mirror of
https://github.com/discourse/discourse.git
synced 2024-12-16 17:03:48 +08:00
46b34e3c62
Users can no longer opt-in for "public" edit history if site owner disables it. This feature adds cost and complexity to post rendering since user options need to be premeptively loaded for every user in the stream. It is also confusing to explain to communities with private edit history.
2267 lines
76 KiB
Ruby
2267 lines
76 KiB
Ruby
require 'rails_helper'
|
|
require 'guardian'
|
|
require_dependency 'post_destroyer'
|
|
|
|
describe Guardian do
|
|
|
|
let(:user) { build(:user) }
|
|
let(:moderator) { build(:moderator) }
|
|
let(:admin) { build(:admin) }
|
|
let(:trust_level_2) { build(:user, trust_level: 2) }
|
|
let(:trust_level_3) { build(:user, trust_level: 3) }
|
|
let(:trust_level_4) { build(:user, trust_level: 4) }
|
|
let(:another_admin) { build(:admin) }
|
|
let(:coding_horror) { build(:coding_horror) }
|
|
|
|
let(:topic) { build(:topic, user: user) }
|
|
let(:post) { build(:post, topic: topic, user: topic.user) }
|
|
|
|
it 'can be created without a user (not logged in)' do
|
|
expect { Guardian.new }.not_to raise_error
|
|
end
|
|
|
|
it 'can be instantiated with a user instance' do
|
|
expect { Guardian.new(user) }.not_to raise_error
|
|
end
|
|
|
|
describe 'post_can_act?' do
|
|
let(:post) { build(:post) }
|
|
let(:user) { build(:user) }
|
|
|
|
it "returns false when the user is nil" do
|
|
expect(Guardian.new(nil).post_can_act?(post, :like)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the post is nil" do
|
|
expect(Guardian.new(user).post_can_act?(nil, :like)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the topic is archived" do
|
|
post.topic.archived = true
|
|
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the post is deleted" do
|
|
post.deleted_at = Time.now
|
|
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
|
|
end
|
|
|
|
it "always allows flagging" do
|
|
post.topic.archived = true
|
|
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
|
|
end
|
|
|
|
it "returns false when liking yourself" do
|
|
expect(Guardian.new(post.user).post_can_act?(post, :like)).to be_falsey
|
|
end
|
|
|
|
it "returns false when you've already done it" do
|
|
expect(Guardian.new(user).post_can_act?(post, :like, taken_actions: {PostActionType.types[:like] => 1})).to be_falsey
|
|
end
|
|
|
|
it "returns false when you already flagged a post" do
|
|
expect(Guardian.new(user).post_can_act?(post, :off_topic, taken_actions: {PostActionType.types[:spam] => 1})).to be_falsey
|
|
end
|
|
|
|
it "returns false for notify_user if private messages are disabled" do
|
|
SiteSetting.enable_private_messages = false
|
|
user.trust_level = TrustLevel[2]
|
|
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey
|
|
expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_falsey
|
|
end
|
|
|
|
it "returns false for notify_user if private messages are enabled but threshold not met" do
|
|
SiteSetting.enable_private_messages = true
|
|
SiteSetting.min_trust_to_send_messages = 2
|
|
user.trust_level = TrustLevel[1]
|
|
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey
|
|
expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_truthy
|
|
end
|
|
|
|
describe "trust levels" do
|
|
it "returns true for a new user liking something" do
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).post_can_act?(post, :like)).to be_truthy
|
|
end
|
|
|
|
it "returns false for a new user flagging a standard post as spam" do
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_falsey
|
|
end
|
|
|
|
it "returns true for a new user flagging a private message as spam" do
|
|
post.topic.archetype = Archetype.private_message
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
|
|
end
|
|
|
|
it "returns false for a new user flagging something as off topic" do
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).post_can_act?(post, :off_topic)).to be_falsey
|
|
end
|
|
|
|
it "returns false for a new user flagging with notify_user" do
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey # because new users can't send private messages
|
|
end
|
|
end
|
|
end
|
|
|
|
|
|
describe "can_defer_flags" do
|
|
let(:post) { Fabricate(:post) }
|
|
let(:user) { post.user }
|
|
let(:moderator) { Fabricate(:moderator) }
|
|
|
|
it "returns false when the user is nil" do
|
|
expect(Guardian.new(nil).can_defer_flags?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the post is nil" do
|
|
expect(Guardian.new(moderator).can_defer_flags?(nil)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the user is not a moderator" do
|
|
expect(Guardian.new(user).can_defer_flags?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns true when the user is a moderator" do
|
|
expect(Guardian.new(moderator).can_defer_flags?(post)).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
describe 'can_send_private_message' do
|
|
let(:user) { Fabricate(:user) }
|
|
let(:another_user) { Fabricate(:user) }
|
|
let(:suspended_user) { Fabricate(:user, suspended_till: 1.week.from_now, suspended_at: 1.day.ago) }
|
|
|
|
it "returns false when the user is nil" do
|
|
expect(Guardian.new(nil).can_send_private_message?(user)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the target user is nil" do
|
|
expect(Guardian.new(user).can_send_private_message?(nil)).to be_falsey
|
|
end
|
|
|
|
it "returns true when the target is the same as the user" do
|
|
# this is now allowed so yay
|
|
expect(Guardian.new(user).can_send_private_message?(user)).to be_truthy
|
|
end
|
|
|
|
it "returns false when you are untrusted" do
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
|
|
end
|
|
|
|
it "returns true to another user" do
|
|
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy
|
|
end
|
|
|
|
it "disallows pms to other users if trust level is not met" do
|
|
SiteSetting.min_trust_to_send_messages = TrustLevel[2]
|
|
user.trust_level = TrustLevel[1]
|
|
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
|
|
end
|
|
|
|
context "enable_private_messages is false" do
|
|
before { SiteSetting.enable_private_messages = false }
|
|
|
|
it "returns false if user is not the contact user" do
|
|
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
|
|
end
|
|
|
|
it "returns true for the contact user and system user" do
|
|
SiteSetting.site_contact_username = user.username
|
|
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy
|
|
expect(Guardian.new(Discourse.system_user).can_send_private_message?(another_user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context "target user is suspended" do
|
|
it "returns true for staff" do
|
|
expect(Guardian.new(admin).can_send_private_message?(suspended_user)).to be_truthy
|
|
expect(Guardian.new(moderator).can_send_private_message?(suspended_user)).to be_truthy
|
|
end
|
|
|
|
it "returns false for regular users" do
|
|
expect(Guardian.new(user).can_send_private_message?(suspended_user)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context "author is blocked" do
|
|
before do
|
|
user.blocked = true
|
|
user.save
|
|
end
|
|
|
|
it "returns true if target is staff" do
|
|
expect(Guardian.new(user).can_send_private_message?(admin)).to be_truthy
|
|
expect(Guardian.new(user).can_send_private_message?(moderator)).to be_truthy
|
|
end
|
|
|
|
it "returns false if target is not staff" do
|
|
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
|
|
end
|
|
|
|
it "returns true if target is a staff group" do
|
|
Group::STAFF_GROUPS.each do |name|
|
|
g = Group[name]
|
|
g.alias_level = Group::ALIAS_LEVELS[:everyone]
|
|
expect(Guardian.new(user).can_send_private_message?(g)).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'can_reply_as_new_topic' do
|
|
let(:user) { Fabricate(:user) }
|
|
let(:topic) { Fabricate(:topic) }
|
|
|
|
it "returns false for a non logged in user" do
|
|
expect(Guardian.new(nil).can_reply_as_new_topic?(topic)).to be_falsey
|
|
end
|
|
|
|
it "returns false for a nil topic" do
|
|
expect(Guardian.new(user).can_reply_as_new_topic?(nil)).to be_falsey
|
|
end
|
|
|
|
it "returns false for an untrusted user" do
|
|
user.trust_level = TrustLevel[0]
|
|
expect(Guardian.new(user).can_reply_as_new_topic?(topic)).to be_falsey
|
|
end
|
|
|
|
it "returns true for a trusted user" do
|
|
expect(Guardian.new(user).can_reply_as_new_topic?(topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'can_see_post_actors?' do
|
|
|
|
let(:topic) { Fabricate(:topic, user: coding_horror)}
|
|
|
|
it 'displays visibility correctly' do
|
|
guardian = Guardian.new(user)
|
|
expect(guardian.can_see_post_actors?(nil, PostActionType.types[:like])).to be_falsey
|
|
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:like])).to be_truthy
|
|
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:bookmark])).to be_falsey
|
|
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:off_topic])).to be_falsey
|
|
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:spam])).to be_falsey
|
|
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:vote])).to be_truthy
|
|
end
|
|
|
|
it 'returns false for private votes' do
|
|
topic.expects(:has_meta_data_boolean?).with(:private_poll).returns(true)
|
|
expect(Guardian.new(user).can_see_post_actors?(topic, PostActionType.types[:vote])).to be_falsey
|
|
end
|
|
|
|
end
|
|
|
|
describe 'can_impersonate?' do
|
|
it 'allows impersonation correctly' do
|
|
expect(Guardian.new(admin).can_impersonate?(nil)).to be_falsey
|
|
expect(Guardian.new.can_impersonate?(user)).to be_falsey
|
|
expect(Guardian.new(coding_horror).can_impersonate?(user)).to be_falsey
|
|
expect(Guardian.new(admin).can_impersonate?(admin)).to be_falsey
|
|
expect(Guardian.new(admin).can_impersonate?(another_admin)).to be_falsey
|
|
expect(Guardian.new(admin).can_impersonate?(user)).to be_truthy
|
|
expect(Guardian.new(admin).can_impersonate?(moderator)).to be_truthy
|
|
|
|
Rails.configuration.stubs(:developer_emails).returns([admin.email])
|
|
expect(Guardian.new(admin).can_impersonate?(another_admin)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'can_invite_to_forum?' do
|
|
let(:user) { Fabricate.build(:user) }
|
|
let(:moderator) { Fabricate.build(:moderator) }
|
|
|
|
it "doesn't allow anonymous users to invite" do
|
|
expect(Guardian.new.can_invite_to_forum?).to be_falsey
|
|
end
|
|
|
|
it 'returns true when the site requires approving users and is mod' do
|
|
SiteSetting.expects(:must_approve_users?).returns(true)
|
|
expect(Guardian.new(moderator).can_invite_to_forum?).to be_truthy
|
|
end
|
|
|
|
it 'returns false when max_invites_per_day is 0' do
|
|
# let's also break it while here
|
|
SiteSetting.max_invites_per_day = "a"
|
|
|
|
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
|
|
# staff should be immune to max_invites_per_day setting
|
|
expect(Guardian.new(moderator).can_invite_to_forum?).to be_truthy
|
|
end
|
|
|
|
it 'returns false when the site requires approving users and is regular' do
|
|
SiteSetting.expects(:must_approve_users?).returns(true)
|
|
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
|
|
end
|
|
|
|
it 'returns false when the local logins are disabled' do
|
|
SiteSetting.stubs(:enable_local_logins).returns(false)
|
|
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
|
|
expect(Guardian.new(moderator).can_invite_to_forum?).to be_falsey
|
|
end
|
|
|
|
end
|
|
|
|
describe 'can_invite_to?' do
|
|
let(:group) { Fabricate(:group) }
|
|
let(:category) { Fabricate(:category, read_restricted: true) }
|
|
let(:topic) { Fabricate(:topic) }
|
|
let(:private_topic) { Fabricate(:topic, category: category) }
|
|
let(:user) { topic.user }
|
|
let(:moderator) { Fabricate(:moderator) }
|
|
let(:admin) { Fabricate(:admin) }
|
|
let(:private_category) { Fabricate(:private_category, group: group) }
|
|
let(:group_private_topic) { Fabricate(:topic, category: private_category) }
|
|
let(:group_owner) { group_private_topic.user.tap { |u| group.add_owner(u) } }
|
|
|
|
it 'handles invitation correctly' do
|
|
expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey
|
|
expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey
|
|
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
|
|
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
|
|
|
|
SiteSetting.max_invites_per_day = 0
|
|
|
|
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
|
|
# staff should be immune to max_invites_per_day setting
|
|
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when the site requires approving users and is mod' do
|
|
SiteSetting.expects(:must_approve_users?).returns(true)
|
|
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns false when the site requires approving users and is regular' do
|
|
SiteSetting.expects(:must_approve_users?).returns(true)
|
|
expect(Guardian.new(coding_horror).can_invite_to?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns false for normal user on private topic' do
|
|
expect(Guardian.new(user).can_invite_to?(private_topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns true for admin on private topic' do
|
|
expect(Guardian.new(admin).can_invite_to?(private_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true for a group owner' do
|
|
expect(Guardian.new(group_owner).can_invite_to?(group_private_topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'can_see?' do
|
|
|
|
it 'returns false with a nil object' do
|
|
expect(Guardian.new.can_see?(nil)).to be_falsey
|
|
end
|
|
|
|
describe 'a Group' do
|
|
let(:group) { Group.new }
|
|
let(:invisible_group) { Group.new(visible: false, name: 'invisible') }
|
|
|
|
it "returns true when the group is visible" do
|
|
expect(Guardian.new.can_see?(group)).to be_truthy
|
|
end
|
|
|
|
it "returns true when the group is invisible but the user is an admin" do
|
|
admin = Fabricate.build(:admin)
|
|
expect(Guardian.new(admin).can_see?(invisible_group)).to be_truthy
|
|
end
|
|
|
|
it "returns true when the group is invisible but the user is a member" do
|
|
invisible_group.save!
|
|
member = Fabricate.build(:user)
|
|
GroupUser.create(group: invisible_group, user: member)
|
|
expect(Guardian.new(member).can_see?(invisible_group)).to be_truthy
|
|
end
|
|
|
|
it "returns false when the group is invisible" do
|
|
expect(Guardian.new.can_see?(invisible_group)).to be_falsey
|
|
end
|
|
end
|
|
|
|
describe 'a Category' do
|
|
|
|
it 'allows public categories' do
|
|
public_category = build(:category, read_restricted: false)
|
|
expect(Guardian.new.can_see?(public_category)).to be_truthy
|
|
end
|
|
|
|
it 'correctly handles secure categories' do
|
|
normal_user = build(:user)
|
|
staged_user = build(:user, staged: true)
|
|
admin_user = build(:user, admin: true)
|
|
|
|
secure_category = build(:category, read_restricted: true)
|
|
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
|
|
|
|
secure_category = build(:category, read_restricted: true, email_in: "foo@bar.com")
|
|
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
|
|
|
|
secure_category = build(:category, read_restricted: true, email_in_allow_strangers: true)
|
|
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
|
|
|
|
secure_category = build(:category, read_restricted: true, email_in: "foo@bar.com", email_in_allow_strangers: true)
|
|
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
|
|
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_truthy
|
|
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
|
|
end
|
|
|
|
it 'allows members of an authorized group' do
|
|
user = Fabricate(:user)
|
|
group = Fabricate(:group)
|
|
|
|
secure_category = Fabricate(:category)
|
|
secure_category.set_permissions(group => :readonly)
|
|
secure_category.save
|
|
|
|
expect(Guardian.new(user).can_see?(secure_category)).to be_falsey
|
|
|
|
group.add(user)
|
|
group.save
|
|
|
|
expect(Guardian.new(user).can_see?(secure_category)).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
describe 'a Topic' do
|
|
it 'allows non logged in users to view topics' do
|
|
expect(Guardian.new.can_see?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'correctly handles groups' do
|
|
group = Fabricate(:group)
|
|
category = Fabricate(:category, read_restricted: true)
|
|
category.set_permissions(group => :full)
|
|
category.save
|
|
|
|
topic = Fabricate(:topic, category: category)
|
|
|
|
expect(Guardian.new(user).can_see?(topic)).to be_falsey
|
|
group.add(user)
|
|
group.save
|
|
|
|
expect(Guardian.new(user).can_see?(topic)).to be_truthy
|
|
end
|
|
|
|
it "restricts deleted topics" do
|
|
topic = Fabricate(:topic)
|
|
topic.trash!(moderator)
|
|
|
|
expect(Guardian.new(build(:user)).can_see?(topic)).to be_falsey
|
|
expect(Guardian.new(moderator).can_see?(topic)).to be_truthy
|
|
expect(Guardian.new(admin).can_see?(topic)).to be_truthy
|
|
end
|
|
|
|
it "restricts private topics" do
|
|
user.save!
|
|
private_topic = Fabricate(:private_message_topic, user: user)
|
|
expect(Guardian.new(private_topic.user).can_see?(private_topic)).to be_truthy
|
|
expect(Guardian.new(build(:user)).can_see?(private_topic)).to be_falsey
|
|
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
|
|
expect(Guardian.new(admin).can_see?(private_topic)).to be_truthy
|
|
end
|
|
|
|
it "restricts private deleted topics" do
|
|
user.save!
|
|
private_topic = Fabricate(:private_message_topic, user: user)
|
|
private_topic.trash!(admin)
|
|
|
|
expect(Guardian.new(private_topic.user).can_see?(private_topic)).to be_falsey
|
|
expect(Guardian.new(build(:user)).can_see?(private_topic)).to be_falsey
|
|
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
|
|
expect(Guardian.new(admin).can_see?(private_topic)).to be_truthy
|
|
end
|
|
|
|
it "restricts static doc topics" do
|
|
tos_topic = Fabricate(:topic, user: Discourse.system_user)
|
|
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
|
|
|
|
expect(Guardian.new(build(:user)).can_edit?(tos_topic)).to be_falsey
|
|
expect(Guardian.new(moderator).can_edit?(tos_topic)).to be_falsey
|
|
expect(Guardian.new(admin).can_edit?(tos_topic)).to be_truthy
|
|
end
|
|
|
|
it "allows moderators to see a flagged private message" do
|
|
moderator.save!
|
|
user.save!
|
|
|
|
private_topic = Fabricate(:private_message_topic, user: user)
|
|
first_post = Fabricate(:post, topic: private_topic, user: user)
|
|
|
|
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
|
|
|
|
PostAction.act(user, first_post, PostActionType.types[:off_topic])
|
|
expect(Guardian.new(moderator).can_see?(private_topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'a Post' do
|
|
let(:another_admin) { Fabricate(:admin) }
|
|
it 'correctly handles post visibility' do
|
|
post = Fabricate(:post)
|
|
topic = post.topic
|
|
|
|
expect(Guardian.new(user).can_see?(post)).to be_truthy
|
|
|
|
post.trash!(another_admin)
|
|
post.reload
|
|
expect(Guardian.new(user).can_see?(post)).to be_falsey
|
|
expect(Guardian.new(admin).can_see?(post)).to be_truthy
|
|
|
|
post.recover!
|
|
post.reload
|
|
topic.trash!(another_admin)
|
|
topic.reload
|
|
expect(Guardian.new(user).can_see?(post)).to be_falsey
|
|
expect(Guardian.new(admin).can_see?(post)).to be_truthy
|
|
end
|
|
|
|
it 'respects whispers' do
|
|
regular_post = Fabricate.build(:post)
|
|
whisper_post = Fabricate.build(:post, post_type: Post.types[:whisper])
|
|
|
|
anon_guardian = Guardian.new
|
|
expect(anon_guardian.can_see?(regular_post)).to eq(true)
|
|
expect(anon_guardian.can_see?(whisper_post)).to eq(false)
|
|
|
|
regular_user = Fabricate.build(:user)
|
|
regular_guardian = Guardian.new(regular_user)
|
|
expect(regular_guardian.can_see?(regular_post)).to eq(true)
|
|
expect(regular_guardian.can_see?(whisper_post)).to eq(false)
|
|
|
|
# can see your own whispers
|
|
regular_whisper = Fabricate.build(:post, post_type: Post.types[:whisper], user: regular_user)
|
|
expect(regular_guardian.can_see?(regular_whisper)).to eq(true)
|
|
|
|
mod_guardian = Guardian.new(Fabricate.build(:moderator))
|
|
expect(mod_guardian.can_see?(regular_post)).to eq(true)
|
|
expect(mod_guardian.can_see?(whisper_post)).to eq(true)
|
|
|
|
admin_guardian = Guardian.new(Fabricate.build(:admin))
|
|
expect(admin_guardian.can_see?(regular_post)).to eq(true)
|
|
expect(admin_guardian.can_see?(whisper_post)).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe 'a PostRevision' do
|
|
let(:post_revision) { Fabricate(:post_revision) }
|
|
|
|
context 'edit_history_visible_to_public is true' do
|
|
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(true) }
|
|
|
|
it 'is false for nil' do
|
|
expect(Guardian.new.can_see?(nil)).to be_falsey
|
|
end
|
|
|
|
it 'is true if not logged in' do
|
|
expect(Guardian.new.can_see?(post_revision)).to be_truthy
|
|
end
|
|
|
|
it 'is true when logged in' do
|
|
expect(Guardian.new(Fabricate(:user)).can_see?(post_revision)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'edit_history_visible_to_public is false' do
|
|
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(false) }
|
|
|
|
it 'is true for staff' do
|
|
expect(Guardian.new(Fabricate(:admin)).can_see?(post_revision)).to be_truthy
|
|
expect(Guardian.new(Fabricate(:moderator)).can_see?(post_revision)).to be_truthy
|
|
end
|
|
|
|
it 'is true for trust level 4' do
|
|
expect(Guardian.new(trust_level_4).can_see?(post_revision)).to be_truthy
|
|
end
|
|
|
|
it 'is false for trust level lower than 4' do
|
|
expect(Guardian.new(trust_level_3).can_see?(post_revision)).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'can_create?' do
|
|
|
|
describe 'a Category' do
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_create?(Category)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when a regular user' do
|
|
expect(Guardian.new(user).can_create?(Category)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when a moderator' do
|
|
expect(Guardian.new(moderator).can_create?(Category)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_create?(Category)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'a Topic' do
|
|
it 'does not allow moderators to create topics in readonly categories' do
|
|
category = Fabricate(:category)
|
|
category.set_permissions(:everyone => :read)
|
|
category.save
|
|
|
|
expect(Guardian.new(moderator).can_create?(Topic,category)).to be_falsey
|
|
end
|
|
|
|
it 'should check for full permissions' do
|
|
category = Fabricate(:category)
|
|
category.set_permissions(:everyone => :create_post)
|
|
category.save
|
|
expect(Guardian.new(user).can_create?(Topic,category)).to be_falsey
|
|
end
|
|
|
|
it "is true for new users by default" do
|
|
expect(Guardian.new(user).can_create?(Topic,Fabricate(:category))).to be_truthy
|
|
end
|
|
|
|
it "is false if user has not met minimum trust level" do
|
|
SiteSetting.stubs(:min_trust_to_create_topic).returns(1)
|
|
expect(Guardian.new(build(:user, trust_level: 0)).can_create?(Topic,Fabricate(:category))).to be_falsey
|
|
end
|
|
|
|
it "is true if user has met or exceeded the minimum trust level" do
|
|
SiteSetting.stubs(:min_trust_to_create_topic).returns(1)
|
|
expect(Guardian.new(build(:user, trust_level: 1)).can_create?(Topic,Fabricate(:category))).to be_truthy
|
|
expect(Guardian.new(build(:user, trust_level: 2)).can_create?(Topic,Fabricate(:category))).to be_truthy
|
|
expect(Guardian.new(build(:admin, trust_level: 0)).can_create?(Topic,Fabricate(:category))).to be_truthy
|
|
expect(Guardian.new(build(:moderator, trust_level: 0)).can_create?(Topic,Fabricate(:category))).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'a Post' do
|
|
|
|
it "is false on readonly categories" do
|
|
category = Fabricate(:category)
|
|
topic.category = category
|
|
category.set_permissions(:everyone => :readonly)
|
|
category.save
|
|
|
|
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
|
|
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
it "is false when not logged in" do
|
|
expect(Guardian.new.can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
it 'is true for a regular user' do
|
|
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_truthy
|
|
end
|
|
|
|
it "is false when you can't see the topic" do
|
|
Guardian.any_instance.expects(:can_see?).with(topic).returns(false)
|
|
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
context 'closed topic' do
|
|
before do
|
|
topic.closed = true
|
|
end
|
|
|
|
it "doesn't allow new posts from regular users" do
|
|
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
it 'allows editing of posts' do
|
|
expect(Guardian.new(topic.user).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it "allows new posts from moderators" do
|
|
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_truthy
|
|
end
|
|
|
|
it "allows new posts from admins" do
|
|
expect(Guardian.new(admin).can_create?(Post, topic)).to be_truthy
|
|
end
|
|
|
|
it "allows new posts from trust_level_4s" do
|
|
expect(Guardian.new(trust_level_4).can_create?(Post, topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'archived topic' do
|
|
before do
|
|
topic.archived = true
|
|
end
|
|
|
|
context 'regular users' do
|
|
it "doesn't allow new posts from regular users" do
|
|
expect(Guardian.new(coding_horror).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
it 'does not allow editing of posts' do
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
|
|
end
|
|
end
|
|
|
|
it "allows new posts from moderators" do
|
|
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_truthy
|
|
end
|
|
|
|
it "allows new posts from admins" do
|
|
expect(Guardian.new(admin).can_create?(Post, topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context "trashed topic" do
|
|
before do
|
|
topic.deleted_at = Time.now
|
|
end
|
|
|
|
it "doesn't allow new posts from regular users" do
|
|
expect(Guardian.new(coding_horror).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
it "doesn't allow new posts from moderators users" do
|
|
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
|
|
it "doesn't allow new posts from admins" do
|
|
expect(Guardian.new(admin).can_create?(Post, topic)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context "private message" do
|
|
let(:private_message) { Fabricate(:topic, archetype: Archetype.private_message, category_id: nil) }
|
|
|
|
before { user.save! }
|
|
|
|
it "allows new posts by people included in the pm" do
|
|
private_message.topic_allowed_users.create!(user_id: user.id)
|
|
expect(Guardian.new(user).can_create?(Post, private_message)).to be_truthy
|
|
end
|
|
|
|
it "doesn't allow new posts by people not invited to the pm" do
|
|
expect(Guardian.new(user).can_create?(Post, private_message)).to be_falsey
|
|
end
|
|
|
|
it "allows new posts from blocked users included in the pm" do
|
|
user.update_attribute(:blocked, true)
|
|
private_message.topic_allowed_users.create!(user_id: user.id)
|
|
expect(Guardian.new(user).can_create?(Post, private_message)).to be_truthy
|
|
end
|
|
|
|
it "doesn't allow new posts from blocked users not invited to the pm" do
|
|
user.update_attribute(:blocked, true)
|
|
expect(Guardian.new(user).can_create?(Post, private_message)).to be_falsey
|
|
end
|
|
end
|
|
end # can_create? a Post
|
|
|
|
end
|
|
|
|
describe 'post_can_act?' do
|
|
|
|
it "isn't allowed on nil" do
|
|
expect(Guardian.new(user).post_can_act?(nil, nil)).to be_falsey
|
|
end
|
|
|
|
describe 'a Post' do
|
|
|
|
let (:guardian) do
|
|
Guardian.new(user)
|
|
end
|
|
|
|
|
|
it "isn't allowed when not logged in" do
|
|
expect(Guardian.new(nil).post_can_act?(post,:vote)).to be_falsey
|
|
end
|
|
|
|
it "is allowed as a regular user" do
|
|
expect(guardian.post_can_act?(post,:vote)).to be_truthy
|
|
end
|
|
|
|
it "doesn't allow voting if the user has an action from voting already" do
|
|
expect(guardian.post_can_act?(post,:vote,taken_actions: {PostActionType.types[:vote] => 1})).to be_falsey
|
|
end
|
|
|
|
it "allows voting if the user has performed a different action" do
|
|
expect(guardian.post_can_act?(post,:vote,taken_actions: {PostActionType.types[:like] => 1})).to be_truthy
|
|
end
|
|
|
|
it "isn't allowed on archived topics" do
|
|
topic.archived = true
|
|
expect(Guardian.new(user).post_can_act?(post,:like)).to be_falsey
|
|
end
|
|
|
|
|
|
describe 'multiple voting' do
|
|
|
|
it "isn't allowed if the user voted and the topic doesn't allow multiple votes" do
|
|
Topic.any_instance.expects(:has_meta_data_boolean?).with(:single_vote).returns(true)
|
|
expect(Guardian.new(user).can_vote?(post, voted_in_topic: true)).to be_falsey
|
|
end
|
|
|
|
it "is allowed if the user voted and the topic doesn't allow multiple votes" do
|
|
expect(Guardian.new(user).can_vote?(post, voted_in_topic: false)).to be_truthy
|
|
end
|
|
end
|
|
|
|
end
|
|
end
|
|
|
|
describe "can_recover_topic?" do
|
|
|
|
it "returns false for a nil user" do
|
|
expect(Guardian.new(nil).can_recover_topic?(topic)).to be_falsey
|
|
end
|
|
|
|
it "returns false for a nil object" do
|
|
expect(Guardian.new(user).can_recover_topic?(nil)).to be_falsey
|
|
end
|
|
|
|
it "returns false for a regular user" do
|
|
expect(Guardian.new(user).can_recover_topic?(topic)).to be_falsey
|
|
end
|
|
|
|
it "returns true for a moderator" do
|
|
expect(Guardian.new(moderator).can_recover_topic?(topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe "can_recover_post?" do
|
|
|
|
it "returns false for a nil user" do
|
|
expect(Guardian.new(nil).can_recover_post?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns false for a nil object" do
|
|
expect(Guardian.new(user).can_recover_post?(nil)).to be_falsey
|
|
end
|
|
|
|
it "returns false for a regular user" do
|
|
expect(Guardian.new(user).can_recover_post?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns true for a moderator" do
|
|
expect(Guardian.new(moderator).can_recover_post?(post)).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
context 'can_convert_topic?' do
|
|
it 'returns false with a nil object' do
|
|
expect(Guardian.new(user).can_convert_topic?(nil)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_convert_topic?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not staff' do
|
|
expect(Guardian.new(trust_level_4).can_convert_topic?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when a moderator' do
|
|
expect(Guardian.new(moderator).can_convert_topic?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_convert_topic?(topic)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'can_edit?' do
|
|
|
|
it 'returns false with a nil object' do
|
|
expect(Guardian.new(user).can_edit?(nil)).to be_falsey
|
|
end
|
|
|
|
describe 'a Post' do
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not logged in also for wiki post' do
|
|
post.wiki = true
|
|
expect(Guardian.new.can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true if you want to edit your own post' do
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it "returns false if the post is hidden due to flagging and it's too soon" do
|
|
post.hidden = true
|
|
post.hidden_at = Time.now
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns true if the post is hidden due to flagging and it been enough time" do
|
|
post.hidden = true
|
|
post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it "returns true if the post is hidden, it's been enough time and the edit window has expired" do
|
|
post.hidden = true
|
|
post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
|
|
post.created_at = (SiteSetting.post_edit_time_limit + 1).minutes.ago
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it "returns true if the post is hidden due to flagging and it's got a nil `hidden_at`" do
|
|
post.hidden = true
|
|
post.hidden_at = nil
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns false if you are trying to edit a post you soft deleted' do
|
|
post.user_deleted = true
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns false if another regular user tries to edit a soft deleted wiki post' do
|
|
post.wiki = true
|
|
post.user_deleted = true
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns false if you are trying to edit a deleted post' do
|
|
post.deleted_at = 1.day.ago
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns false if another regular user tries to edit a deleted wiki post' do
|
|
post.wiki = true
|
|
post.deleted_at = 1.day.ago
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns false if another regular user tries to edit your post' do
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true if another regular user tries to edit wiki post' do
|
|
post.wiki = true
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as a trust level 4 user' do
|
|
expect(Guardian.new(trust_level_4).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns false when another user has too low trust level to edit wiki post' do
|
|
SiteSetting.stubs(:min_trust_to_edit_wiki_post).returns(2)
|
|
post.wiki = true
|
|
coding_horror.trust_level = 1
|
|
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when another user has adequate trust level to edit wiki post' do
|
|
SiteSetting.stubs(:min_trust_to_edit_wiki_post).returns(2)
|
|
post.wiki = true
|
|
coding_horror.trust_level = 2
|
|
|
|
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true for post author even when he has too low trust level to edit wiki post' do
|
|
SiteSetting.stubs(:min_trust_to_edit_wiki_post).returns(2)
|
|
post.wiki = true
|
|
post.user.trust_level = 1
|
|
|
|
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
|
|
end
|
|
|
|
context 'post is older than post_edit_time_limit' do
|
|
let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 6.minutes.ago) }
|
|
before do
|
|
SiteSetting.stubs(:post_edit_time_limit).returns(5)
|
|
end
|
|
|
|
it 'returns false to the author of the post' do
|
|
expect(Guardian.new(old_post.user).can_edit?(old_post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(old_post)).to eq(true)
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(old_post)).to eq(true)
|
|
end
|
|
|
|
it 'returns false for another regular user trying to edit your post' do
|
|
expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true for another regular user trying to edit a wiki post' do
|
|
old_post.wiki = true
|
|
expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context "first post of a static page doc" do
|
|
let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
|
|
let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
|
|
before { SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id) }
|
|
|
|
it "restricts static doc posts" do
|
|
expect(Guardian.new(build(:user)).can_edit?(tos_first_post)).to be_falsey
|
|
expect(Guardian.new(moderator).can_edit?(tos_first_post)).to be_falsey
|
|
expect(Guardian.new(admin).can_edit?(tos_first_post)).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'a Topic' do
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_edit?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns true for editing your own post' do
|
|
expect(Guardian.new(topic.user).can_edit?(topic)).to eq(true)
|
|
end
|
|
|
|
it 'returns false as a regular user' do
|
|
expect(Guardian.new(coding_horror).can_edit?(topic)).to be_falsey
|
|
end
|
|
|
|
context 'not archived' do
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
|
|
end
|
|
|
|
it 'returns true at trust level 3' do
|
|
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true)
|
|
end
|
|
|
|
it "returns false when the category is read only" do
|
|
topic.category.set_permissions(everyone: :readonly)
|
|
topic.category.save
|
|
|
|
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
|
|
|
|
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
|
|
|
|
expect(Guardian.new(moderator).can_edit?(post)).to eq(false)
|
|
expect(Guardian.new(moderator).can_edit?(topic)).to eq(false)
|
|
end
|
|
|
|
it "returns false for trust level 3 if category is secured" do
|
|
topic.category.set_permissions(everyone: :create_post, staff: :full)
|
|
topic.category.save
|
|
|
|
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
|
|
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
|
|
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
|
|
end
|
|
end
|
|
|
|
context 'private message' do
|
|
it 'returns false at trust level 3' do
|
|
topic.archetype = 'private_message'
|
|
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
|
|
end
|
|
|
|
it 'returns false at trust level 4' do
|
|
topic.archetype = 'private_message'
|
|
expect(Guardian.new(trust_level_4).can_edit?(topic)).to eq(false)
|
|
end
|
|
end
|
|
|
|
context 'archived' do
|
|
let(:archived_topic) { build(:topic, user: user, archived: true) }
|
|
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(archived_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(archived_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true at trust level 4' do
|
|
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns false at trust level 3' do
|
|
expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns false as a topic creator' do
|
|
expect(Guardian.new(user).can_edit?(archived_topic)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'very old' do
|
|
let(:old_topic) { build(:topic, user: user, created_at: 6.minutes.ago) }
|
|
|
|
before { SiteSetting.stubs(:post_edit_time_limit).returns(5) }
|
|
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(old_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(old_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true at trust level 3' do
|
|
expect(Guardian.new(trust_level_3).can_edit?(old_topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns false as a topic creator' do
|
|
expect(Guardian.new(user).can_edit?(old_topic)).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'a Category' do
|
|
|
|
let(:category) { Fabricate(:category) }
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_edit?(category)).to be_falsey
|
|
end
|
|
|
|
it 'returns false as a regular user' do
|
|
expect(Guardian.new(category.user).can_edit?(category)).to be_falsey
|
|
end
|
|
|
|
it 'returns false as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(category)).to be_falsey
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(category)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe 'a User' do
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_edit?(user)).to be_falsey
|
|
end
|
|
|
|
it 'returns false as a different user' do
|
|
expect(Guardian.new(coding_horror).can_edit?(user)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when trying to edit yourself' do
|
|
expect(Guardian.new(user).can_edit?(user)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_edit?(user)).to be_truthy
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_edit?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
end
|
|
|
|
context 'can_moderate?' do
|
|
|
|
it 'returns false with a nil object' do
|
|
expect(Guardian.new(user).can_moderate?(nil)).to be_falsey
|
|
end
|
|
|
|
context 'when user is blocked' do
|
|
it 'returns false' do
|
|
user.toggle!(:blocked)
|
|
expect(Guardian.new(user).can_moderate?(post)).to be(false)
|
|
expect(Guardian.new(user).can_moderate?(topic)).to be(false)
|
|
end
|
|
end
|
|
|
|
context 'a Topic' do
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_moderate?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not a moderator' do
|
|
expect(Guardian.new(user).can_moderate?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when a moderator' do
|
|
expect(Guardian.new(moderator).can_moderate?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_moderate?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when trust level 4' do
|
|
expect(Guardian.new(trust_level_4).can_moderate?(topic)).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
context 'can_see_flags?' do
|
|
|
|
it "returns false when there is no post" do
|
|
expect(Guardian.new(moderator).can_see_flags?(nil)).to be_falsey
|
|
end
|
|
|
|
it "returns false when there is no user" do
|
|
expect(Guardian.new(nil).can_see_flags?(post)).to be_falsey
|
|
end
|
|
|
|
it "allow regular users to see flags" do
|
|
expect(Guardian.new(user).can_see_flags?(post)).to be_falsey
|
|
end
|
|
|
|
it "allows moderators to see flags" do
|
|
expect(Guardian.new(moderator).can_see_flags?(post)).to be_truthy
|
|
end
|
|
|
|
it "allows moderators to see flags" do
|
|
expect(Guardian.new(admin).can_see_flags?(post)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'can_move_posts?' do
|
|
|
|
it 'returns false with a nil object' do
|
|
expect(Guardian.new(user).can_move_posts?(nil)).to be_falsey
|
|
end
|
|
|
|
context 'a Topic' do
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_move_posts?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not a moderator' do
|
|
expect(Guardian.new(user).can_move_posts?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when a moderator' do
|
|
expect(Guardian.new(moderator).can_move_posts?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_move_posts?(topic)).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
context 'can_delete?' do
|
|
|
|
it 'returns false with a nil object' do
|
|
expect(Guardian.new(user).can_delete?(nil)).to be_falsey
|
|
end
|
|
|
|
context 'a Topic' do
|
|
before do
|
|
# pretend we have a real topic
|
|
topic.id = 9999999
|
|
end
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_delete?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not a moderator' do
|
|
expect(Guardian.new(user).can_delete?(topic)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when a moderator' do
|
|
expect(Guardian.new(moderator).can_delete?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_delete?(topic)).to be_truthy
|
|
end
|
|
|
|
it 'returns false for static doc topics' do
|
|
tos_topic = Fabricate(:topic, user: Discourse.system_user)
|
|
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
|
|
expect(Guardian.new(admin).can_delete?(tos_topic)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'a Post' do
|
|
|
|
before do
|
|
post.post_number = 2
|
|
end
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_delete?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns false when trying to delete your own post that has already been deleted" do
|
|
post = Fabricate(:post)
|
|
PostDestroyer.new(user, post).destroy
|
|
post.reload
|
|
expect(Guardian.new(user).can_delete?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when trying to delete your own post' do
|
|
expect(Guardian.new(user).can_delete?(post)).to be_truthy
|
|
end
|
|
|
|
it "returns false when trying to delete another user's own post" do
|
|
expect(Guardian.new(Fabricate(:user)).can_delete?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns false when it's the OP, even as a moderator" do
|
|
post.update_attribute :post_number, 1
|
|
expect(Guardian.new(moderator).can_delete?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when a moderator' do
|
|
expect(Guardian.new(moderator).can_delete?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_delete?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns false when post is first in a static doc topic' do
|
|
tos_topic = Fabricate(:topic, user: Discourse.system_user)
|
|
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
|
|
post.update_attribute :post_number, 1
|
|
post.update_attribute :topic_id, tos_topic.id
|
|
expect(Guardian.new(admin).can_delete?(post)).to be_falsey
|
|
end
|
|
|
|
context 'post is older than post_edit_time_limit' do
|
|
let(:old_post) { build(:post, topic: topic, user: topic.user, post_number: 2, created_at: 6.minutes.ago) }
|
|
before do
|
|
SiteSetting.stubs(:post_edit_time_limit).returns(5)
|
|
end
|
|
|
|
it 'returns false to the author of the post' do
|
|
expect(Guardian.new(old_post.user).can_delete?(old_post)).to eq(false)
|
|
end
|
|
|
|
it 'returns true as a moderator' do
|
|
expect(Guardian.new(moderator).can_delete?(old_post)).to eq(true)
|
|
end
|
|
|
|
it 'returns true as an admin' do
|
|
expect(Guardian.new(admin).can_delete?(old_post)).to eq(true)
|
|
end
|
|
|
|
it "returns false when it's the OP, even as a moderator" do
|
|
old_post.post_number = 1
|
|
expect(Guardian.new(moderator).can_delete?(old_post)).to eq(false)
|
|
end
|
|
|
|
it 'returns false for another regular user trying to delete your post' do
|
|
expect(Guardian.new(coding_horror).can_delete?(old_post)).to eq(false)
|
|
end
|
|
end
|
|
|
|
context 'the topic is archived' do
|
|
before do
|
|
post.topic.archived = true
|
|
end
|
|
|
|
it "allows a staff member to delete it" do
|
|
expect(Guardian.new(moderator).can_delete?(post)).to be_truthy
|
|
end
|
|
|
|
it "doesn't allow a regular user to delete it" do
|
|
expect(Guardian.new(post.user).can_delete?(post)).to be_falsey
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
context 'a Category' do
|
|
|
|
let(:category) { build(:category, user: moderator) }
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_delete?(category)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when a regular user' do
|
|
expect(Guardian.new(user).can_delete?(category)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when a moderator' do
|
|
expect(Guardian.new(moderator).can_delete?(category)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when an admin' do
|
|
expect(Guardian.new(admin).can_delete?(category)).to be_truthy
|
|
end
|
|
|
|
it "can't be deleted if it has a forum topic" do
|
|
category.topic_count = 10
|
|
expect(Guardian.new(moderator).can_delete?(category)).to be_falsey
|
|
end
|
|
|
|
it "can't be deleted if it is the Uncategorized Category" do
|
|
uncategorized_cat_id = SiteSetting.uncategorized_category_id
|
|
uncategorized_category = Category.find(uncategorized_cat_id)
|
|
expect(Guardian.new(admin).can_delete?(uncategorized_category)).to be_falsey
|
|
end
|
|
|
|
it "can't be deleted if it has children" do
|
|
category.expects(:has_children?).returns(true)
|
|
expect(Guardian.new(admin).can_delete?(category)).to be_falsey
|
|
end
|
|
|
|
end
|
|
|
|
context 'can_suspend?' do
|
|
it 'returns false when a user tries to suspend another user' do
|
|
expect(Guardian.new(user).can_suspend?(coding_horror)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when an admin tries to suspend another user' do
|
|
expect(Guardian.new(admin).can_suspend?(coding_horror)).to be_truthy
|
|
end
|
|
|
|
it 'returns true when a moderator tries to suspend another user' do
|
|
expect(Guardian.new(moderator).can_suspend?(coding_horror)).to be_truthy
|
|
end
|
|
|
|
it 'returns false when staff tries to suspend staff' do
|
|
expect(Guardian.new(admin).can_suspend?(moderator)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'a PostAction' do
|
|
let(:post_action) {
|
|
user.id = 1
|
|
post.id = 1
|
|
|
|
a = PostAction.new(user: user, post: post, post_action_type_id: 1)
|
|
a.created_at = 1.minute.ago
|
|
a
|
|
}
|
|
|
|
it 'returns false when not logged in' do
|
|
expect(Guardian.new.can_delete?(post_action)).to be_falsey
|
|
end
|
|
|
|
it 'returns false when not the user who created it' do
|
|
expect(Guardian.new(coding_horror).can_delete?(post_action)).to be_falsey
|
|
end
|
|
|
|
it "returns false if the window has expired" do
|
|
post_action.created_at = 20.minutes.ago
|
|
SiteSetting.expects(:post_undo_action_window_mins).returns(10)
|
|
expect(Guardian.new(user).can_delete?(post_action)).to be_falsey
|
|
end
|
|
|
|
it "returns true if it's yours" do
|
|
expect(Guardian.new(user).can_delete?(post_action)).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
context 'can_approve?' do
|
|
|
|
it "wont allow a non-logged in user to approve" do
|
|
expect(Guardian.new.can_approve?(user)).to be_falsey
|
|
end
|
|
|
|
it "wont allow a non-admin to approve a user" do
|
|
expect(Guardian.new(coding_horror).can_approve?(user)).to be_falsey
|
|
end
|
|
|
|
it "returns false when the user is already approved" do
|
|
user.approved = true
|
|
expect(Guardian.new(admin).can_approve?(user)).to be_falsey
|
|
end
|
|
|
|
it "allows an admin to approve a user" do
|
|
expect(Guardian.new(admin).can_approve?(user)).to be_truthy
|
|
end
|
|
|
|
it "allows a moderator to approve a user" do
|
|
expect(Guardian.new(moderator).can_approve?(user)).to be_truthy
|
|
end
|
|
|
|
|
|
end
|
|
|
|
context 'can_grant_admin?' do
|
|
it "wont allow a non logged in user to grant an admin's access" do
|
|
expect(Guardian.new.can_grant_admin?(another_admin)).to be_falsey
|
|
end
|
|
|
|
it "wont allow a regular user to revoke an admin's access" do
|
|
expect(Guardian.new(user).can_grant_admin?(another_admin)).to be_falsey
|
|
end
|
|
|
|
it 'wont allow an admin to grant their own access' do
|
|
expect(Guardian.new(admin).can_grant_admin?(admin)).to be_falsey
|
|
end
|
|
|
|
it "allows an admin to grant a regular user access" do
|
|
admin.id = 1
|
|
user.id = 2
|
|
expect(Guardian.new(admin).can_grant_admin?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'can_revoke_admin?' do
|
|
it "wont allow a non logged in user to revoke an admin's access" do
|
|
expect(Guardian.new.can_revoke_admin?(another_admin)).to be_falsey
|
|
end
|
|
|
|
it "wont allow a regular user to revoke an admin's access" do
|
|
expect(Guardian.new(user).can_revoke_admin?(another_admin)).to be_falsey
|
|
end
|
|
|
|
it 'wont allow an admin to revoke their own access' do
|
|
expect(Guardian.new(admin).can_revoke_admin?(admin)).to be_falsey
|
|
end
|
|
|
|
it "allows an admin to revoke another admin's access" do
|
|
admin.id = 1
|
|
another_admin.id = 2
|
|
|
|
expect(Guardian.new(admin).can_revoke_admin?(another_admin)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'can_grant_moderation?' do
|
|
|
|
it "wont allow a non logged in user to grant an moderator's access" do
|
|
expect(Guardian.new.can_grant_moderation?(user)).to be_falsey
|
|
end
|
|
|
|
it "wont allow a regular user to revoke an moderator's access" do
|
|
expect(Guardian.new(user).can_grant_moderation?(moderator)).to be_falsey
|
|
end
|
|
|
|
it 'will allow an admin to grant their own moderator access' do
|
|
expect(Guardian.new(admin).can_grant_moderation?(admin)).to be_truthy
|
|
end
|
|
|
|
it 'wont allow an admin to grant it to an already moderator' do
|
|
expect(Guardian.new(admin).can_grant_moderation?(moderator)).to be_falsey
|
|
end
|
|
|
|
it "allows an admin to grant a regular user access" do
|
|
expect(Guardian.new(admin).can_grant_moderation?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'can_revoke_moderation?' do
|
|
it "wont allow a non logged in user to revoke an moderator's access" do
|
|
expect(Guardian.new.can_revoke_moderation?(moderator)).to be_falsey
|
|
end
|
|
|
|
it "wont allow a regular user to revoke an moderator's access" do
|
|
expect(Guardian.new(user).can_revoke_moderation?(moderator)).to be_falsey
|
|
end
|
|
|
|
it 'wont allow a moderator to revoke their own moderator' do
|
|
expect(Guardian.new(moderator).can_revoke_moderation?(moderator)).to be_falsey
|
|
end
|
|
|
|
it "allows an admin to revoke a moderator's access" do
|
|
expect(Guardian.new(admin).can_revoke_moderation?(moderator)).to be_truthy
|
|
end
|
|
|
|
it "allows an admin to revoke a moderator's access from self" do
|
|
admin.moderator = true
|
|
expect(Guardian.new(admin).can_revoke_moderation?(admin)).to be_truthy
|
|
end
|
|
|
|
it "does not allow revoke from non moderators" do
|
|
expect(Guardian.new(admin).can_revoke_moderation?(admin)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context "can_see_invite_details?" do
|
|
|
|
it 'is false without a logged in user' do
|
|
expect(Guardian.new(nil).can_see_invite_details?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is false without a user to look at' do
|
|
expect(Guardian.new(user).can_see_invite_details?(nil)).to be_falsey
|
|
end
|
|
|
|
it 'is true when looking at your own invites' do
|
|
expect(Guardian.new(user).can_see_invite_details?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context "can_access_forum?" do
|
|
|
|
let(:unapproved_user) { Fabricate.build(:user) }
|
|
|
|
context "when must_approve_users is false" do
|
|
before do
|
|
SiteSetting.stubs(:must_approve_users?).returns(false)
|
|
end
|
|
|
|
it "returns true for a nil user" do
|
|
expect(Guardian.new(nil).can_access_forum?).to be_truthy
|
|
end
|
|
|
|
it "returns true for an unapproved user" do
|
|
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'when must_approve_users is true' do
|
|
before do
|
|
SiteSetting.stubs(:must_approve_users?).returns(true)
|
|
end
|
|
|
|
it "returns false for a nil user" do
|
|
expect(Guardian.new(nil).can_access_forum?).to be_falsey
|
|
end
|
|
|
|
it "returns false for an unapproved user" do
|
|
expect(Guardian.new(unapproved_user).can_access_forum?).to be_falsey
|
|
end
|
|
|
|
it "returns true for an admin user" do
|
|
unapproved_user.admin = true
|
|
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
|
|
end
|
|
|
|
it "returns true for an approved user" do
|
|
unapproved_user.approved = true
|
|
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
describe "can_delete_user?" do
|
|
it "is false without a logged in user" do
|
|
expect(Guardian.new(nil).can_delete_user?(user)).to be_falsey
|
|
end
|
|
|
|
it "is false without a user to look at" do
|
|
expect(Guardian.new(admin).can_delete_user?(nil)).to be_falsey
|
|
end
|
|
|
|
it "is false for regular users" do
|
|
expect(Guardian.new(user).can_delete_user?(coding_horror)).to be_falsey
|
|
end
|
|
|
|
context "delete myself" do
|
|
let(:myself) { Fabricate(:user, created_at: 6.months.ago) }
|
|
subject { Guardian.new(myself).can_delete_user?(myself) }
|
|
|
|
it "is true to delete myself and I have never made a post" do
|
|
expect(subject).to be_truthy
|
|
end
|
|
|
|
it "is true to delete myself and I have only made 1 post" do
|
|
myself.stubs(:post_count).returns(1)
|
|
expect(subject).to be_truthy
|
|
end
|
|
|
|
it "is false to delete myself and I have made 2 posts" do
|
|
myself.stubs(:post_count).returns(2)
|
|
expect(subject).to be_falsey
|
|
end
|
|
end
|
|
|
|
shared_examples "can_delete_user examples" do
|
|
it "is true if user is not an admin and has never posted" do
|
|
expect(Guardian.new(actor).can_delete_user?(Fabricate.build(:user, created_at: 100.days.ago))).to be_truthy
|
|
end
|
|
|
|
it "is true if user is not an admin and first post is not too old" do
|
|
user = Fabricate.build(:user, created_at: 100.days.ago)
|
|
user.stubs(:first_post_created_at).returns(9.days.ago)
|
|
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
|
|
expect(Guardian.new(actor).can_delete_user?(user)).to be_truthy
|
|
end
|
|
|
|
it "is false if user is an admin" do
|
|
expect(Guardian.new(actor).can_delete_user?(another_admin)).to be_falsey
|
|
end
|
|
|
|
it "is false if user's first post is too old" do
|
|
user = Fabricate.build(:user, created_at: 100.days.ago)
|
|
user.stubs(:first_post_created_at).returns(11.days.ago)
|
|
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
|
|
expect(Guardian.new(actor).can_delete_user?(user)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context "for moderators" do
|
|
let(:actor) { moderator }
|
|
include_examples "can_delete_user examples"
|
|
end
|
|
|
|
context "for admins" do
|
|
let(:actor) { admin }
|
|
include_examples "can_delete_user examples"
|
|
end
|
|
end
|
|
|
|
describe "can_delete_all_posts?" do
|
|
it "is false without a logged in user" do
|
|
expect(Guardian.new(nil).can_delete_all_posts?(user)).to be_falsey
|
|
end
|
|
|
|
it "is false without a user to look at" do
|
|
expect(Guardian.new(admin).can_delete_all_posts?(nil)).to be_falsey
|
|
end
|
|
|
|
it "is false for regular users" do
|
|
expect(Guardian.new(user).can_delete_all_posts?(coding_horror)).to be_falsey
|
|
end
|
|
|
|
shared_examples "can_delete_all_posts examples" do
|
|
it "is true if user has no posts" do
|
|
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
|
|
expect(Guardian.new(actor).can_delete_all_posts?(Fabricate(:user, created_at: 100.days.ago))).to be_truthy
|
|
end
|
|
|
|
it "is true if user's first post is newer than delete_user_max_post_age days old" do
|
|
user = Fabricate(:user, created_at: 100.days.ago)
|
|
user.stubs(:first_post_created_at).returns(9.days.ago)
|
|
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
|
|
expect(Guardian.new(actor).can_delete_all_posts?(user)).to be_truthy
|
|
end
|
|
|
|
it "is false if user's first post is older than delete_user_max_post_age days old" do
|
|
user = Fabricate(:user, created_at: 100.days.ago)
|
|
user.stubs(:first_post_created_at).returns(11.days.ago)
|
|
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
|
|
expect(Guardian.new(actor).can_delete_all_posts?(user)).to be_falsey
|
|
end
|
|
|
|
it "is false if user is an admin" do
|
|
expect(Guardian.new(actor).can_delete_all_posts?(admin)).to be_falsey
|
|
end
|
|
|
|
it "is true if number of posts is small" do
|
|
u = Fabricate(:user, created_at: 1.day.ago)
|
|
u.stubs(:post_count).returns(1)
|
|
SiteSetting.stubs(:delete_all_posts_max).returns(10)
|
|
expect(Guardian.new(actor).can_delete_all_posts?(u)).to be_truthy
|
|
end
|
|
|
|
it "is false if number of posts is not small" do
|
|
u = Fabricate(:user, created_at: 1.day.ago)
|
|
u.stubs(:post_count).returns(11)
|
|
SiteSetting.stubs(:delete_all_posts_max).returns(10)
|
|
expect(Guardian.new(actor).can_delete_all_posts?(u)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context "for moderators" do
|
|
let(:actor) { moderator }
|
|
include_examples "can_delete_all_posts examples"
|
|
end
|
|
|
|
context "for admins" do
|
|
let(:actor) { admin }
|
|
include_examples "can_delete_all_posts examples"
|
|
end
|
|
end
|
|
|
|
describe "can_anonymize_user?" do
|
|
it "is false without a logged in user" do
|
|
expect(Guardian.new(nil).can_anonymize_user?(user)).to be_falsey
|
|
end
|
|
|
|
it "is false without a user to look at" do
|
|
expect(Guardian.new(admin).can_anonymize_user?(nil)).to be_falsey
|
|
end
|
|
|
|
it "is false for a regular user" do
|
|
expect(Guardian.new(user).can_anonymize_user?(coding_horror)).to be_falsey
|
|
end
|
|
|
|
it "is false for myself" do
|
|
expect(Guardian.new(user).can_anonymize_user?(user)).to be_falsey
|
|
end
|
|
|
|
it "is true for admin anonymizing a regular user" do
|
|
expect(Guardian.new(admin).can_anonymize_user?(user)).to eq(true)
|
|
end
|
|
|
|
it "is true for moderator anonymizing a regular user" do
|
|
expect(Guardian.new(moderator).can_anonymize_user?(user)).to eq(true)
|
|
end
|
|
|
|
it "is false for admin anonymizing an admin" do
|
|
expect(Guardian.new(admin).can_anonymize_user?(Fabricate(:admin))).to be_falsey
|
|
end
|
|
|
|
it "is false for admin anonymizing a moderator" do
|
|
expect(Guardian.new(admin).can_anonymize_user?(Fabricate(:moderator))).to be_falsey
|
|
end
|
|
|
|
it "is false for moderator anonymizing an admin" do
|
|
expect(Guardian.new(moderator).can_anonymize_user?(admin)).to be_falsey
|
|
end
|
|
|
|
it "is false for moderator anonymizing a moderator" do
|
|
expect(Guardian.new(moderator).can_anonymize_user?(Fabricate(:moderator))).to be_falsey
|
|
end
|
|
end
|
|
|
|
describe 'can_grant_title?' do
|
|
it 'is false without a logged in user' do
|
|
expect(Guardian.new(nil).can_grant_title?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is false for regular users' do
|
|
expect(Guardian.new(user).can_grant_title?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is true for moderators' do
|
|
expect(Guardian.new(moderator).can_grant_title?(user)).to be_truthy
|
|
end
|
|
|
|
it 'is true for admins' do
|
|
expect(Guardian.new(admin).can_grant_title?(user)).to be_truthy
|
|
end
|
|
|
|
it 'is false without a user to look at' do
|
|
expect(Guardian.new(admin).can_grant_title?(nil)).to be_falsey
|
|
end
|
|
end
|
|
|
|
|
|
describe 'can_change_trust_level?' do
|
|
|
|
it 'is false without a logged in user' do
|
|
expect(Guardian.new(nil).can_change_trust_level?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is false for regular users' do
|
|
expect(Guardian.new(user).can_change_trust_level?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is true for moderators' do
|
|
expect(Guardian.new(moderator).can_change_trust_level?(user)).to be_truthy
|
|
end
|
|
|
|
it 'is true for admins' do
|
|
expect(Guardian.new(admin).can_change_trust_level?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe "can_edit_username?" do
|
|
it "is false without a logged in user" do
|
|
expect(Guardian.new(nil).can_edit_username?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
it "is false for regular users to edit another user's username" do
|
|
expect(Guardian.new(build(:user)).can_edit_username?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
shared_examples "staff can always change usernames" do
|
|
it "is true for moderators" do
|
|
expect(Guardian.new(moderator).can_edit_username?(user)).to be_truthy
|
|
end
|
|
|
|
it "is true for admins" do
|
|
expect(Guardian.new(admin).can_edit_username?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'for a new user' do
|
|
let(:target_user) { Fabricate(:user, created_at: 1.minute.ago) }
|
|
include_examples "staff can always change usernames"
|
|
|
|
it "is true for the user to change their own username" do
|
|
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'for an old user' do
|
|
before do
|
|
SiteSetting.stubs(:username_change_period).returns(3)
|
|
end
|
|
|
|
let(:target_user) { Fabricate(:user, created_at: 4.days.ago) }
|
|
|
|
context 'with no posts' do
|
|
include_examples "staff can always change usernames"
|
|
it "is true for the user to change their own username" do
|
|
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'with posts' do
|
|
before { target_user.stubs(:post_count).returns(1) }
|
|
include_examples "staff can always change usernames"
|
|
it "is false for the user to change their own username" do
|
|
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when editing is disabled in preferences' do
|
|
before do
|
|
SiteSetting.stubs(:username_change_period).returns(0)
|
|
end
|
|
|
|
include_examples "staff can always change usernames"
|
|
|
|
it "is false for the user to change their own username" do
|
|
expect(Guardian.new(user).can_edit_username?(user)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when SSO username override is active' do
|
|
before do
|
|
SiteSetting.stubs(:enable_sso).returns(true)
|
|
SiteSetting.stubs(:sso_overrides_username).returns(true)
|
|
end
|
|
|
|
it "is false for admins" do
|
|
expect(Guardian.new(admin).can_edit_username?(admin)).to be_falsey
|
|
end
|
|
|
|
it "is false for moderators" do
|
|
expect(Guardian.new(moderator).can_edit_username?(moderator)).to be_falsey
|
|
end
|
|
|
|
it "is false for users" do
|
|
expect(Guardian.new(user).can_edit_username?(user)).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "can_edit_email?" do
|
|
context 'when allowed in settings' do
|
|
before do
|
|
SiteSetting.stubs(:email_editable?).returns(true)
|
|
end
|
|
|
|
it "is false when not logged in" do
|
|
expect(Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
it "is false for regular users to edit another user's email" do
|
|
expect(Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
it "is true for a regular user to edit their own email" do
|
|
expect(Guardian.new(user).can_edit_email?(user)).to be_truthy
|
|
end
|
|
|
|
it "is true for moderators" do
|
|
expect(Guardian.new(moderator).can_edit_email?(user)).to be_truthy
|
|
end
|
|
|
|
it "is true for admins" do
|
|
expect(Guardian.new(admin).can_edit_email?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'when not allowed in settings' do
|
|
before do
|
|
SiteSetting.stubs(:email_editable?).returns(false)
|
|
end
|
|
|
|
it "is false when not logged in" do
|
|
expect(Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
it "is false for regular users to edit another user's email" do
|
|
expect(Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
it "is false for a regular user to edit their own email" do
|
|
expect(Guardian.new(user).can_edit_email?(user)).to be_falsey
|
|
end
|
|
|
|
it "is false for admins" do
|
|
expect(Guardian.new(admin).can_edit_email?(user)).to be_falsey
|
|
end
|
|
|
|
it "is false for moderators" do
|
|
expect(Guardian.new(moderator).can_edit_email?(user)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when SSO email override is active' do
|
|
before do
|
|
SiteSetting.stubs(:enable_sso).returns(true)
|
|
SiteSetting.stubs(:sso_overrides_email).returns(true)
|
|
end
|
|
|
|
it "is false for admins" do
|
|
expect(Guardian.new(admin).can_edit_email?(admin)).to be_falsey
|
|
end
|
|
|
|
it "is false for moderators" do
|
|
expect(Guardian.new(moderator).can_edit_email?(moderator)).to be_falsey
|
|
end
|
|
|
|
it "is false for users" do
|
|
expect(Guardian.new(user).can_edit_email?(user)).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'can_edit_name?' do
|
|
it 'is false without a logged in user' do
|
|
expect(Guardian.new(nil).can_edit_name?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
it "is false for regular users to edit another user's name" do
|
|
expect(Guardian.new(build(:user)).can_edit_name?(build(:user, created_at: 1.minute.ago))).to be_falsey
|
|
end
|
|
|
|
context 'for a new user' do
|
|
let(:target_user) { build(:user, created_at: 1.minute.ago) }
|
|
|
|
it 'is true for the user to change their own name' do
|
|
expect(Guardian.new(target_user).can_edit_name?(target_user)).to be_truthy
|
|
end
|
|
|
|
it 'is true for moderators' do
|
|
expect(Guardian.new(moderator).can_edit_name?(user)).to be_truthy
|
|
end
|
|
|
|
it 'is true for admins' do
|
|
expect(Guardian.new(admin).can_edit_name?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'when name is disabled in preferences' do
|
|
before do
|
|
SiteSetting.stubs(:enable_names).returns(false)
|
|
end
|
|
|
|
it 'is false for the user to change their own name' do
|
|
expect(Guardian.new(user).can_edit_name?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is false for moderators' do
|
|
expect(Guardian.new(moderator).can_edit_name?(user)).to be_falsey
|
|
end
|
|
|
|
it 'is false for admins' do
|
|
expect(Guardian.new(admin).can_edit_name?(user)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when name is enabled in preferences' do
|
|
before do
|
|
SiteSetting.stubs(:enable_names).returns(true)
|
|
end
|
|
|
|
context 'when SSO is disabled' do
|
|
before do
|
|
SiteSetting.stubs(:enable_sso).returns(false)
|
|
SiteSetting.stubs(:sso_overrides_name).returns(false)
|
|
end
|
|
|
|
it 'is true for admins' do
|
|
expect(Guardian.new(admin).can_edit_name?(admin)).to be_truthy
|
|
end
|
|
|
|
it 'is true for moderators' do
|
|
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_truthy
|
|
end
|
|
|
|
it 'is true for users' do
|
|
expect(Guardian.new(user).can_edit_name?(user)).to be_truthy
|
|
end
|
|
end
|
|
|
|
context 'when SSO is enabled' do
|
|
before do
|
|
SiteSetting.stubs(:enable_sso).returns(true)
|
|
end
|
|
|
|
context 'when SSO name override is active' do
|
|
before do
|
|
SiteSetting.stubs(:sso_overrides_name).returns(true)
|
|
end
|
|
|
|
it 'is false for admins' do
|
|
expect(Guardian.new(admin).can_edit_name?(admin)).to be_falsey
|
|
end
|
|
|
|
it 'is false for moderators' do
|
|
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_falsey
|
|
end
|
|
|
|
it 'is false for users' do
|
|
expect(Guardian.new(user).can_edit_name?(user)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when SSO name override is not active' do
|
|
before do
|
|
SiteSetting.stubs(:sso_overrides_name).returns(false)
|
|
end
|
|
|
|
it 'is true for admins' do
|
|
expect(Guardian.new(admin).can_edit_name?(admin)).to be_truthy
|
|
end
|
|
|
|
it 'is true for moderators' do
|
|
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_truthy
|
|
end
|
|
|
|
it 'is true for users' do
|
|
expect(Guardian.new(user).can_edit_name?(user)).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'can_wiki?' do
|
|
let(:post) { build(:post, created_at: 1.minute.ago) }
|
|
|
|
it 'returns false for regular user' do
|
|
expect(Guardian.new(coding_horror).can_wiki?(post)).to be_falsey
|
|
end
|
|
|
|
it "returns false when user does not satisfy trust level but owns the post" do
|
|
own_post = Fabricate(:post, user: trust_level_2)
|
|
expect(Guardian.new(trust_level_2).can_wiki?(own_post)).to be_falsey
|
|
end
|
|
|
|
it "returns false when user satisfies trust level but tries to wiki someone else's post" do
|
|
SiteSetting.min_trust_to_allow_self_wiki = 2
|
|
expect(Guardian.new(trust_level_2).can_wiki?(post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true when user satisfies trust level and owns the post' do
|
|
SiteSetting.min_trust_to_allow_self_wiki = 2
|
|
own_post = Fabricate(:post, user: trust_level_2)
|
|
expect(Guardian.new(trust_level_2).can_wiki?(own_post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true for admin user' do
|
|
expect(Guardian.new(admin).can_wiki?(post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true for trust_level_4 user' do
|
|
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
|
|
end
|
|
|
|
context 'post is older than post_edit_time_limit' do
|
|
let(:old_post) { build(:post, user: trust_level_2, created_at: 6.minutes.ago) }
|
|
before do
|
|
SiteSetting.min_trust_to_allow_self_wiki = 2
|
|
SiteSetting.post_edit_time_limit = 5
|
|
end
|
|
|
|
it 'returns false when user satisfies trust level and owns the post' do
|
|
expect(Guardian.new(trust_level_2).can_wiki?(old_post)).to be_falsey
|
|
end
|
|
|
|
it 'returns true for admin user' do
|
|
expect(Guardian.new(admin).can_wiki?(old_post)).to be_truthy
|
|
end
|
|
|
|
it 'returns true for trust_level_4 user' do
|
|
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "Tags" do
|
|
context "tagging disabled" do
|
|
before do
|
|
SiteSetting.tagging_enabled = false
|
|
end
|
|
|
|
it "can_create_tag returns false" do
|
|
expect(Guardian.new(admin).can_create_tag?).to be_falsey
|
|
end
|
|
|
|
it "can_admin_tags returns false" do
|
|
expect(Guardian.new(admin).can_admin_tags?).to be_falsey
|
|
end
|
|
|
|
it "can_admin_tag_groups returns false" do
|
|
expect(Guardian.new(admin).can_admin_tag_groups?).to be_falsey
|
|
end
|
|
end
|
|
|
|
context "tagging is enabled" do
|
|
before do
|
|
SiteSetting.tagging_enabled = true
|
|
SiteSetting.min_trust_to_create_tag = 3
|
|
SiteSetting.min_trust_level_to_tag_topics = 1
|
|
end
|
|
|
|
describe "can_create_tag" do
|
|
it "returns false if trust level is too low" do
|
|
expect(Guardian.new(trust_level_2).can_create_tag?).to be_falsey
|
|
end
|
|
|
|
it "returns true if trust level is high enough" do
|
|
expect(Guardian.new(trust_level_3).can_create_tag?).to be_truthy
|
|
end
|
|
|
|
it "returns true for staff" do
|
|
expect(Guardian.new(admin).can_create_tag?).to be_truthy
|
|
expect(Guardian.new(moderator).can_create_tag?).to be_truthy
|
|
end
|
|
end
|
|
|
|
describe "can_tag_topics" do
|
|
it "returns false if trust level is too low" do
|
|
expect(Guardian.new(Fabricate(:user, trust_level: 0)).can_tag_topics?).to be_falsey
|
|
end
|
|
|
|
it "returns true if trust level is high enough" do
|
|
expect(Guardian.new(Fabricate(:user, trust_level: 1)).can_tag_topics?).to be_truthy
|
|
end
|
|
|
|
it "returns true for staff" do
|
|
expect(Guardian.new(admin).can_tag_topics?).to be_truthy
|
|
expect(Guardian.new(moderator).can_tag_topics?).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|