From 8e0da35857f56c5c5938cd5b058277814e075519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Thu, 15 Feb 2018 18:13:57 +0100 Subject: [PATCH] FIX: allow local oneboxes to public topics/posts in PM --- lib/oneboxer.rb | 10 +++--- spec/controllers/onebox_controller_spec.rb | 42 +++++++++++++--------- 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/lib/oneboxer.rb b/lib/oneboxer.rb index 64e1ee8b3c6..533a5f08c00 100644 --- a/lib/oneboxer.rb +++ b/lib/oneboxer.rb @@ -165,14 +165,16 @@ module Oneboxer def self.local_topic_html(url, route, opts) return unless current_user = User.find_by(id: opts[:user_id]) - return unless current_category = Category.find_by(id: opts[:category_id]) - return unless Guardian.new(current_user).can_see_category?(current_category) + + if current_category = Category.find_by(id: opts[:category_id]) + return unless Guardian.new(current_user).can_see_category?(current_category) + end if route[:post_number].to_i > 1 post = Post.find_by(topic_id: route[:topic_id], post_number: route[:post_number]) return unless post.present? && !post.hidden - return unless current_category.id == post.topic.category_id || Guardian.new.can_see_post?(post) + return unless current_category&.id == post.topic.category_id || Guardian.new.can_see_post?(post) topic = post.topic excerpt = post.excerpt(SiteSetting.post_onebox_maxlength) @@ -184,7 +186,7 @@ module Oneboxer PrettyText.cook(quote) else return unless topic = Topic.find_by(id: route[:topic_id]) - return unless current_category.id == topic.category_id || Guardian.new.can_see_topic?(topic) + return unless current_category&.id == topic.category_id || Guardian.new.can_see_topic?(topic) first_post = topic.ordered_posts.first diff --git a/spec/controllers/onebox_controller_spec.rb b/spec/controllers/onebox_controller_spec.rb index 343c942d5e2..def998a6acc 100644 --- a/spec/controllers/onebox_controller_spec.rb +++ b/spec/controllers/onebox_controller_spec.rb @@ -100,35 +100,45 @@ describe OneboxController do describe "local onebox" do it 'does not cache local oneboxes' do - post1 = create_post - url = Discourse.base_url + post1.url + post = create_post + url = Discourse.base_url + post.url - get :show, params: { url: url, category_id: post1.topic.category_id }, format: :json + get :show, params: { url: url, category_id: post.topic.category_id }, format: :json expect(response.body).to include('blockquote') - post1.trash! + post.trash! - get :show, params: { url: url, category_id: post1.topic.category_id }, format: :json + get :show, params: { url: url, category_id: post.topic.category_id }, format: :json expect(response.body).not_to include('blockquote') end end - end + it 'does not onebox when you have no permission on category' do + log_in - it 'does not onebox when you have no permission on category' do - log_in + post = create_post + url = Discourse.base_url + post.url - post1 = create_post - url = Discourse.base_url + post1.url + get :show, params: { url: url, category_id: post.topic.category_id }, format: :json + expect(response.body).to include('blockquote') - get :show, params: { url: url, category_id: post1.topic.category_id }, format: :json - expect(response.body).to include('blockquote') + post.topic.category.set_permissions(staff: :full) + post.topic.category.save - post1.topic.category.set_permissions(staff: :full) - post1.topic.category.save + get :show, params: { url: url, category_id: post.topic.category_id }, format: :json + expect(response.body).not_to include('blockquote') + end + + it 'allows onebox to public topics/posts in PM' do + log_in + + post = create_post + url = Discourse.base_url + post.url + + get :show, params: { url: url }, format: :json + expect(response.body).to include('blockquote') + end - get :show, params: { url: url, category_id: post1.topic.category_id }, format: :json - expect(response.body).not_to include('blockquote') end end