + } + }), + poll: EmberObject.create({ + name: "poll", + type: "regular", + status: "open", + results: "always", + options: [ + { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 0 }, + { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 } + ], + voters: 0, + chart_type: "bar" + }), + vote: [], + groupableUserFields: [] + }); + }, + + async test(assert) { + let requests = 0; + + /* global server */ + server.put("/polls/vote", () => { + ++requests; + return [ + 200, + { "Content-Type": "application/json" }, + { + poll: { + name: "poll", + type: "regular", + status: "open", + results: "always", + options: [ + { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 1 }, + { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 } + ], + voters: 1, + chart_type: "bar" + }, + vote: ["1f972d1df351de3ce35a787c89faad29"] + } + ]; + }); + + await click("li[data-poll-option-id='1f972d1df351de3ce35a787c89faad29']"); + assert.equal(requests, 1); + assert.equal(find(".chosen").length, 1); + assert.equal(find(".chosen").text(), "100%yes"); + } +}); + +widgetTest("cannot vote if not member of the right group", { + template, + + beforeEach() { + this.setProperties({ + post: EmberObject.create({ + id: 42, + topic: { + archived: false + } + }), + poll: EmberObject.create({ + name: "poll", + type: "regular", + status: "open", + results: "always", + options: [ + { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 0 }, + { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 } + ], + voters: 0, + chart_type: "bar", + groups: "foo" + }), + vote: [], + groupableUserFields: [] + }); + }, + + async test(assert) { + let requests = 0; + + /* global server */ + server.put("/polls/vote", () => { + ++requests; + return [ + 200, + { "Content-Type": "application/json" }, + { + poll: { + name: "poll", + type: "regular", + status: "open", + results: "always", + options: [ + { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 1 }, + { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 } + ], + voters: 1, + chart_type: "bar", + groups: "foo" + }, + vote: ["1f972d1df351de3ce35a787c89faad29"] + } + ]; + }); + + await click("li[data-poll-option-id='1f972d1df351de3ce35a787c89faad29']"); + assert.equal( + find(".poll-container .alert").text(), + I18n.t("poll.results.groups.title", { groups: "foo" }) + ); + assert.equal(requests, 0); + assert.equal(find(".chosen").length, 0); + } +});