discourse/spec/requests/list_controller_spec.rb
Osama Sayegh 976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981)
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00

1760 lines
57 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# frozen_string_literal: true
RSpec.describe ListController do
fab!(:user) { Fabricate(:user, refresh_auto_groups: true) }
fab!(:topic) { Fabricate(:topic, user: user) }
fab!(:group) { Fabricate(:group, name: "AwesomeGroup") }
fab!(:admin)
before do
admin # to skip welcome wizard at home page `/`
SiteSetting.top_menu = "latest|new|unread|categories"
end
describe "#index" do
context "when params are invalid" do
it "should return a 400 response when `page` param is a string that represent a negative integer" do
get "/latest?page=-1"
expect(response.status).to eq(400)
end
it "should return a 400 response when `page` param is a string larger than maximum integer value" do
get "/latest?page=2147483648"
expect(response.status).to eq(400)
get "/latest?page=1111111111111111111111111111111111111111"
expect(response.status).to eq(400)
end
it "should return a 400 response when `before` param is not a string represetning an integer" do
get "/latest?before[1]=haxx"
expect(response.status).to eq(400)
end
it "should return a 400 response when `bumped_before` param is not a string representing an integer" do
get "/latest?bumped_before[1]=haxx"
expect(response.status).to eq(400)
end
it "should return a 400 response when `topic_ids` param is not a string representing an integer" do
get "/latest?topic_ids[1]=haxx"
expect(response.status).to eq(400)
end
it "should return a 400 response when `category` param is not a string representing an integer" do
get "/latest?category[1]=haxx"
expect(response.status).to eq(400)
end
it "should return a 400 response when `order` param is not a string" do
get "/latest?order[1]=haxx"
expect(response.status).to eq(400)
end
it "should return a 400 response when `ascending` param is not a string that is either `true` or `false`" do
get "/latest?ascending=maybe"
expect(response.status).to eq(400)
end
it "should return a 400 response when `min_posts` param is a string that does not represent an integer" do
get "/latest?min_posts=bob"
expect(response.status).to eq(400)
end
it "should return a 400 response when `max_posts` param is a string that does not represent an integer" do
get "/latest?max_posts=bob"
expect(response.status).to eq(400)
end
it "should return a 400 response when `max_posts` param is a string larger than maximum integer value" do
get "/latest?max_posts=1111111111111111111111111111111111111111"
expect(response.status).to eq(400)
end
it "should return a 400 response when `status` param is not a string" do
get "/latest?status%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `filter` param is not a string" do
get "/latest?filter%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `state` param is not a string" do
get "/latest?state%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `search` param is not a string" do
get "/latest?search%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `q` param is not a string" do
get "/latest?q%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `f` param is not a string" do
get "/latest?f%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `subset` param is not a string" do
get "/latest?subset%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `group_name` param is not a string" do
get "/latest?group_name%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `tags` param is not an array or string" do
get "/latest?tags[1]=hello"
expect(response.status).to eq(400)
end
it "should return a 400 response when `filter` param is not a string" do
get "/latest?filter%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `match_all_tags` param is not a string that is either `true` or `false`" do
get "/latest?match_all_tags=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `no_subcategories` param is not a string that is either `true` or `false`" do
get "/latest?no_subcategories=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `no_tags` param is not a string that is either `true` or `false`" do
get "/latest?no_tags=something"
expect(response.status).to eq(400)
end
it "should return a 400 response when `exclude_tag` param is not a string" do
get "/latest?exclude_tag%5Bsomehash%5D=something"
expect(response.status).to eq(400)
end
end
it "returns 200 for legit requests" do
get "/latest.json?no_definitions=true&no_subcategories=false&page=1&_=1534296100767"
expect(response.status).to eq(200)
get "/latest.json?max_posts=12"
expect(response.status).to eq(200)
get "/latest.json?min_posts=0"
expect(response.status).to eq(200)
get "/latest?page=0"
expect(response.status).to eq(200)
get "/latest?page=1"
expect(response.status).to eq(200)
get "/latest.json?page=2147483647"
expect(response.status).to eq(200)
get "/latest?search="
expect(response.status).to eq(200)
get "/latest.json?topic_ids%5B%5D=14583&topic_ids%5B%5D=14584"
expect(response.status).to eq(200)
get "/latest.json?topic_ids=14583%2C14584"
expect(response.status).to eq(200)
get "/latest?tags[]=hello"
expect(response.status).to eq(200)
end
(Discourse.anonymous_filters - [:categories]).each do |filter|
context "with #{filter}" do
it "succeeds" do
get "/#{filter}"
expect(response.status).to eq(200)
end
end
end
it "allows users to filter on a set of topic ids" do
p = create_post
get "/latest.json", params: { topic_ids: "#{p.topic_id}" }
expect(response.status).to eq(200)
parsed = response.parsed_body
expect(parsed["topic_list"]["topics"].length).to eq(1)
end
it "shows correct title if topic list is set for homepage" do
get "/latest"
expect(response.body).to have_tag "title", text: "Discourse"
SiteSetting.short_site_description = "Best community"
get "/latest"
expect(response.body).to have_tag "title", text: "Discourse - Best community"
end
it "returns structured data" do
get "/latest"
expect(response.status).to eq(200)
topic_list = Nokogiri.HTML5(response.body).css(".topic-list")
first_item = topic_list.css('[itemprop="itemListElement"]')
expect(first_item.css('[itemprop="position"]')[0]["content"]).to eq("1")
expect(first_item.css('[itemprop="url"]')[0]["href"]).to eq(topic.url)
end
it "does not result in N+1 queries when topics have tags and tagging_enabled site setting is enabled" do
SiteSetting.tagging_enabled = true
tag = Fabricate(:tag)
topic.tags << tag
# warm up
get "/latest.json"
expect(response.status).to eq(200)
initial_sql_queries_count =
track_sql_queries do
get "/latest.json"
expect(response.status).to eq(200)
body = response.parsed_body
expect(body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(topic.id)
expect(body["topic_list"]["topics"][0]["tags"]).to contain_exactly(tag.name)
end.count
tag2 = Fabricate(:tag)
topic2 = Fabricate(:topic, tags: [tag2])
new_sql_queries_count =
track_sql_queries do
get "/latest.json"
expect(response.status).to eq(200)
body = response.parsed_body
expect(body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(
topic.id,
topic2.id,
)
expect(body["topic_list"]["topics"][0]["tags"]).to contain_exactly(tag2.name)
expect(body["topic_list"]["topics"][1]["tags"]).to contain_exactly(tag.name)
end.count
expect(new_sql_queries_count).to eq(initial_sql_queries_count)
end
it "does not N+1 queries when topic featured users have different primary groups" do
user.update!(primary_group: group)
# warm up
get "/latest.json"
expect(response.status).to eq(200)
initial_sql_queries_count =
track_sql_queries do
get "/latest.json"
expect(response.status).to eq(200)
body = response.parsed_body
expect(body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(topic.id)
expect(
body["topic_list"]["topics"][0]["posters"].map { |p| p["user_id"] },
).to contain_exactly(user.id)
end.count
group2 = Fabricate(:group)
user2 = Fabricate(:user, primary_group: group2)
topic.update!(last_post_user_id: user2.id)
group3 = Fabricate(:group)
user3 = Fabricate(:user, flair_group: group3)
topic.update!(featured_user3_id: user3.id)
new_sql_queries_count =
track_sql_queries do
get "/latest.json"
expect(response.status).to eq(200)
body = response.parsed_body
expect(body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(topic.id)
expect(
body["topic_list"]["topics"][0]["posters"].map { |p| p["user_id"] },
).to contain_exactly(user.id, user2.id, user3.id)
end.count
expect(new_sql_queries_count).to be <= initial_sql_queries_count
end
context "with topics with tags" do
let(:tag_group) { Fabricate.build(:tag_group) }
let(:tag_group_permission) { Fabricate.build(:tag_group_permission, tag_group: tag_group) }
let(:restricted_tag) { Fabricate(:tag) }
let(:public_tag) { Fabricate(:tag) }
before do
tag_group.tag_group_permissions << tag_group_permission
tag_group.save!
tag_group_permission.tag_group.tags << restricted_tag
topic.tags << [public_tag, restricted_tag]
end
it "does not show hidden tags" do
get "/latest"
expect(response.status).to eq(200)
expect(response.body).to include(public_tag.name)
expect(response.body).not_to include(restricted_tag.name)
end
end
context "with lazy load categories enabled" do
fab!(:category)
fab!(:subcategory) { Fabricate(:category, parent_category: category) }
before { topic.update!(category: subcategory) }
it "returns categories and parent categories if true" do
SiteSetting.lazy_load_categories_groups = "#{Group::AUTO_GROUPS[:everyone]}"
get "/latest.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].length).to eq(1)
expect(response.parsed_body["topic_list"]["topics"][0]["id"]).to eq(topic.id)
expect(response.parsed_body["topic_list"]["categories"].length).to eq(2)
expect(response.parsed_body["topic_list"]["categories"].map { |c| c["id"] }).to eq(
[category.id, subcategory.id],
)
end
it "does not return categories if not true" do
SiteSetting.lazy_load_categories_groups = ""
get "/latest.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].length).to eq(1)
expect(response.parsed_body["topic_list"]["topics"][0]["id"]).to eq(topic.id)
expect(response.parsed_body["topic_list"]["categories"]).to eq(nil)
end
end
end
describe "categories and X" do
let(:category) { Fabricate(:category_with_definition) }
let(:sub_category) { Fabricate(:category_with_definition, parent_category: category) }
it "returns top topics" do
Fabricate(:topic, like_count: 1000, posts_count: 100)
TopTopic.refresh!
get "/categories_and_top.json"
data = response.parsed_body
expect(data["topic_list"]["topics"].length).to eq(1)
get "/categories_and_latest.json"
data = response.parsed_body
expect(data["topic_list"]["topics"].length).to eq(2)
end
it "returns topics from subcategories when no_subcategories=false" do
Fabricate(:topic, category: sub_category)
get "/c/#{category.slug}/#{category.id}/l/latest.json?no_subcategories=false"
expect(response.parsed_body["topic_list"]["topics"].length).to eq(2)
end
end
describe "titles for crawler layout" do
it "has no title for the default URL" do
topic
filter = Discourse.anonymous_filters[0]
get "/#{filter}", params: { _escaped_fragment_: "true" }
expect(response.body).to include(I18n.t("rss_description.posts"))
expect(response.body).to_not include(I18n.t("js.filters.with_topics", filter: filter))
end
it "has a title for non-default URLs" do
topic
filter = Discourse.anonymous_filters[1]
get "/#{filter}", params: { _escaped_fragment_: "true" }
expect(response.body).to include(I18n.t("js.filters.with_topics", filter: filter))
end
end
describe "filter private messages by tag" do
fab!(:user)
fab!(:moderator)
fab!(:admin)
let(:tag) { Fabricate(:tag) }
let(:private_message) { Fabricate(:private_message_topic, user: admin) }
before do
SiteSetting.tagging_enabled = true
SiteSetting.pm_tags_allowed_for_groups = "1|2|3"
Fabricate(:topic_tag, tag: tag, topic: private_message)
end
it "should fail for non-staff users" do
sign_in(user)
get "/topics/private-messages-tags/#{user.username}/#{tag.name}.json"
expect(response.status).to eq(404)
end
it "should fail for staff users if empty" do
SiteSetting.pm_tags_allowed_for_groups = ""
[moderator, admin].each do |user|
sign_in(user)
get "/topics/private-messages-tags/#{user.username}/#{tag.name}.json"
expect(response.status).to eq(404)
end
end
it "should be success for staff users" do
[moderator, admin].each do |user|
sign_in(user)
get "/topics/private-messages-tags/#{user.username}/#{tag.name}.json"
expect(response.status).to eq(200)
end
end
it "should work for tag with unicode name" do
unicode_tag = Fabricate(:tag, name: "hello-🇺🇸")
Fabricate(:topic_tag, tag: unicode_tag, topic: private_message)
sign_in(admin)
get "/topics/private-messages-tags/#{admin.username}/#{UrlHelper.encode_component(unicode_tag.name)}.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].first["id"]).to eq(private_message.id)
end
it "should work for users who are allowed and direct links" do
SiteSetting.pm_tags_allowed_for_groups = group.name
group.add(user)
sign_in(user)
get "/u/#{user.username}/messages/tags/#{tag.name}"
expect(response.status).to eq(200)
end
end
describe "#private_messages_group" do
describe "when user not in personal_message_enabled_groups group" do
let!(:topic) { Fabricate(:private_message_topic, allowed_groups: [group]) }
before do
group.add(user)
SiteSetting.personal_message_enabled_groups = Group::AUTO_GROUPS[:staff]
end
it "should display group private messages for an admin" do
sign_in(Fabricate(:admin))
get "/topics/private-messages-group/#{user.username}/#{group.name}.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].first["id"]).to eq(topic.id)
end
it "should display moderator group private messages for a moderator" do
moderator = Fabricate(:moderator)
group = Group.find(Group::AUTO_GROUPS[:moderators])
Fabricate(:private_message_topic, allowed_groups: [group])
sign_in(moderator)
get "/topics/private-messages-group/#{moderator.username}/#{group.name}.json"
expect(response.status).to eq(200)
end
it "should not display group private messages for a moderator's group" do
moderator = Fabricate(:moderator)
sign_in(moderator)
get "/topics/private-messages-group/#{user.username}/#{group.name}.json"
expect(response.status).to eq(404)
end
it "should sort group private messages by posts_count" do
topic2 = Fabricate(:private_message_topic, allowed_groups: [group])
topic3 = Fabricate(:private_message_topic, allowed_groups: [group])
2.times { Fabricate(:post, topic: topic2) }
Fabricate(:post, topic: topic3)
sign_in(Fabricate(:admin))
get "/topics/private-messages-group/#{user.username}/#{group.name}.json",
params: {
order: "posts",
}
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |t| t["id"] }).to eq(
[topic2.id, topic3.id, topic.id],
)
end
end
describe "with unicode_usernames" do
before do
group.add(user)
sign_in(user)
SiteSetting.unicode_usernames = false
end
it "should return the right response when user does not belong to group" do
Fabricate(:private_message_topic, allowed_groups: [group])
group.remove(user)
get "/topics/private-messages-group/#{user.username}/#{group.name}.json"
expect(response.status).to eq(404)
end
it "should return the right response" do
topic = Fabricate(:private_message_topic, allowed_groups: [group])
get "/topics/private-messages-group/#{user.username}/awesomegroup.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].first["id"]).to eq(topic.id)
end
end
describe "with unicode_usernames" do
before do
sign_in(user)
SiteSetting.unicode_usernames = true
end
it "Returns a 200 with unicode group name" do
unicode_group = Fabricate(:group, name: "群群组")
unicode_group.add(user)
topic = Fabricate(:private_message_topic, allowed_groups: [unicode_group])
get "/topics/private-messages-group/#{user.username}/#{UrlHelper.encode_component(unicode_group.name)}.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].first["id"]).to eq(topic.id)
end
end
end
describe "#group_topics" do
%i[user user2].each do |user|
let(user) do
user = Fabricate(:user)
group.add(user)
user
end
end
let!(:topic) { Fabricate(:topic, user: user) }
let!(:topic2) { Fabricate(:topic, user: user2) }
let!(:another_topic) { Fabricate(:topic) }
describe "when an invalid group name is given" do
it "should return the right response" do
get "/topics/groups/something.json"
expect(response.status).to eq(404)
end
end
describe "for an anon user" do
describe "public visible group" do
it "should return the right response" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]).to be_present
end
end
describe "group restricted to logged-on-users" do
before { group.update!(visibility_level: Group.visibility_levels[:logged_on_users]) }
it "should return the right response" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(403)
end
end
describe "restricted group" do
before { group.update!(visibility_level: Group.visibility_levels[:staff]) }
it "should return the right response" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(403)
end
end
describe "group members visibility restricted to logged-on-users" do
before do
group.update!(members_visibility_level: Group.visibility_levels[:logged_on_users])
end
it "should return the right response" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(403)
end
end
end
describe "for a normal user" do
before { sign_in(Fabricate(:user)) }
describe "restricted group" do
before { group.update!(visibility_level: Group.visibility_levels[:staff]) }
it "should return the right response" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(403)
end
end
describe "group restricted to logged-on-users" do
before { group.update!(visibility_level: Group.visibility_levels[:logged_on_users]) }
it "should return the right response" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(200)
end
end
end
describe "for a group user" do
before { sign_in(user) }
it "should be able to view the topics started by group users" do
get "/topics/groups/#{group.name}.json"
expect(response.status).to eq(200)
topics = response.parsed_body["topic_list"]["topics"]
expect(topics.map { |topic| topic["id"] }).to contain_exactly(topic.id, topic2.id)
end
end
end
describe "RSS feeds" do
it "renders latest RSS" do
get "/latest.rss"
expect(response.status).to eq(200)
expect(response.media_type).to eq("application/rss+xml")
expect(response.headers["X-Robots-Tag"]).to eq("noindex")
end
it "renders latest RSS with query params" do
get "/latest.rss?status=closed"
expect(response.status).to eq(200)
expect(response.media_type).to eq("application/rss+xml")
expect(response.body).to_not include("<item>")
end
it "renders links correctly with subfolder" do
set_subfolder "/forum"
_post = Fabricate(:post, topic: topic, user: user)
get "/latest.rss"
expect(response.status).to eq(200)
expect(response.body).to_not include("/forum/forum")
expect(response.body).to include("http://test.localhost/forum/t/#{topic.slug}")
end
it "renders top RSS" do
get "/top.rss"
expect(response.status).to eq(200)
expect(response.media_type).to eq("application/rss+xml")
end
it "errors for invalid periods on top RSS" do
get "/top.rss?period=decadely"
expect(response.status).to eq(400)
end
TopTopic.periods.each do |period|
it "renders #{period} top RSS" do
get "/top.rss?period=#{period}"
expect(response.status).to eq(200)
expect(response.media_type).to eq("application/rss+xml")
end
end
end
describe "Top" do
it "renders top" do
get "/top"
expect(response.status).to eq(200)
end
it "renders top with a period" do
get "/top?period=weekly"
expect(response.status).to eq(200)
end
it "errors for invalid periods on top" do
get "/top?period=decadely"
expect(response.status).to eq(400)
end
end
describe "category" do
context "when in a category" do
let(:category) { Fabricate(:category_with_definition) }
let(:group) { Fabricate(:group) }
let(:private_category) { Fabricate(:private_category, group: group) }
context "without access to see the category" do
it "responds with a 404 error" do
get "/c/#{private_category.slug}/l/latest"
expect(response.status).to eq(404)
end
end
context "with access to see the category" do
it "succeeds" do
get "/c/#{category.slug}/#{category.id}/l/latest"
expect(response.status).to eq(200)
end
end
context "with encoded slug in the category" do
let(:category) { Fabricate(:category, slug: "தமிழ்") }
before { SiteSetting.slug_generation_method = "encoded" }
it "succeeds" do
get "/c/#{category.slug}/#{category.id}/l/latest"
expect(response.status).to eq(200)
end
end
context "with a link that has a parent slug, slug and id in its path" do
let(:child_category) { Fabricate(:category_with_definition, parent_category: category) }
context "with valid slug" do
it "succeeds" do
get "/c/#{category.slug}/#{child_category.slug}/#{child_category.id}/l/latest"
expect(response.status).to eq(200)
end
end
context "with invalid slug" do
it "redirects" do
get "/c/random_slug/another_random_slug/#{child_category.id}/l/latest"
expect(response).to redirect_to("#{child_category.url}/l/latest")
end
end
end
context "when another category exists with a number at the beginning of its name" do
# One category has another category's id at the beginning of its name
let!(:other_category) do
# Our validations don't allow this to happen now, but did historically
Fabricate(
:category_with_definition,
name: "#{category.id} name",
slug: "will-be-changed",
).tap { |category| category.update_column(:slug, "#{category.id}-name") }
end
it "uses the correct category" do
get "/c/#{other_category.slug}/#{other_category.id}/l/latest.json"
expect(response.status).to eq(200)
body = response.parsed_body
expect(body["topic_list"]["topics"].first["category_id"]).to eq(other_category.id)
end
end
context "with a child category" do
let(:sub_category) { Fabricate(:category_with_definition, parent_category_id: category.id) }
context "when parent and child are requested" do
it "succeeds" do
get "/c/#{category.slug}/#{sub_category.slug}/#{sub_category.id}/l/latest"
expect(response.status).to eq(200)
end
end
context "when child is requested with the wrong parent" do
it "responds with a 404 error" do
get "/c/not-the-right-slug/#{sub_category.slug}/l/latest"
expect(response.status).to eq(404)
end
end
end
describe "feed" do
it "renders RSS" do
get "/c/#{category.slug}/#{category.id}.rss"
expect(response.status).to eq(200)
expect(response.media_type).to eq("application/rss+xml")
end
it "renders RSS in subfolder correctly" do
set_subfolder "/forum"
get "/c/#{category.slug}/#{category.id}.rss"
expect(response.status).to eq(200)
expect(response.body).to_not include("/forum/forum")
expect(response.body).to include("http://test.localhost/forum/c/#{category.slug}")
end
end
describe "category default views" do
it "has a top default view" do
category.update!(default_view: "top", default_top_period: "monthly")
get "/c/#{category.slug}/#{category.id}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["for_period"]).to eq("monthly")
end
it "has a default view of nil" do
category.update!(default_view: nil)
get "/c/#{category.slug}/#{category.id}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["for_period"]).to be_blank
end
it "has a default view of ''" do
category.update!(default_view: "")
get "/c/#{category.slug}/#{category.id}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["for_period"]).to be_blank
end
it "has a default view of latest" do
category.update!(default_view: "latest")
get "/c/#{category.slug}/#{category.id}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["for_period"]).to be_blank
end
end
describe "renders canonical tag" do
it "for category default view" do
get "/c/#{category.slug}/#{category.id}"
expect(response.status).to eq(200)
expect(css_select("link[rel=canonical]").length).to eq(1)
end
it "for category latest view" do
get "/c/#{category.slug}/#{category.id}/l/latest"
expect(response.status).to eq(200)
expect(css_select("link[rel=canonical]").length).to eq(1)
end
end
context "for category default view" do
let!(:amazing_category) { Fabricate(:category_with_definition, name: "Amazing Category") }
it "renders correct title" do
get "/c/#{amazing_category.slug}/#{amazing_category.id}"
expect(response.body).to have_tag "title", text: "Amazing Category - Discourse"
end
end
context "for category latest view" do
let!(:amazing_category) { Fabricate(:category_with_definition, name: "Amazing Category") }
it "renders correct title" do
SiteSetting.short_site_description = "Best community"
get "/c/#{amazing_category.slug}/#{amazing_category.id}/l/latest"
expect(response.body).to have_tag "title", text: "Amazing Category - Discourse"
end
end
end
end
describe "topics_by" do
fab!(:topic2) { Fabricate(:topic, user: user) }
fab!(:user2) { Fabricate(:user) }
before do
user.user_stat.update!(post_count: 1)
sign_in(user2)
end
it "should respond with a list" do
get "/topics/created-by/#{user.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(2)
end
it "should work with period in username" do
user.update!(username: "myname.test")
get "/topics/created-by/#{user.username}", xhr: true
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(2)
end
context "with unicode usernames" do
before { SiteSetting.unicode_usernames = true }
it "should return the more_topics_url in the encoded form" do
stub_const(TopicQuery, "DEFAULT_PER_PAGE_COUNT", 1) do
user.update!(username: "快快快")
get "/topics/created-by/#{UrlHelper.encode(user.username)}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["more_topics_url"]).to eq(
"/topics/created-by/%E5%BF%AB%E5%BF%AB%E5%BF%AB?page=1",
)
end
end
end
context "when `hide_profile` is true" do
before { user.user_option.update_columns(hide_profile: true) }
it "returns 404" do
get "/topics/created-by/#{user.username}.json"
expect(response.status).to eq(404)
end
it "should respond with a list when `allow_users_to_hide_profile` is false" do
SiteSetting.allow_users_to_hide_profile = false
get "/topics/created-by/#{user.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(2)
end
end
end
describe "private_messages" do
it "returns 403 error when the user can't see private message" do
sign_in(Fabricate(:user))
get "/topics/private-messages/#{user.username}.json"
expect(response).to be_forbidden
end
it "succeeds when the user can see private messages" do
pm = Fabricate(:private_message_topic, user: Fabricate(:user))
pm.topic_allowed_users.create!(user: user)
sign_in(user)
get "/topics/private-messages/#{user.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(1)
end
it "sorts private messages by activity" do
topic_ids = []
[1.year.ago, 1.week.ago, 1.month.ago].each do |date|
pm =
Fabricate(
:private_message_topic,
user: Fabricate(:user),
created_at: date,
bumped_at: date,
)
pm.topic_allowed_users.create!(user: user)
topic_ids << pm.id
end
sign_in(user)
get "/topics/private-messages/#{user.username}.json", params: { order: "activity" }
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].pluck("id")).to eq(
[topic_ids[1], topic_ids[2], topic_ids[0]],
)
end
end
describe "private_messages_sent" do
before do
pm = Fabricate(:private_message_topic, user: user)
Fabricate(:post, user: user, topic: pm, post_number: 1)
end
it "returns 403 error when the user can't see private message" do
sign_in(Fabricate(:user))
get "/topics/private-messages-sent/#{user.username}.json"
expect(response).to be_forbidden
end
it "succeeds when the user can see private messages" do
sign_in(user)
get "/topics/private-messages-sent/#{user.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(1)
end
end
describe "#private_messages_unread" do
fab!(:pm_user) { Fabricate(:user) }
fab!(:pm) do
Fabricate(:private_message_topic).tap do |t|
t.allowed_users << pm_user
create_post(user: pm_user, topic_id: t.id)
end
end
it "returns 404 when the user can't see private message" do
sign_in(Fabricate(:user))
get "/topics/private-messages-unread/#{pm_user.username}.json"
expect(response.status).to eq(404)
end
it "succeeds when the user can see private messages" do
TopicUser.find_by(topic: pm, user: pm_user).update!(
notification_level: TopicUser.notification_levels[:tracking],
last_read_post_number: 0,
)
sign_in(pm_user)
get "/topics/private-messages-unread/#{pm_user.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(1)
expect(json["topic_list"]["topics"][0]["id"]).to eq(pm.id)
end
end
describe "#private_messages_warnings" do
fab!(:target_user) { Fabricate(:user) }
fab!(:admin)
fab!(:moderator1) { Fabricate(:moderator) }
fab!(:moderator2) { Fabricate(:moderator) }
let(:create_args) do
{
title: "you need a warning buddy!",
raw: "you did something bad and I'm telling you about it!",
is_warning: true,
target_usernames: target_user.username,
archetype: Archetype.private_message,
}
end
let(:warning_post) do
creator = PostCreator.new(moderator1, create_args)
creator.create
end
let(:warning_topic) { warning_post.topic }
before { warning_topic }
it "returns 403 error for unrelated users" do
sign_in(Fabricate(:user))
get "/topics/private-messages-warnings/#{target_user.username}.json"
expect(response.status).to eq(403)
end
it "shows the warning to moderators and admins" do
[moderator1, moderator2, admin].each do |viewer|
sign_in(viewer)
get "/topics/private-messages-warnings/#{target_user.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(1)
expect(json["topic_list"]["topics"][0]["id"]).to eq(warning_topic.id)
end
end
it "does not show the warning as applying to the authoring moderator" do
sign_in(admin)
get "/topics/private-messages-warnings/#{moderator1.username}.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json["topic_list"]["topics"].size).to eq(0)
end
end
describe "read" do
it "raises an error when not logged in" do
get "/read"
expect(response.status).to eq(404)
end
context "when logged in" do
it "succeeds" do
sign_in(user)
get "/read"
expect(response.status).to eq(200)
end
end
end
describe "best_periods_for" do
it "works" do
expect(ListController.best_periods_for(nil)).to eq([:all])
expect(ListController.best_periods_for(5.years.ago)).to eq([:all])
expect(ListController.best_periods_for(2.years.ago)).to eq(%i[yearly all])
expect(ListController.best_periods_for(6.months.ago)).to eq(%i[quarterly yearly all])
expect(ListController.best_periods_for(2.months.ago)).to eq(%i[monthly quarterly yearly all])
expect(ListController.best_periods_for(2.weeks.ago)).to eq(
%i[weekly monthly quarterly yearly all],
)
expect(ListController.best_periods_for(2.days.ago)).to eq(
%i[daily weekly monthly quarterly yearly all],
)
end
it "supports default period" do
expect(ListController.best_periods_for(nil, :yearly)).to eq(%i[yearly all])
expect(ListController.best_periods_for(nil, :quarterly)).to eq(%i[quarterly all])
expect(ListController.best_periods_for(nil, :monthly)).to eq(%i[monthly all])
expect(ListController.best_periods_for(nil, :weekly)).to eq(%i[weekly all])
expect(ListController.best_periods_for(nil, :daily)).to eq(%i[daily all])
end
end
describe "user_topics_feed" do
it "returns 404 if `hide_profile` user option is checked" do
user.user_option.update_columns(hide_profile: true)
get "/u/#{user.username}/activity/topics.rss"
expect(response.status).to eq(404)
end
end
describe "set_category" do
let(:category) { Fabricate(:category_with_definition) }
let(:subcategory) { Fabricate(:category_with_definition, parent_category_id: category.id) }
let(:subsubcategory) do
Fabricate(:category_with_definition, parent_category_id: subcategory.id)
end
before { SiteSetting.max_category_nesting = 3 }
it "redirects to URL with the updated slug" do
get "/c/hello/world/bye/#{subsubcategory.id}"
expect(response.status).to eq(301)
expect(response).to redirect_to(
"/c/#{category.slug}/#{subcategory.slug}/#{subsubcategory.slug}/#{subsubcategory.id}",
)
get "/c/#{category.slug}/#{subcategory.slug}/#{subsubcategory.slug}/#{subsubcategory.id}"
expect(response.status).to eq(200)
end
it "redirects to URL with correct case slug" do
category.update!(slug: "hello")
get "/c/Hello/#{category.id}"
expect(response).to redirect_to("/c/hello/#{category.id}")
get "/c/hello/#{category.id}"
expect(response.status).to eq(200)
end
context "with encoded slugs" do
it "does not create a redirect loop" do
category = Fabricate(:category)
category.update_columns(slug: CGI.escape("systèmes"))
get "/c/syst%C3%A8mes/#{category.id}"
expect(response.status).to eq(200)
end
end
context "with lowercase encoded slugs" do
it "does not create a redirect loop" do
category = Fabricate(:category)
category.update_columns(slug: CGI.escape("systèmes").downcase)
get "/c/syst%C3%A8mes/#{category.id}"
expect(response.status).to eq(200)
end
end
context "with subfolder" do
it "main category redirects to URL containing the updated slug" do
set_subfolder "/forum"
get "/c/#{category.slug}"
expect(response.status).to eq(301)
expect(response).to redirect_to("/forum/c/#{category.slug}/#{category.id}")
end
it "sub-sub-category redirects to URL containing the updated slug" do
set_subfolder "/forum"
get "/c/hello/world/bye/#{subsubcategory.id}"
expect(response.status).to eq(301)
expect(response).to redirect_to(
"/forum/c/#{category.slug}/#{subcategory.slug}/#{subsubcategory.slug}/#{subsubcategory.id}",
)
end
end
context "when redirect raises an unsafe redirect error" do
let(:fake_logger) { FakeLogger.new }
before do
ListController
.any_instance
.stubs(:redirect_to)
.raises(ActionController::Redirecting::UnsafeRedirectError)
Rails.logger.broadcast_to(fake_logger)
end
after { Rails.logger.stop_broadcasting_to(fake_logger) }
it "renders a 404" do
get "/c/hello/world/bye/#{subsubcategory.id}"
expect(response).to have_http_status :not_found
end
it "doesnt log an error" do
get "/c/hello/world/bye/#{subsubcategory.id}"
expect(fake_logger.fatals).to be_empty
end
end
context "when provided slug is gibberish" do
it "redirects to the proper category" do
get "/c/summit'%22()&%25%3Czzz%3E%3CScRiPt%20%3EqlJ2(9585)%3C%2FScRiPt%3E/#{category.id}"
expect(response).to have_http_status :moved_permanently
expect(response).to redirect_to("/c/#{category.slug}/#{category.id}")
end
end
end
describe "shared drafts" do
fab!(:category1) { Fabricate(:category) }
fab!(:category2) { Fabricate(:category) }
fab!(:topic1) { Fabricate(:topic, category: category1) }
fab!(:topic2) { Fabricate(:topic, category: category2) }
fab!(:shared_draft_topic) { Fabricate(:topic, category: category1) }
fab!(:shared_draft) { Fabricate(:shared_draft, topic: shared_draft_topic, category: category2) }
it "are not displayed if they are disabled" do
SiteSetting.shared_drafts_category = ""
sign_in(admin)
get "/c/#{category1.slug}/#{category1.id}.json"
expect(response.parsed_body["topic_list"]["shared_drafts"]).to eq(nil)
expect(response.parsed_body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(
topic1.id,
shared_draft_topic.id,
)
end
it "are displayed in both shared drafts category and target category" do
SiteSetting.shared_drafts_category = category1.id
sign_in(admin)
get "/c/#{category1.slug}/#{category1.id}.json"
expect(response.parsed_body["topic_list"]["shared_drafts"]).to be_nil
expect(response.parsed_body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(
topic1.id,
shared_draft_topic.id,
)
get "/c/#{category2.slug}/#{category2.id}.json"
expect(
response.parsed_body["topic_list"]["shared_drafts"].map { |t| t["id"] },
).to contain_exactly(shared_draft_topic.id)
expect(response.parsed_body["topic_list"]["topics"].map { |t| t["id"] }).to contain_exactly(
topic2.id,
)
end
end
describe "body class" do
it "pre-renders the correct body class for categories" do
c = Fabricate(:category, slug: "myparentslug")
sub_c = Fabricate(:category, parent_category: c, slug: "mychildslug")
get "/c/#{c.slug}/#{sub_c.slug}/#{sub_c.id}"
expect(response.body).to have_tag "body", with: { class: "category-myparentslug-mychildslug" }
end
end
describe "#filter" do
fab!(:category) { Fabricate(:category, slug: "category-slug") }
fab!(:tag) { Fabricate(:tag, name: "tag1") }
fab!(:group)
fab!(:private_category) { Fabricate(:private_category, group:, slug: "private-category-slug") }
fab!(:private_message_topic)
fab!(:topic_in_private_category) { Fabricate(:topic, category: private_category) }
it "should not return topics that the user is not allowed to view" do
sign_in(user)
get "/filter.json"
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
it "should not return topics that an anon user is not allowed to view" do
get "/filter.json"
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
it "returns category definition topics if `show_category_definitions_in_topic_lists` site setting is enabled" do
category_topic = Fabricate(:topic, category: category)
category.update!(topic: category_topic)
SiteSetting.show_category_definitions_in_topic_lists = true
sign_in(user)
get "/filter.json"
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id, category_topic.id)
end
it "does not return category definition topics if `show_category_definitions_in_topic_lists` site setting is disabled" do
category_topic = Fabricate(:topic, category: category)
category.update!(topic: category_topic)
SiteSetting.show_category_definitions_in_topic_lists = false
sign_in(user)
get "/filter.json"
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
it "should accept the `page` query parameter" do
topic_with_tag = Fabricate(:topic, tags: [tag])
topic2_with_tag = Fabricate(:topic, tags: [tag])
stub_const(TopicQuery, "DEFAULT_PER_PAGE_COUNT", 1) do
sign_in(user)
get "/filter.json", params: { q: "tags:tag1" }
expect(response.status).to eq(200)
parsed = response.parsed_body
expect(parsed["topic_list"]["topics"].length).to eq(1)
expect(parsed["topic_list"]["topics"].first["id"]).to eq(topic2_with_tag.id)
get "/filter.json", params: { q: "tags:tag1", page: 1 }
expect(response.status).to eq(200)
parsed = response.parsed_body
expect(parsed["topic_list"]["topics"].length).to eq(1)
expect(parsed["topic_list"]["topics"].first["id"]).to eq(topic_with_tag.id)
end
end
it "should filter with tag_group option" do
topic_with_tag = Fabricate(:topic, tags: [tag])
topic2_with_tag = Fabricate(:topic, tags: [tag])
tag_group = Fabricate(:tag_group, tags: [tag])
sign_in(user)
get "/filter.json", params: { q: "tag_group:#{tag_group.name}" }
parsed = response.parsed_body
expect(response.status).to eq(200)
expect(parsed["topic_list"]["topics"].length).to eq(2)
expect(parsed["topic_list"]["topics"].map { |topic| topic["id"] }).to contain_exactly(
topic_with_tag.id,
topic2_with_tag.id,
)
end
describe "when filtering with the `created-by:<username>` filter" do
fab!(:topic2) { Fabricate(:topic, user: admin) }
before do
topic.update!(user: user)
user.update!(username: "username")
admin.update!(username: "username2")
end
it "returns only topics created by the user when `q` query param is `created-by:username`" do
sign_in(user)
get "/filter.json", params: { q: "created-by:username" }
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
it "returns only topics created by either user when `q` query param is `created-by:username,username2`" do
sign_in(user)
get "/filter.json", params: { q: "created-by:username,username2" }
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id, topic2.id)
end
end
describe "when filtering with the `category:<category_slug>` filter" do
fab!(:topic_in_category) { Fabricate(:topic, category:) }
it "does not return any topics when `q` query param is `category:private-category-slug` and user is not allowed to see category" do
sign_in(user)
get "/filter.json", params: { q: "category:private-category-slug" }
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq([])
end
it "returns only topics in the category when `q` query param is `category:private-category-slug` and user can see category" do
group.add(user)
sign_in(user)
get "/filter.json", params: { q: "category:private-category-slug" }
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic_in_private_category.id)
end
end
describe "when filtering with the `in:<topic_notification_level>` filter" do
fab!(:user_muted_topic) do
Fabricate(:topic).tap do |topic|
TopicUser.change(
user.id,
topic.id,
notification_level: TopicUser.notification_levels[:muted],
)
end
end
fab!(:user_tracking_topic) do
Fabricate(:topic).tap do |topic|
TopicUser.change(
user.id,
topic.id,
notification_level: TopicUser.notification_levels[:tracking],
)
end
end
it "does not return topics that are muted by the user when `q` query param does not include `in:muted`" do
sign_in(user)
get "/filter.json", params: { q: "in:tracking" }
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq(
[user_tracking_topic.id],
)
end
it "only return topics that are muted by the user when `q` query param is `in:muted`" do
sign_in(user)
get "/filter.json", params: { q: "in:muted" }
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq(
[user_muted_topic.id],
)
end
end
describe "when ordering using the `order:` filter" do
fab!(:topic2) { Fabricate(:topic, views: 2) }
fab!(:topic3) { Fabricate(:topic, views: 3) }
fab!(:topic4) { Fabricate(:topic, views: 1) }
it "return topics ordered by topic bumped at date in descending order when `q` query param is not present" do
sign_in(user)
get "/filter.json"
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq(
[topic4.id, topic3.id, topic2.id, topic.id],
)
end
it "return topics ordered by views when `q` query param is `order:views`" do
sign_in(user)
get "/filter.json", params: { q: "order:views" }
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq(
[topic3.id, topic2.id, topic4.id, topic.id],
)
end
end
describe "when filtering by status" do
fab!(:group)
fab!(:private_category) { Fabricate(:private_category, group: group) }
fab!(:topic_in_private_category) { Fabricate(:topic, category: private_category) }
it "does not return topics that are unlisted when `q` query param is `status:unlisted` for a user that cannot view unlisted topics" do
Topic.update_all(deleted_at: true)
topic.update!(visible: false)
sign_in(user)
get "/filter.json", params: { q: "status:unlisted" }
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq([])
end
it "returns topics that are unlisted when `q` query param is `status:unlisted` for a user that can view unlisted topics" do
Topic.update_all(visible: true)
topic.update!(visible: false)
sign_in(admin)
get "/filter.json", params: { q: "status:unlisted" }
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
it "ignores the `status` filter for a user that cannot view deleted topics when `q` query param is `status:deleted`" do
Topic.update_all(deleted_at: nil)
topic.update!(deleted_at: Time.zone.now)
sign_in(user)
get "/filter.json", params: { q: "status:deleted" }
expect(response.status).to eq(200)
expect(response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] }).to eq([])
end
it "returns topics that are deleted when `q` query param is `status:deleted` for a user that can view deleted topics" do
Topic.update_all(deleted_at: nil)
topic.update!(deleted_at: Time.zone.now)
sign_in(admin)
get "/filter.json", params: { q: "status:deleted" }
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
it "does not return topics from read restricted categories when `q` query param is `status:public`" do
group.add(user)
sign_in(user)
get "/filter.json", params: { q: "status:public" }
expect(response.status).to eq(200)
expect(
response.parsed_body["topic_list"]["topics"].map { |topic| topic["id"] },
).to contain_exactly(topic.id)
end
end
end
describe "#new" do
def extract_topic_ids(response)
response.parsed_body["topic_list"]["topics"].map { |topics| topics["id"] }
end
context "when the user is part of the `experimental_new_new_view_groups` site setting group" do
fab!(:category)
fab!(:tag)
fab!(:new_reply) { Fabricate(:new_reply_topic, current_user: user) }
fab!(:new_topic) { Fabricate(:post).topic }
fab!(:old_topic) { Fabricate(:read_topic, current_user: user) }
fab!(:new_reply_in_category) do
Fabricate(:new_reply_topic, category: category, current_user: user)
end
fab!(:new_topic_in_category) do
Fabricate(:post, topic: Fabricate(:topic, category: category)).topic
end
fab!(:old_topic_in_category) do
Fabricate(:read_topic, category: category, current_user: user)
end
fab!(:new_reply_with_tag) { Fabricate(:new_reply_topic, tags: [tag], current_user: user) }
fab!(:new_topic_with_tag) { Fabricate(:post, topic: Fabricate(:topic, tags: [tag])).topic }
fab!(:old_topic_with_tag) { Fabricate(:read_topic, tags: [tag], current_user: user) }
before do
TopicUser.update_last_read(user, topic.id, 1, 1, 1)
SiteSetting.experimental_new_new_view_groups = group.name
group.add(user)
sign_in(user)
end
it "returns new topics and topics with new replies" do
get "/new.json"
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(
new_reply.id,
new_topic.id,
new_reply_in_category.id,
new_topic_in_category.id,
new_reply_with_tag.id,
new_topic_with_tag.id,
)
end
context "when the subset param is set to topics" do
it "returns only new topics" do
get "/new.json", params: { subset: "topics" }
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(
new_topic.id,
new_topic_in_category.id,
new_topic_with_tag.id,
)
end
end
context "when the subset param is set to replies" do
it "returns only topics with new replies" do
get "/new.json", params: { subset: "replies" }
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(
new_reply.id,
new_reply_in_category.id,
new_reply_with_tag.id,
)
end
end
context "when filtering the list to a specific category" do
it "returns new topics in that category" do
get "/c/#{category.slug}/#{category.id}/l/new.json"
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(new_topic_in_category.id, new_reply_in_category.id)
end
it "respects the subset param" do
get "/c/#{category.slug}/#{category.id}/l/new.json", params: { subset: "topics" }
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(new_topic_in_category.id)
get "/c/#{category.slug}/#{category.id}/l/new.json", params: { subset: "replies" }
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(new_reply_in_category.id)
end
end
context "when filtering the list to topics with a specific tag" do
it "returns new topics with the specified tag" do
get "/tag/#{tag.name}/l/new.json"
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(new_topic_with_tag.id, new_reply_with_tag.id)
end
it "respects the subset param" do
get "/tag/#{tag.name}/l/new.json", params: { subset: "topics" }
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(new_topic_with_tag.id)
get "/tag/#{tag.name}/l/new.json", params: { subset: "replies" }
ids = extract_topic_ids(response)
expect(ids).to contain_exactly(new_reply_with_tag.id)
end
end
end
end
end