mirror of
https://github.com/discourse/discourse.git
synced 2024-12-24 22:46:29 +08:00
6e54696003
In 806e37aaec
, I improved the conflict handling when editing a post to account for title and tags.
This fixes an edge cases when a topic has a hidden tag the current editor can't see. When they submit their edit, we automatically add the hidden tags before checking with the tags stored in the database.
Reported in https://meta.discourse.org/t/341375
447 lines
13 KiB
Ruby
447 lines
13 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe DraftsController do
|
|
fab!(:user)
|
|
|
|
describe "#index" do
|
|
it "requires you to be logged in" do
|
|
get "/drafts.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
describe "when limit params is invalid" do
|
|
before { sign_in(user) }
|
|
|
|
include_examples "invalid limit params", "/drafts.json", described_class::INDEX_LIMIT
|
|
end
|
|
|
|
it "returns correct stream length after adding a draft" do
|
|
sign_in(user)
|
|
Draft.set(user, "xxx", 0, "{}")
|
|
get "/drafts.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["drafts"].length).to eq(1)
|
|
end
|
|
|
|
it "has empty stream after deleting last draft" do
|
|
sign_in(user)
|
|
Draft.set(user, "xxx", 0, "{}")
|
|
Draft.clear(user, "xxx", 0)
|
|
get "/drafts.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["drafts"].length).to eq(0)
|
|
end
|
|
|
|
it "does not include topic details when user cannot see topic" do
|
|
topic = Fabricate(:private_message_topic)
|
|
topic_user = topic.user
|
|
other_user = Fabricate(:user)
|
|
Draft.set(topic_user, "topic_#{topic.id}", 0, "{}")
|
|
Draft.set(other_user, "topic_#{topic.id}", 0, "{}")
|
|
|
|
sign_in(topic_user)
|
|
get "/drafts.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["drafts"].first["title"]).to eq(topic.title)
|
|
|
|
sign_in(other_user)
|
|
get "/drafts.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["drafts"].first["title"]).to eq(nil)
|
|
end
|
|
|
|
it "returns categories when lazy load categories is enabled" do
|
|
SiteSetting.lazy_load_categories_groups = "#{Group::AUTO_GROUPS[:everyone]}"
|
|
category = Fabricate(:category)
|
|
topic = Fabricate(:topic, category: category)
|
|
Draft.set(topic.user, "topic_#{topic.id}", 0, "{}")
|
|
sign_in(topic.user)
|
|
|
|
get "/drafts.json"
|
|
expect(response.status).to eq(200)
|
|
draft_keys = response.parsed_body["drafts"].map { |draft| draft["draft_key"] }
|
|
expect(draft_keys).to contain_exactly("topic_#{topic.id}")
|
|
category_ids = response.parsed_body["categories"].map { |cat| cat["id"] }
|
|
expect(category_ids).to contain_exactly(category.id)
|
|
end
|
|
end
|
|
|
|
describe "#show" do
|
|
it "returns a draft if requested" do
|
|
sign_in(user)
|
|
Draft.set(user, "hello", 0, "test")
|
|
|
|
get "/drafts/hello.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["draft"]).to eq("test")
|
|
end
|
|
end
|
|
|
|
describe "#create" do
|
|
it "requires you to be logged in" do
|
|
post "/drafts.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "saves a draft" do
|
|
sign_in(user)
|
|
|
|
post "/drafts.json", params: { draft_key: "xyz", data: { my: "data" }.to_json, sequence: 0 }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Draft.get(user, "xyz", 0)).to eq(%q({"my":"data"}))
|
|
end
|
|
|
|
it "returns 404 when the key is missing" do
|
|
sign_in(Fabricate(:user))
|
|
post "/drafts.json", params: { data: { my: "data" }.to_json, sequence: 0 }
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "checks for a raw conflict on update" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user:)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "topic",
|
|
sequence: 0,
|
|
data: { postId: post.id, original_text: post.raw, action: "edit" }.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["conflict_user"]).to eq(nil)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "topic",
|
|
sequence: 0,
|
|
data: { postId: post.id, original_text: "something else", action: "edit" }.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["conflict_user"]["id"]).to eq(post.last_editor.id)
|
|
expect(response.parsed_body["conflict_user"]).to include("avatar_template")
|
|
end
|
|
|
|
it "checks for a title conflict on update" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user:)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "topic",
|
|
sequence: 0,
|
|
data: {
|
|
postId: post.id,
|
|
original_text: post.raw,
|
|
original_title: "something else",
|
|
action: "edit",
|
|
}.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["conflict_user"]["id"]).to eq(post.last_editor.id)
|
|
end
|
|
|
|
it "checks for a tag conflict on update" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user:)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "topic",
|
|
sequence: 0,
|
|
data: {
|
|
postId: post.id,
|
|
original_text: post.raw,
|
|
original_tags: %w[tag1 tag2],
|
|
action: "edit",
|
|
}.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["conflict_user"]["id"]).to eq(post.last_editor.id)
|
|
end
|
|
|
|
it "handles hidden tags when checking for tag conflict" do
|
|
sign_in(user)
|
|
|
|
regular_tag = Fabricate(:tag)
|
|
admin_only_tag_one = Fabricate(:tag)
|
|
admin_only_tag_two = Fabricate(:tag)
|
|
|
|
admin_only_tag_group = Fabricate(:tag_group)
|
|
admin_only_tag_group.tags = [admin_only_tag_one, admin_only_tag_two]
|
|
admin_only_tag_group.permissions = [
|
|
[Group::AUTO_GROUPS[:admins], TagGroupPermission.permission_types[:full]],
|
|
]
|
|
admin_only_tag_group.save!
|
|
|
|
post = Fabricate(:post, user:)
|
|
post.topic.tags = [regular_tag, admin_only_tag_one]
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "topic",
|
|
sequence: 0,
|
|
data: {
|
|
postId: post.id,
|
|
original_text: post.raw,
|
|
original_tags: [regular_tag.name],
|
|
action: "edit",
|
|
}.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["conflict_user"]).to eq(nil)
|
|
end
|
|
|
|
it "cant trivially resolve conflicts without interaction" do
|
|
sign_in(user)
|
|
|
|
DraftSequence.next!(user, "abc")
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: 0,
|
|
data: { a: "test" }.to_json,
|
|
owner: "abcdefg",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["draft_sequence"]).to eq(1)
|
|
end
|
|
|
|
it "has a clean protocol for ownership handover" do
|
|
sign_in(user)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: 0,
|
|
data: { a: "test" }.to_json,
|
|
owner: "abcdefg",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["draft_sequence"]).to eq(0)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: 0,
|
|
data: { b: "test" }.to_json,
|
|
owner: "hijklmnop",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["draft_sequence"]).to eq(1)
|
|
|
|
expect(DraftSequence.current(user, "abc")).to eq(1)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: 1,
|
|
data: { c: "test" }.to_json,
|
|
owner: "hijklmnop",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["draft_sequence"]).to eq(2)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: 2,
|
|
data: { c: "test" }.to_json,
|
|
owner: "abc",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["draft_sequence"]).to eq(3)
|
|
end
|
|
|
|
it "raises an error for out-of-sequence draft setting" do
|
|
sign_in(user)
|
|
seq = DraftSequence.next!(user, "abc")
|
|
Draft.set(user, "abc", seq, { b: "test" }.to_json)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: seq - 1,
|
|
data: { a: "test" }.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(409)
|
|
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "abc",
|
|
sequence: seq + 1,
|
|
data: { a: "test" }.to_json,
|
|
}
|
|
|
|
expect(response.status).to eq(409)
|
|
end
|
|
|
|
context "when data is too big" do
|
|
let(:user) { Fabricate(:user) }
|
|
let(:data) { "a" * (SiteSetting.max_draft_length + 1) }
|
|
|
|
before do
|
|
SiteSetting.max_draft_length = 500
|
|
sign_in(user)
|
|
end
|
|
|
|
it "returns an error" do
|
|
post "/drafts.json",
|
|
params: {
|
|
draft_key: "xyz",
|
|
data: { reply: data }.to_json,
|
|
sequence: 0,
|
|
}
|
|
expect(response).to have_http_status :bad_request
|
|
end
|
|
end
|
|
|
|
context "when data is not too big" do
|
|
context "when data is not proper JSON" do
|
|
let(:user) { Fabricate(:user) }
|
|
let(:data) { "not-proper-json" }
|
|
|
|
before { sign_in(user) }
|
|
|
|
it "returns an error" do
|
|
post "/drafts.json", params: { draft_key: "xyz", data: data, sequence: 0 }
|
|
expect(response).to have_http_status :bad_request
|
|
end
|
|
end
|
|
end
|
|
|
|
it "returns 403 when the maximum amount of drafts per users is reached" do
|
|
SiteSetting.max_drafts_per_user = 2
|
|
|
|
user1 = Fabricate(:user)
|
|
sign_in(user1)
|
|
|
|
data = { my: "data" }.to_json
|
|
|
|
# creating the first draft should work
|
|
post "/drafts.json", params: { draft_key: "TOPIC_1", data: data }
|
|
expect(response.status).to eq(200)
|
|
|
|
# same draft key, so shouldn't count against the limit
|
|
post "/drafts.json", params: { draft_key: "TOPIC_1", data: data, sequence: 0 }
|
|
expect(response.status).to eq(200)
|
|
|
|
# different draft key, so should count against the limit
|
|
post "/drafts.json", params: { draft_key: "TOPIC_2", data: data }
|
|
expect(response.status).to eq(200)
|
|
|
|
# limit should be reached now
|
|
post "/drafts.json", params: { draft_key: "TOPIC_3", data: data }
|
|
expect(response.status).to eq(403)
|
|
|
|
# updating existing draft should still work
|
|
post "/drafts.json", params: { draft_key: "TOPIC_1", data: data, sequence: 1 }
|
|
expect(response.status).to eq(200)
|
|
|
|
# creating a new draft as a different user should still work
|
|
user2 = Fabricate(:user)
|
|
sign_in(user2)
|
|
post "/drafts.json", params: { draft_key: "TOPIC_3", data: data }
|
|
expect(response.status).to eq(200)
|
|
|
|
# check the draft counts just to be safe
|
|
expect(Draft.where(user_id: user1.id).count).to eq(2)
|
|
expect(Draft.where(user_id: user2.id).count).to eq(1)
|
|
end
|
|
end
|
|
|
|
describe "#destroy" do
|
|
it "destroys drafts when required" do
|
|
sign_in(user)
|
|
Draft.set(user, "xxx", 0, "hi")
|
|
delete "/drafts/xxx.json", params: { sequence: 0 }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Draft.get(user, "xxx", 0)).to eq(nil)
|
|
end
|
|
|
|
it "denies attempts to destroy unowned draft" do
|
|
sign_in(Fabricate(:admin))
|
|
user = Fabricate(:user)
|
|
Draft.set(user, "xxx", 0, "hi")
|
|
delete "/drafts/xxx.json", params: { sequence: 0, username: user.username }
|
|
|
|
# Draft is not deleted because request is not via API
|
|
expect(Draft.get(user, "xxx", 0)).to be_present
|
|
end
|
|
|
|
shared_examples "for a passed user" do
|
|
it "deletes draft" do
|
|
api_key = Fabricate(:api_key).key
|
|
Draft.set(recipient, "xxx", 0, "hi")
|
|
|
|
delete "/drafts/xxx.json",
|
|
params: {
|
|
sequence: 0,
|
|
username: recipient.username,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: caller.username,
|
|
HTTP_API_KEY: api_key,
|
|
}
|
|
|
|
expect(response.status).to eq(response_code)
|
|
|
|
if draft_deleted
|
|
expect(Draft.get(recipient, "xxx", 0)).to eq(nil)
|
|
else
|
|
expect(Draft.get(recipient, "xxx", 0)).to be_present
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "api called by admin" do
|
|
include_examples "for a passed user" do
|
|
let(:caller) { Fabricate(:admin) }
|
|
let(:recipient) { Fabricate(:user) }
|
|
let(:response_code) { 200 }
|
|
let(:draft_deleted) { true }
|
|
end
|
|
end
|
|
|
|
describe "api called by tl4 user" do
|
|
include_examples "for a passed user" do
|
|
let(:caller) { Fabricate(:trust_level_4) }
|
|
let(:recipient) { Fabricate(:user) }
|
|
let(:response_code) { 403 }
|
|
let(:draft_deleted) { false }
|
|
end
|
|
end
|
|
|
|
describe "api called by regular user" do
|
|
include_examples "for a passed user" do
|
|
let(:caller) { Fabricate(:user) }
|
|
let(:recipient) { Fabricate(:user) }
|
|
let(:response_code) { 403 }
|
|
let(:draft_deleted) { false }
|
|
end
|
|
end
|
|
|
|
describe "api called by admin for another admin" do
|
|
include_examples "for a passed user" do
|
|
let(:caller) { Fabricate(:admin) }
|
|
let(:recipient) { Fabricate(:admin) }
|
|
let(:response_code) { 200 }
|
|
let(:draft_deleted) { true }
|
|
end
|
|
end
|
|
end
|
|
end
|