FIX: Staff users are not affected by enable_group_directory site setting.

2025-03-26 22:49:25 +08:00 · 2018-04-10 09:22:01 +08:00 · 2018-04-10 09:22:01 +08:00 · d9d86577ff
commit d9d86577ff
parent 6995382323
3 changed files with 27 additions and 4 deletions
--- a/app/assets/javascripts/discourse/widgets/hamburger-menu.js.es6
+++ b/app/assets/javascripts/discourse/widgets/hamburger-menu.js.es6
@ -116,7 +116,7 @@ export default createWidget('hamburger-menu', {
      links.push({ route: 'users', className: 'user-directory-link', label: 'directory.title' });
    }

-    if (this.siteSettings.enable_group_directory) {
+    if (this.siteSettings.enable_group_directory ||  this.currentUser.staff) {
      links.push({ route: 'groups', className: 'groups-link', label: 'groups.index.title' });
    }

--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@ -37,7 +37,7 @@ class GroupsController < ApplicationController
  }

  def index
-    unless SiteSetting.enable_group_directory?
+    unless SiteSetting.enable_group_directory? || current_user&.staff?
      raise Discourse::InvalidAccess.new(:enable_group_directory)
    end

--- a/spec/requests/groups_controller_spec.rb
+++ b/spec/requests/groups_controller_spec.rb
@ -4,6 +4,8 @@ describe GroupsController do
  let(:user) { Fabricate(:user) }
  let(:group) { Fabricate(:group, users: [user]) }
  let(:moderator_group_id) { Group::AUTO_GROUPS[:moderators] }
+  let(:admin) { Fabricate(:admin) }
+  let(:moderator) { Fabricate(:moderator) }

  describe '#index' do
    let(:staff_group) do
@ -11,11 +13,32 @@ describe GroupsController do
    end

    context 'when group directory is disabled' do
-      it 'should deny access' do
+      before do
        SiteSetting.enable_group_directory = false
+      end

+      it 'should deny access for an anon user' do
        get "/groups.json"
-        expect(response).to be_forbidden
+        expect(response.status).to eq(403)
+      end
+
+      it 'should deny access for a normal user' do
+        get "/groups.json"
+        expect(response.status).to eq(403)
+      end
+
+      it 'should not deny access for an admin' do
+        sign_in(admin)
+        get "/groups.json"
+
+        expect(response.status).to eq(200)
+      end
+
+      it 'should not deny access for a moderator' do
+        sign_in(moderator)
+        get "/groups.json"
+
+        expect(response.status).to eq(200)
      end
    end