github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-04 21:07:23 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Only render admin notice dismiss button for admins (#29103)

Browse Source 
Dismissing admin notices is an admin-only action. This is enforced on the back-end both by a routing constraint and a policy in the relevant service.

However, we still unconditionally display the "Dismiss" button to anyone with access to the admin dashboard. When clicked, it results in a 404 modal (due to the routing constraint.)

With this change we only render the dismiss button for admins.
This commit is contained in:
Ted Johansson 2024-10-07 13:14:01 +08:00 committed by GitHub
parent 8d1867688f
commit ec7703e622
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/assets/javascripts/admin/addon/components/admin-notice.gjs
View File

@ -1,25 +1,34 @@
import Component from "@glimmer/component"; import Component from "@glimmer/component";
import { action } from "@ember/object"; import { action } from "@ember/object";
import { service } from "@ember/service";
import { htmlSafe } from "@ember/template"; import { htmlSafe } from "@ember/template";
import DButton from "discourse/components/d-button"; import DButton from "discourse/components/d-button";
import icon from "discourse-common/helpers/d-icon"; import icon from "discourse-common/helpers/d-icon";
export default class AdminNotice extends Component { export default class AdminNotice extends Component {
@service currentUser;
@action @action
dismiss() { dismiss() {
this.args.dismissCallback(this.args.problem); this.args.dismissCallback(this.args.problem);
} }
get canDismiss() {
return this.currentUser.admin;
}
<template> <template>
<div class="notice"> <div class="notice">
<div class="message"> <div class="message">
{{if @icon (icon @icon)}} {{if @icon (icon @icon)}}
{{htmlSafe @problem.message}} {{htmlSafe @problem.message}}
</div> </div>
{{#if this.canDismiss}}
<DButton <DButton
@action={{this.dismiss}} @action={{this.dismiss}}
@label="admin.dashboard.dismiss_notice" @label="admin.dashboard.dismiss_notice"
/> />
{{/if}}
</div> </div>
</template> </template>
} }

26
spec/system/admin_notices_spec.rb
View File

@ -1,18 +1,19 @@
# frozen_string_literal: true # frozen_string_literal: true
describe "Admin Notices", type: :system do describe "Admin Notices", type: :system do
fab!(:admin)
let(:admin_dashboard) { PageObjects::Pages::AdminDashboard.new } let(:admin_dashboard) { PageObjects::Pages::AdminDashboard.new }
before do before do
Fabricate(:admin_notice) Fabricate(:admin_notice)
I18n.backend.store_translations(:en, dashboard: { problem: { test_notice: "Houston" } }) I18n.backend.store_translations(:en, dashboard: { problem: { test_notice: "Houston" } })
sign_in(admin)
end end
context "when signed in as admin" do
fab!(:admin)
before { sign_in(admin) }
it "supports dismissing admin notices" do it "supports dismissing admin notices" do
admin_dashboard.visit admin_dashboard.visit
@ -22,4 +23,21 @@ describe "Admin Notices", type: :system do
expect(admin_dashboard).to have_no_admin_notice(I18n.t("dashboard.problem.test_notice")) expect(admin_dashboard).to have_no_admin_notice(I18n.t("dashboard.problem.test_notice"))
end end
end
context "when signed in as moderator" do
fab!(:moderator)
before { sign_in(moderator) }
it "doesn't render dismiss button on admin notices" do
admin_dashboard.visit
expect(admin_dashboard).to have_admin_notice(I18n.t("dashboard.problem.test_notice"))
expect(admin_dashboard).to have_no_css(
".dashboard-problem .btn",
text: I18n.t("admin_js.admin.dashboard.dismiss_notice"),
)
end
end
end end