mirror of
https://github.com/discourse/discourse.git
synced 2024-12-11 19:53:52 +08:00
355d51afde
This PR allows invitations to be used when the DiscourseConnect SSO is enabled for a site (`enable_discourse_connect`) and local logins are disabled. Previously invites could not be accepted with SSO enabled simply because we did not have the code paths to handle that logic. The invitation methods that are supported include: * Inviting people to groups via email address * Inviting people to topics via email address * Using invitation links generated by the Invite Users UI in the /my/invited/pending route The flow works like this: 1. User visits an invite URL 2. The normal invitation validations (redemptions/expiry) happen at that point 3. We store the invite key in a secure session 4. The user clicks "Accept Invitation and Continue" (see below) 5. The user is redirected to /session/sso then to the SSO provider URL then back to /session/sso_login 6. We retrieve the invite based on the invite key in secure session. We revalidate the invitation. We show an error to the user if it is not valid. An additional check here for invites with an email specified is to check the SSO email matches the invite email 7. If the invite is OK we create the user via the normal SSO methods 8. We redeem the invite and activate the user. We clear the invite key in secure session. 9. If the invite had a topic we redirect the user there, otherwise we redirect to / Note that we decided for SSO-based invites the `must_approve_users` site setting is ignored, because the invite is a form of pre-approval, and because regular non-staff users cannot send out email invites or generally invite to the forum in this case. Also deletes some group invite checks as per https://github.com/discourse/discourse/pull/12353
1987 lines
60 KiB
Ruby
1987 lines
60 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe GroupsController do
|
|
fab!(:user) { Fabricate(:user) }
|
|
let(:other_user) { Fabricate(:user) }
|
|
let(:group) { Fabricate(:group, users: [user]) }
|
|
let(:moderator_group_id) { Group::AUTO_GROUPS[:moderators] }
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
fab!(:moderator) { Fabricate(:moderator) }
|
|
|
|
describe '#index' do
|
|
let(:staff_group) do
|
|
Fabricate(:group, name: 'staff_group', visibility_level: Group.visibility_levels[:staff])
|
|
end
|
|
|
|
it "ensures that groups can be paginated" do
|
|
50.times { Fabricate(:group) }
|
|
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].size).to eq(36)
|
|
expect(body["total_rows_groups"]).to eq(50)
|
|
expect(body["load_more_groups"]).to eq("/groups?page=1")
|
|
|
|
get "/groups.json", params: { page: 1 }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].size).to eq(14)
|
|
expect(body["total_rows_groups"]).to eq(50)
|
|
expect(body["load_more_groups"]).to eq("/groups?page=2")
|
|
end
|
|
|
|
context 'when group directory is disabled' do
|
|
before do
|
|
SiteSetting.enable_group_directory = false
|
|
end
|
|
|
|
it 'should deny access for an anon' do
|
|
get "/groups.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it 'should deny access for a normal user' do
|
|
sign_in(user)
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it 'should allow access for an admin' do
|
|
sign_in(admin)
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it 'should allow access for a moderator' do
|
|
sign_in(moderator)
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context 'searchable' do
|
|
it 'should return the searched groups' do
|
|
testing_group = Fabricate(:group, name: 'testing')
|
|
|
|
get "/groups.json", params: { filter: 'test' }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].first["id"]).to eq(testing_group.id)
|
|
expect(body["load_more_groups"]).to eq("/groups?filter=test&page=1")
|
|
end
|
|
end
|
|
|
|
context 'sortable' do
|
|
before do
|
|
group
|
|
sign_in(user)
|
|
end
|
|
|
|
let!(:other_group) { Fabricate(:group, name: "other_group", users: [user, other_user]) }
|
|
|
|
context "with default (descending) order" do
|
|
it "sorts by name" do
|
|
get "/groups.json", params: { order: "name" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq([
|
|
other_group.id, group.id, moderator_group_id
|
|
])
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?order=name&page=1")
|
|
end
|
|
|
|
it "sorts by user_count" do
|
|
get "/groups.json", params: { order: "user_count" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq([
|
|
other_group.id, group.id, moderator_group_id
|
|
])
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?order=user_count&page=1")
|
|
end
|
|
end
|
|
|
|
context "with ascending order" do
|
|
it "sorts by name" do
|
|
get "/groups.json", params: { order: "name", asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq([
|
|
moderator_group_id, group.id, other_group.id
|
|
])
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?asc=true&order=name&page=1")
|
|
end
|
|
|
|
it "sorts by user_count" do
|
|
get "/groups.json", params: { order: "user_count", asc: "true" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq([
|
|
moderator_group_id, group.id, other_group.id
|
|
])
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?asc=true&order=user_count&page=1")
|
|
end
|
|
end
|
|
end
|
|
|
|
it 'should return the right response' do
|
|
group
|
|
staff_group
|
|
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
group_ids = body["groups"].map { |g| g["id"] }
|
|
|
|
expect(group_ids).to contain_exactly(group.id)
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?page=1")
|
|
expect(body["total_rows_groups"]).to eq(1)
|
|
expect(body["extras"]["type_filters"].map(&:to_sym)).to eq(
|
|
described_class::TYPE_FILTERS.keys - [:my, :owner, :automatic, :non_automatic]
|
|
)
|
|
end
|
|
|
|
it 'should return correct X-Robots-Tag header when allow_index_in_robots_txt is set to false' do
|
|
SiteSetting.allow_index_in_robots_txt = false
|
|
get "/groups"
|
|
expect(response.headers['X-Robots-Tag']).to eq('noindex, nofollow')
|
|
end
|
|
|
|
context 'viewing groups of another user' do
|
|
describe 'when an invalid username is given' do
|
|
it 'should return the right response' do
|
|
group
|
|
get "/groups.json", params: { username: 'asdasd' }
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
it 'should return the right response' do
|
|
u = Fabricate(:user)
|
|
m = Fabricate(:user)
|
|
o = Fabricate(:user)
|
|
|
|
levels = Group.visibility_levels.values
|
|
|
|
levels.product(levels).each { |group_level, members_level|
|
|
g = Fabricate(:group,
|
|
name: "#{group_level}_#{members_level}",
|
|
visibility_level: group_level,
|
|
members_visibility_level: members_level,
|
|
users: [u]
|
|
)
|
|
|
|
g.add(m) if group_level == Group.visibility_levels[:members] || members_level == Group.visibility_levels[:members]
|
|
g.add_owner(o) if group_level == Group.visibility_levels[:owners] || members_level == Group.visibility_levels[:owners]
|
|
}
|
|
|
|
# anonymous user
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0")
|
|
|
|
# logged in user
|
|
sign_in(Fabricate(:user))
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0", "0_1", "1_0", "1_1")
|
|
|
|
# member of the group
|
|
sign_in(m)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0", "0_1", "0_2", "1_0", "1_1", "1_2", "2_0", "2_1", "2_2")
|
|
|
|
# owner
|
|
sign_in(o)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0", "0_1", "0_4", "1_0", "1_1", "1_4", "2_4", "3_4", "4_0", "4_1", "4_2", "4_3", "4_4")
|
|
|
|
# moderator
|
|
sign_in(moderator)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0", "0_1", "0_2", "0_3", "1_0", "1_1", "1_2", "1_3", "2_0", "2_1", "2_2", "2_3", "3_0", "3_1", "3_2", "3_3")
|
|
|
|
# admin
|
|
sign_in(admin)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
all_group_names = levels.product(levels).map { |a, b| "#{a}_#{b}" }
|
|
expect(group_names).to contain_exactly(*all_group_names)
|
|
end
|
|
end
|
|
|
|
context 'viewing as an admin' do
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
before do
|
|
sign_in(admin)
|
|
group.add(admin)
|
|
group.add_owner(admin)
|
|
end
|
|
|
|
it 'should return the right response' do
|
|
staff_group
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
group_ids = body["groups"].map { |g| g["id"] }
|
|
group_body = body["groups"].find { |g| g["id"] == group.id }
|
|
|
|
expect(group_body["is_group_user"]).to eq(true)
|
|
expect(group_body["is_group_owner"]).to eq(true)
|
|
expect(group_ids).to include(group.id, staff_group.id)
|
|
expect(body["load_more_groups"]).to eq("/groups?page=1")
|
|
expect(body["total_rows_groups"]).to eq(10)
|
|
|
|
expect(body["extras"]["type_filters"].map(&:to_sym)).to eq(
|
|
described_class::TYPE_FILTERS.keys - [:non_automatic]
|
|
)
|
|
end
|
|
|
|
context 'filterable by type' do
|
|
def expect_type_to_return_right_groups(type, expected_group_ids)
|
|
get "/groups.json", params: { type: type }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
group_ids = body["groups"].map { |g| g["id"] }
|
|
|
|
expect(body["total_rows_groups"]).to eq(expected_group_ids.count)
|
|
expect(group_ids).to contain_exactly(*expected_group_ids)
|
|
end
|
|
|
|
describe 'my groups' do
|
|
it 'should return the right response' do
|
|
expect_type_to_return_right_groups('my', [group.id])
|
|
end
|
|
end
|
|
|
|
describe 'owner groups' do
|
|
it 'should return the right response' do
|
|
group2 = Fabricate(:group)
|
|
_group3 = Fabricate(:group)
|
|
group2.add_owner(admin)
|
|
|
|
expect_type_to_return_right_groups('owner', [group.id, group2.id])
|
|
end
|
|
end
|
|
|
|
describe 'automatic groups' do
|
|
it 'should return the right response' do
|
|
expect_type_to_return_right_groups(
|
|
'automatic',
|
|
Group::AUTO_GROUP_IDS.keys - [0]
|
|
)
|
|
end
|
|
end
|
|
|
|
describe 'non automatic groups' do
|
|
it 'should return the right response' do
|
|
group2 = Fabricate(:group)
|
|
expect_type_to_return_right_groups(
|
|
'non_automatic',
|
|
[group.id, group2.id]
|
|
)
|
|
end
|
|
end
|
|
|
|
describe 'public groups' do
|
|
it 'should return the right response' do
|
|
group2 = Fabricate(:group, public_admission: true)
|
|
|
|
expect_type_to_return_right_groups('public', [group2.id])
|
|
end
|
|
end
|
|
|
|
describe 'close groups' do
|
|
it 'should return the right response' do
|
|
group2 = Fabricate(:group, public_admission: false)
|
|
_group3 = Fabricate(:group, public_admission: true)
|
|
|
|
expect_type_to_return_right_groups('close', [group.id, group2.id])
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#show' do
|
|
it "ensures the group can be seen" do
|
|
sign_in(Fabricate(:user))
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "returns the right response" do
|
|
sign_in(user)
|
|
mod_group = Group.find(moderator_group_id)
|
|
get "/groups/#{group.name}.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body['group']['id']).to eq(group.id)
|
|
expect(body['extras']["visible_group_names"]).to eq([mod_group.name, group.name])
|
|
expect(response.headers['X-Robots-Tag']).to eq('noindex')
|
|
end
|
|
|
|
context 'as an admin' do
|
|
it "returns the right response" do
|
|
sign_in(Fabricate(:admin))
|
|
get "/groups/#{group.name}.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body['group']['id']).to eq(group.id)
|
|
|
|
groups = Group::AUTO_GROUPS.keys
|
|
groups.delete(:everyone)
|
|
groups.push(group.name)
|
|
|
|
expect(body['extras']["visible_group_names"])
|
|
.to contain_exactly(*groups.map(&:to_s))
|
|
end
|
|
end
|
|
|
|
it 'should respond to HTML' do
|
|
group.update!(bio_raw: 'testing **group** bio')
|
|
|
|
get "/groups/#{group.name}.html"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.body).to have_tag(:meta, with: {
|
|
property: 'og:title', content: group.name
|
|
})
|
|
|
|
# note this uses an excerpt so it strips html
|
|
expect(response.body).to have_tag(:meta, with: {
|
|
property: 'og:description', content: 'testing group bio'
|
|
})
|
|
end
|
|
|
|
describe 'when viewing activity filters' do
|
|
it 'should return the right response' do
|
|
get "/groups/#{group.name}/activity/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body['group']
|
|
|
|
expect(body["id"]).to eq(group.id)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#posts" do
|
|
it "ensures the group can be seen" do
|
|
sign_in(Fabricate(:user))
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "ensures the group members can be seen" do
|
|
sign_in(Fabricate(:user))
|
|
group.update!(members_visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "calls `posts_for` and responds with JSON" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user: user)
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.first["id"]).to eq(post.id)
|
|
end
|
|
|
|
it "returns moderator actions" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user: user, post_type: Post.types[:moderator_action])
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.first["id"]).to eq(post.id)
|
|
end
|
|
end
|
|
|
|
describe "#members" do
|
|
|
|
it "returns correct error code with invalid params" do
|
|
sign_in(Fabricate(:user))
|
|
|
|
get "/groups/#{group.name}/members.json?limit=-1"
|
|
expect(response.status).to eq(400)
|
|
|
|
get "/groups/#{group.name}/members.json?offset=-1"
|
|
expect(response.status).to eq(400)
|
|
|
|
get "/groups/trust_level_0/members.json?limit=2000"
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "ensures the group can be seen" do
|
|
sign_in(Fabricate(:user))
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/members.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "ensures the group members can be seen" do
|
|
group.update!(members_visibility_level: Group.visibility_levels[:logged_on_users])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { limit: 1 }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "ensures that membership can be paginated" do
|
|
freeze_time
|
|
|
|
first_user = Fabricate(:user)
|
|
group.add(first_user)
|
|
|
|
freeze_time 1.day.from_now
|
|
|
|
4.times { group.add(Fabricate(:user)) }
|
|
usernames = group.users.map { |m| m.username }.sort
|
|
|
|
get "/groups/#{group.name}/members.json", params: { limit: 3, asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m['username'] }).to eq(usernames[0..2])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { limit: 3, offset: 3, asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m['username'] }).to eq(usernames[3..5])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { order: 'added_at' }
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.last['added_at']).to eq(first_user.created_at.as_json)
|
|
end
|
|
end
|
|
|
|
describe '#posts_feed' do
|
|
it 'renders RSS' do
|
|
get "/groups/#{group.name}/posts.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.media_type).to eq('application/rss+xml')
|
|
end
|
|
end
|
|
|
|
describe '#mentions_feed' do
|
|
it 'renders RSS' do
|
|
get "/groups/#{group.name}/mentions.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.media_type).to eq('application/rss+xml')
|
|
end
|
|
|
|
it 'fails when disabled' do
|
|
SiteSetting.enable_mentions = false
|
|
|
|
get "/groups/#{group.name}/mentions.rss"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe '#mentionable' do
|
|
it "should return the right response" do
|
|
sign_in(user)
|
|
|
|
group.update!(
|
|
mentionable_level: Group::ALIAS_LEVELS[:owners_mods_and_admins],
|
|
visibility_level: Group.visibility_levels[:logged_on_users]
|
|
)
|
|
|
|
get "/groups/#{group.name}/mentionable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["mentionable"]).to eq(false)
|
|
|
|
group.update!(
|
|
mentionable_level: Group::ALIAS_LEVELS[:everyone],
|
|
visibility_level: Group.visibility_levels[:staff]
|
|
)
|
|
|
|
get "/groups/#{group.name}/mentionable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["mentionable"]).to eq(true)
|
|
|
|
group.update!(
|
|
mentionable_level: Group::ALIAS_LEVELS[:nobody],
|
|
visibility_level: Group.visibility_levels[:public]
|
|
)
|
|
|
|
get "/groups/#{group.name}/mentionable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["mentionable"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe '#messageable' do
|
|
it "should return the right response" do
|
|
sign_in(user)
|
|
|
|
get "/groups/#{group.name}/messageable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["messageable"]).to eq(false)
|
|
|
|
group.update!(
|
|
messageable_level: Group::ALIAS_LEVELS[:everyone],
|
|
visibility_level: Group.visibility_levels[:staff]
|
|
)
|
|
|
|
get "/groups/#{group.name}/messageable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["messageable"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe '#update' do
|
|
let!(:group) do
|
|
Fabricate(:group,
|
|
name: 'test',
|
|
users: [user],
|
|
public_admission: false,
|
|
public_exit: false
|
|
)
|
|
end
|
|
let(:category) { Fabricate(:category) }
|
|
let(:tag) { Fabricate(:tag) }
|
|
|
|
context "custom_fields" do
|
|
before do
|
|
user.update!(admin: true)
|
|
sign_in(user)
|
|
plugin = Plugin::Instance.new
|
|
plugin.register_editable_group_custom_field :test
|
|
@group = Fabricate(:group)
|
|
end
|
|
|
|
after do
|
|
DiscoursePluginRegistry.reset!
|
|
end
|
|
|
|
it "only updates allowed user fields" do
|
|
put "/groups/#{@group.id}.json", params: { group: { custom_fields: { test: :hello1, test2: :hello2 } } }
|
|
|
|
@group.reload
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(@group.custom_fields['test']).to eq('hello1')
|
|
expect(@group.custom_fields['test2']).to be_blank
|
|
end
|
|
|
|
it "is secure when there are no registered editable fields" do
|
|
DiscoursePluginRegistry.reset!
|
|
put "/groups/#{@group.id}.json", params: { group: { custom_fields: { test: :hello1, test2: :hello2 } } }
|
|
|
|
@group.reload
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(@group.custom_fields['test']).to be_blank
|
|
expect(@group.custom_fields['test2']).to be_blank
|
|
end
|
|
end
|
|
|
|
context "when user is group owner" do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "should be able update the group" do
|
|
group.update!(
|
|
allow_membership_requests: false,
|
|
visibility_level: 2,
|
|
mentionable_level: 2,
|
|
messageable_level: 2,
|
|
default_notification_level: 0,
|
|
grant_trust_level: 0
|
|
)
|
|
|
|
expect do
|
|
put "/groups/#{group.id}.json", params: {
|
|
group: {
|
|
mentionable_level: 1,
|
|
messageable_level: 1,
|
|
visibility_level: 1,
|
|
automatic_membership_email_domains: 'test.org',
|
|
title: 'haha',
|
|
primary_group: true,
|
|
grant_trust_level: 1,
|
|
incoming_email: 'test@mail.org',
|
|
flair_bg_color: 'FFF',
|
|
flair_color: 'BBB',
|
|
flair_icon: 'fa-adjust',
|
|
bio_raw: 'testing',
|
|
full_name: 'awesome team',
|
|
public_admission: true,
|
|
public_exit: true,
|
|
allow_membership_requests: true,
|
|
membership_request_template: 'testing',
|
|
default_notification_level: 1,
|
|
name: 'testing',
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name]
|
|
}
|
|
}
|
|
end.to change { GroupHistory.count }.by(13)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
|
|
expect(group.flair_bg_color).to eq('FFF')
|
|
expect(group.flair_color).to eq('BBB')
|
|
expect(group.flair_url).to eq('fa-adjust')
|
|
expect(group.bio_raw).to eq('testing')
|
|
expect(group.full_name).to eq('awesome team')
|
|
expect(group.public_admission).to eq(true)
|
|
expect(group.public_exit).to eq(true)
|
|
expect(group.allow_membership_requests).to eq(true)
|
|
expect(group.membership_request_template).to eq('testing')
|
|
expect(group.name).to eq('test')
|
|
expect(group.visibility_level).to eq(2)
|
|
expect(group.mentionable_level).to eq(1)
|
|
expect(group.messageable_level).to eq(1)
|
|
expect(group.default_notification_level).to eq(1)
|
|
expect(group.automatic_membership_email_domains).to eq(nil)
|
|
expect(group.title).to eq('haha')
|
|
expect(group.primary_group).to eq(false)
|
|
expect(group.incoming_email).to eq(nil)
|
|
expect(group.grant_trust_level).to eq(0)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
end
|
|
|
|
it 'should not be allowed to update automatic groups' do
|
|
group = Group.find(Group::AUTO_GROUPS[:admins])
|
|
|
|
put "/groups/#{group.id}.json", params: {
|
|
group: {
|
|
messageable_level: 1
|
|
}
|
|
}
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "when user is group admin" do
|
|
before do
|
|
user.update!(admin: true)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'should be able to update the group' do
|
|
group.update!(
|
|
visibility_level: 2,
|
|
members_visibility_level: 2,
|
|
grant_trust_level: 0
|
|
)
|
|
|
|
put "/groups/#{group.id}.json", params: {
|
|
group: {
|
|
flair_color: 'BBB',
|
|
name: 'testing',
|
|
incoming_email: 'test@mail.org',
|
|
primary_group: true,
|
|
automatic_membership_email_domains: 'test.org',
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name]
|
|
}
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_color).to eq('BBB')
|
|
expect(group.name).to eq('testing')
|
|
expect(group.incoming_email).to eq("test@mail.org")
|
|
expect(group.primary_group).to eq(true)
|
|
expect(group.visibility_level).to eq(1)
|
|
expect(group.members_visibility_level).to eq(3)
|
|
expect(group.automatic_membership_email_domains).to eq('test.org')
|
|
expect(group.grant_trust_level).to eq(2)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
|
|
expect(Jobs::AutomaticGroupMembership.jobs.first["args"].first["group_id"])
|
|
.to eq(group.id)
|
|
end
|
|
|
|
it "should be able to update an automatic group" do
|
|
group = Group.find(Group::AUTO_GROUPS[:admins])
|
|
|
|
group.update!(
|
|
visibility_level: 2,
|
|
mentionable_level: 2,
|
|
messageable_level: 2,
|
|
default_notification_level: 2
|
|
)
|
|
|
|
put "/groups/#{group.id}.json", params: {
|
|
group: {
|
|
flair_color: 'BBB',
|
|
name: 'testing',
|
|
visibility_level: 1,
|
|
mentionable_level: 1,
|
|
messageable_level: 1,
|
|
default_notification_level: 1,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name]
|
|
}
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_color).to eq(nil)
|
|
expect(group.name).to eq('admins')
|
|
expect(group.visibility_level).to eq(1)
|
|
expect(group.mentionable_level).to eq(1)
|
|
expect(group.messageable_level).to eq(1)
|
|
expect(group.default_notification_level).to eq(1)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
end
|
|
|
|
it 'triggers a extensibility event' do
|
|
event = DiscourseEvent.track_events {
|
|
put "/groups/#{group.id}.json", params: { group: { flair_color: 'BBB' } }
|
|
}.last
|
|
|
|
expect(event[:event_name]).to eq(:group_updated)
|
|
expect(event[:params].first).to eq(group)
|
|
end
|
|
end
|
|
|
|
context "when user is a site moderator" do
|
|
before do
|
|
SiteSetting.moderators_manage_categories_and_groups = true
|
|
sign_in(moderator)
|
|
end
|
|
|
|
it 'should not be able to update the group if the SiteSetting is false' do
|
|
SiteSetting.moderators_manage_categories_and_groups = false
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { name: 'testing' } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it 'should not be able to update a group it cannot see' do
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { name: 'testing' } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it 'should be able to update the group' do
|
|
put "/groups/#{group.id}.json", params: {
|
|
group: {
|
|
flair_color: 'BBB',
|
|
name: 'testing',
|
|
incoming_email: 'test@mail.org',
|
|
primary_group: true,
|
|
automatic_membership_email_domains: 'test.org',
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name]
|
|
}
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_color).to eq('BBB')
|
|
expect(group.name).to eq('testing')
|
|
expect(group.incoming_email).to eq("test@mail.org")
|
|
expect(group.primary_group).to eq(true)
|
|
expect(group.visibility_level).to eq(1)
|
|
expect(group.members_visibility_level).to eq(3)
|
|
expect(group.automatic_membership_email_domains).to eq('test.org')
|
|
expect(group.grant_trust_level).to eq(2)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
|
|
expect(Jobs::AutomaticGroupMembership.jobs.first["args"].first["group_id"])
|
|
.to eq(group.id)
|
|
end
|
|
|
|
it "should be able to update an automatic group" do
|
|
group = Group.find(Group::AUTO_GROUPS[:trust_level_4])
|
|
|
|
group.update!(
|
|
mentionable_level: 2,
|
|
messageable_level: 2,
|
|
default_notification_level: 2
|
|
)
|
|
|
|
put "/groups/#{group.id}.json", params: {
|
|
group: {
|
|
mentionable_level: 1,
|
|
messageable_level: 1,
|
|
default_notification_level: 1
|
|
}
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_color).to eq(nil)
|
|
expect(group.name).to eq('trust_level_4')
|
|
expect(group.mentionable_level).to eq(1)
|
|
expect(group.messageable_level).to eq(1)
|
|
expect(group.default_notification_level).to eq(1)
|
|
end
|
|
|
|
it 'triggers a extensibility event' do
|
|
event = DiscourseEvent.track_events {
|
|
put "/groups/#{group.id}.json", params: { group: { flair_color: 'BBB' } }
|
|
}.last
|
|
|
|
expect(event[:event_name]).to eq(:group_updated)
|
|
expect(event[:params].first).to eq(group)
|
|
end
|
|
end
|
|
|
|
context "when user is not a group owner or admin" do
|
|
it 'should not be able to update the group' do
|
|
sign_in(user)
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { name: 'testing' } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#members' do
|
|
let(:user1) do
|
|
Fabricate(:user,
|
|
last_seen_at: Time.zone.now,
|
|
last_posted_at: Time.zone.now - 1.day,
|
|
email: 'b@test.org'
|
|
)
|
|
end
|
|
|
|
let(:user2) do
|
|
Fabricate(:user,
|
|
last_seen_at: Time.zone.now - 1 .day,
|
|
last_posted_at: Time.zone.now,
|
|
email: 'a@test.org'
|
|
)
|
|
end
|
|
|
|
fab!(:user3) do
|
|
Fabricate(:user,
|
|
last_seen_at: nil,
|
|
last_posted_at: nil,
|
|
email: 'c@test.org'
|
|
)
|
|
end
|
|
|
|
fab!(:bot) { Fabricate(:user, id: -999) }
|
|
|
|
let(:group) { Fabricate(:group, users: [user1, user2, user3, bot]) }
|
|
|
|
it "should allow members to be sorted by" do
|
|
get "/groups/#{group.name}/members.json", params: {
|
|
order: 'last_seen_at'
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user1.id, user2.id, user3.id])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { order: 'last_seen_at', asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user2.id, user1.id, user3.id])
|
|
|
|
get "/groups/#{group.name}/members.json", params: {
|
|
order: 'last_posted_at'
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user2.id, user1.id, user3.id])
|
|
end
|
|
|
|
it "should not allow members to be sorted by columns that are not allowed" do
|
|
get "/groups/#{group.name}/members.json", params: { order: 'email' }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] })
|
|
.to contain_exactly(user1.id, user2.id, user3.id)
|
|
end
|
|
|
|
it "can show group requests" do
|
|
sign_in(Fabricate(:admin))
|
|
|
|
user4 = Fabricate(:user)
|
|
request4 = Fabricate(:group_request, user: user4, group: group)
|
|
|
|
get "/groups/#{group.name}/members.json", params: { requesters: true }
|
|
|
|
members = response.parsed_body["members"]
|
|
expect(members.length).to eq(1)
|
|
expect(members.first["username"]).to eq(user4.username)
|
|
expect(members.first["reason"]).to eq(request4.reason)
|
|
end
|
|
|
|
describe 'filterable' do
|
|
describe 'as a normal user' do
|
|
it "should not allow members to be filterable by email" do
|
|
email = 'uniquetest@discourse.org'
|
|
user1.update!(email: email)
|
|
|
|
get "/groups/#{group.name}/members.json", params: { filter: email }
|
|
|
|
expect(response.status).to eq(200)
|
|
members = response.parsed_body["members"]
|
|
expect(members).to eq([])
|
|
end
|
|
end
|
|
|
|
describe 'as an admin' do
|
|
before do
|
|
sign_in(Fabricate(:admin))
|
|
end
|
|
|
|
it "should allow members to be filterable by username" do
|
|
email = 'uniquetest@discourse.org'
|
|
user1.update!(email: email)
|
|
|
|
{
|
|
email.upcase => [user1.id],
|
|
'QUEtes' => [user1.id],
|
|
"#{user1.email},#{user2.email}" => [user1.id, user2.id]
|
|
}.each do |filter, ids|
|
|
get "/groups/#{group.name}/members.json", params: { filter: filter }
|
|
|
|
expect(response.status).to eq(200)
|
|
members = response.parsed_body["members"]
|
|
expect(members.map { |m| m["id"] }).to contain_exactly(*ids)
|
|
end
|
|
end
|
|
|
|
it "should allow members to be filterable by email" do
|
|
username = 'uniquetest'
|
|
user1.update!(username: username)
|
|
|
|
[username.upcase, 'QUEtes'].each do |filter|
|
|
get "/groups/#{group.name}/members.json", params: { filter: filter }
|
|
|
|
expect(response.status).to eq(200)
|
|
members = response.parsed_body["members"]
|
|
expect(members.map { |m| m["id"] }).to contain_exactly(user1.id)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#edit" do
|
|
fab!(:group) { Fabricate(:group) }
|
|
|
|
context 'when user is not signed in' do
|
|
it 'should be fobidden' do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response).to be_forbidden
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
context 'public group' do
|
|
it 'should be fobidden' do
|
|
group.update!(
|
|
public_admission: true,
|
|
public_exit: true
|
|
)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response.status).to eq(403)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when user is not an owner of the group' do
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
it "refuses membership changes to unauthorized users" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response).to be_forbidden
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
|
|
context 'when user is an admin' do
|
|
fab!(:user) { Fabricate(:admin) }
|
|
let(:group) { Fabricate(:group, users: [user], automatic: true) }
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
it "cannot add members to automatic groups" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response).to be_forbidden
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "membership edits" do
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
context '#add_members' do
|
|
it "can make incremental adds" do
|
|
user2 = Fabricate(:user)
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user2.username }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group_history = GroupHistory.last
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:add_user_to_group])
|
|
expect(group_history.acting_user).to eq(admin)
|
|
expect(group_history.target_user).to eq(user2)
|
|
end
|
|
|
|
it "cannot add members to automatic groups" do
|
|
group.update!(automatic: true)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "l77t" }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "does not notify users when the param is not present" do
|
|
user2 = Fabricate(:user)
|
|
|
|
expect {
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user2.username }
|
|
}.to change { Topic.where(archetype: "private_message").count }.by(0)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "notifies users when the param is present" do
|
|
user2 = Fabricate(:user)
|
|
|
|
expect {
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user2.username, notify_users: true }
|
|
}.to change { Topic.where(archetype: "private_message").count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(Topic.last.topic_users.map(&:user_id)).to include(Discourse::SYSTEM_USER_ID, user2.id)
|
|
end
|
|
|
|
context "is able to add several members to a group" do
|
|
fab!(:user1) { Fabricate(:user) }
|
|
fab!(:user2) { Fabricate(:user, username: "UsEr2") }
|
|
|
|
it "adds by username" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { usernames: [user1.username, user2.username.upcase].join(",") }
|
|
end.to change { group.users.count }.by(2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "adds by id" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { user_ids: [user1.id, user2.id].join(",") }
|
|
end.to change { group.users.count }.by(2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "adds by email" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { user_emails: [user1.email, user2.email].join(",") }
|
|
end.to change { group.users.count }.by(2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it 'adds missing users even if some exists' do
|
|
user2.update!(username: 'alice')
|
|
user3 = Fabricate(:user, username: 'bob')
|
|
[user2, user3].each { |user| group.add(user) }
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { user_emails: [user1.email, user2.email, user3.email].join(",") }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it 'sends invites to new users and ignores existing users' do
|
|
user1.update!(username: 'john')
|
|
user2.update!(username: 'alice')
|
|
[user1, user2].each { |user| group.add(user) }
|
|
emails = ["something@gmail.com", "anotherone@yahoo.com"]
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { user_emails: [user1.email, user2.email].join(","), emails: emails.join(",") }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["emails"]).to eq(emails)
|
|
|
|
emails.each do |email|
|
|
invite = Invite.find_by(email: email)
|
|
expect(invite.groups).to eq([group])
|
|
end
|
|
end
|
|
|
|
it 'displays warning when all members already exists' do
|
|
user1.update!(username: 'john')
|
|
user2.update!(username: 'alice')
|
|
user3 = Fabricate(:user, username: 'bob')
|
|
[user1, user2, user3].each { |user| group.add(user) }
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { user_emails: [user1.email, user2.email, user3.email].join(",") }
|
|
end.to change { group.users.count }.by(0)
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t(
|
|
"groups.errors.member_already_exist",
|
|
username: "alice, bob, john",
|
|
count: 3
|
|
))
|
|
end
|
|
|
|
it 'display error when try to add to many users at once' do
|
|
begin
|
|
old_constant = GroupsController.const_get("ADD_MEMBERS_LIMIT")
|
|
GroupsController.send(:remove_const, "ADD_MEMBERS_LIMIT")
|
|
GroupsController.const_set("ADD_MEMBERS_LIMIT", 1)
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { user_emails: [user1.email, user2.email].join(",") }
|
|
end.to change { group.reload.users.count }.by(0)
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t(
|
|
"groups.errors.adding_too_many_users",
|
|
count: 1
|
|
))
|
|
ensure
|
|
GroupsController.send(:remove_const, "ADD_MEMBERS_LIMIT")
|
|
GroupsController.const_set("ADD_MEMBERS_LIMIT", old_constant)
|
|
end
|
|
end
|
|
end
|
|
|
|
it "returns 422 if member already exists" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user.username }
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t(
|
|
"groups.errors.member_already_exist",
|
|
username: user.username,
|
|
count: 1
|
|
))
|
|
end
|
|
|
|
it "returns 400 if member is not found" do
|
|
[
|
|
{ usernames: "some thing" },
|
|
{ user_ids: "-5,-6" },
|
|
{ user_emails: "some@test.org" }
|
|
].each do |params|
|
|
put "/groups/#{group.id}/members.json", params: params
|
|
|
|
expect(response.status).to eq(400)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["error_type"]).to eq("invalid_parameters")
|
|
end
|
|
end
|
|
|
|
it "return a 400 if no user or emails are present" do
|
|
[
|
|
{ usernames: "nouserwiththisusername", emails: "" },
|
|
{ usernames: "", emails: "" }
|
|
].each do |params|
|
|
put "/groups/#{group.id}/members.json", params: params
|
|
expect(response.status).to eq(400)
|
|
body = response.parsed_body
|
|
|
|
expect(body["error_type"]).to eq("invalid_parameters")
|
|
end
|
|
end
|
|
|
|
it "will send invites to each email with group_id set" do
|
|
emails = ["something@gmail.com", "anotherone@yahoo.com"]
|
|
put "/groups/#{group.id}/members.json", params: { emails: emails.join(",") }
|
|
|
|
expect(response.status).to eq(200)
|
|
body = response.parsed_body
|
|
|
|
expect(body["emails"]).to eq(emails)
|
|
|
|
emails.each do |email|
|
|
invite = Invite.find_by(email: email)
|
|
expect(invite.groups).to eq([group])
|
|
end
|
|
end
|
|
|
|
it "adds known users by email when DiscourseConnect is enabled" do
|
|
SiteSetting.discourse_connect_url = "https://www.example.com/sso"
|
|
SiteSetting.enable_discourse_connect = true
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json", params: { emails: other_user.email }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "will find users by email, and invite the correct user" do
|
|
new_user = Fabricate(:user)
|
|
expect(new_user.group_ids.include?(group.id)).to eq(false)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { emails: new_user.email }
|
|
|
|
expect(new_user.reload.group_ids.include?(group.id)).to eq(true)
|
|
end
|
|
|
|
it "will invite the user if their username and email are both invited" do
|
|
new_user = Fabricate(:user)
|
|
put "/groups/#{group.id}/members.json", params: { usernames: new_user.username, emails: new_user.email }
|
|
|
|
expect(response.status).to eq(200)
|
|
body = response.parsed_body
|
|
|
|
expect(new_user.reload.group_ids.include?(group.id)).to eq(true)
|
|
end
|
|
|
|
context 'public group' do
|
|
fab!(:other_user) { Fabricate(:user) }
|
|
|
|
before do
|
|
group.update!(
|
|
public_admission: true,
|
|
public_exit: true
|
|
)
|
|
end
|
|
|
|
context 'admin' do
|
|
it "can make incremental adds" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { usernames: other_user.username }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group_history = GroupHistory.last
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:add_user_to_group])
|
|
expect(group_history.acting_user).to eq(admin)
|
|
expect(group_history.target_user).to eq(other_user)
|
|
end
|
|
end
|
|
|
|
it 'should allow a user to join the group' do
|
|
sign_in(other_user)
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { usernames: other_user.username }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it 'should not allow an underprivilege user to add another user to a group' do
|
|
sign_in(user)
|
|
|
|
put "/groups/#{group.id}/members.json",
|
|
params: { usernames: other_user.username }
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#remove_member' do
|
|
it "cannot remove members from automatic groups" do
|
|
group.update!(automatic: true)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: 42 }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "raises an error if user to be removed is not found" do
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: -10 }
|
|
|
|
response_body = response.parsed_body
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "returns skipped_usernames response body when removing a valid user but is not a member of that group" do
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: -1 }
|
|
|
|
response_body = response.parsed_body
|
|
expect(response.status).to eq(200)
|
|
expect(response_body["usernames"]).to eq([])
|
|
expect(response_body["skipped_usernames"].first).to eq("system")
|
|
end
|
|
|
|
context "is able to remove a member" do
|
|
it "removes by id" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: user.id }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by id with integer in json" do
|
|
expect do
|
|
headers = { "CONTENT_TYPE": "application/json" }
|
|
delete "/groups/#{group.id}/members.json", params: "{\"user_id\":#{user.id}}", headers: headers
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by username" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json", params: { username: user.username }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes user.primary_group_id when user is removed from group" do
|
|
user.update!(primary_group_id: group.id)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: user.id }
|
|
|
|
expect(user.reload.primary_group_id).to eq(nil)
|
|
end
|
|
|
|
it "removes by user_email" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json",
|
|
params: { user_email: user.email }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
context 'public group' do
|
|
fab!(:other_user) { Fabricate(:user) }
|
|
let(:group) { Fabricate(:public_group, users: [other_user]) }
|
|
|
|
context "admin" do
|
|
it "removes by username" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json",
|
|
params: { username: other_user.username }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
it 'should allow a user to leave a group' do
|
|
sign_in(other_user)
|
|
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json",
|
|
params: { username: other_user.username }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it 'should not allow a underprivilege user to leave a group for another user' do
|
|
sign_in(user)
|
|
|
|
delete "/groups/#{group.id}/members.json",
|
|
params: { username: other_user.username }
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#remove_members' do
|
|
context "is able to remove several members from a group" do
|
|
fab!(:user1) { Fabricate(:user) }
|
|
fab!(:user2) { Fabricate(:user, username: "UsEr2") }
|
|
let(:group1) { Fabricate(:group, users: [user1, user2]) }
|
|
|
|
it "removes by username" do
|
|
expect do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: { usernames: [user1.username, user2.username.upcase].join(",") }
|
|
end.to change { group1.users.count }.by(-2)
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by id" do
|
|
expect do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: { user_ids: [user1.id, user2.id].join(",") }
|
|
end.to change { group1.users.count }.by(-2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by id with integer in json" do
|
|
expect do
|
|
headers = { "CONTENT_TYPE": "application/json" }
|
|
delete "/groups/#{group1.id}/members.json", params: "{\"user_ids\":#{user1.id}}", headers: headers
|
|
end.to change { group1.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by email" do
|
|
expect do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: { user_emails: [user1.email, user2.email].join(",") }
|
|
end.to change { group1.users.count }.by(-2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "only removes users in that group" do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: { usernames: [user.username, user2.username].join(",") }
|
|
|
|
response_body = response.parsed_body
|
|
expect(response.status).to eq(200)
|
|
expect(response_body["usernames"].first).to eq(user2.username)
|
|
expect(response_body["skipped_usernames"].first).to eq(user.username)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#handle_membership_request" do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "sends a private message when accepted" do
|
|
group_request = GroupRequest.create!(group: group, user: other_user)
|
|
expect { put "/groups/#{group.id}/handle_membership_request.json", params: { user_id: other_user.id, accept: true } }
|
|
.to change { Topic.count }.by(1)
|
|
.and change { Post.count }.by(1)
|
|
|
|
topic = Topic.last
|
|
expect(topic.archetype).to eq(Archetype.private_message)
|
|
expect(topic.title).to eq(I18n.t('groups.request_accepted_pm.title', group_name: group.name))
|
|
expect(topic.first_post.raw).to eq(I18n.t('groups.request_accepted_pm.body', group_name: group.name).strip)
|
|
end
|
|
end
|
|
|
|
describe "#histories" do
|
|
context 'when user is not signed in' do
|
|
it 'should raise the right error' do
|
|
get "/groups/#{group.name}/logs.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context 'when user is not a group owner' do
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'should be forbidden' do
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
|
|
describe 'when user is a group owner' do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
describe 'when viewing a public group' do
|
|
before do
|
|
group.update!(
|
|
public_admission: true,
|
|
public_exit: true
|
|
)
|
|
|
|
GroupActionLogger.new(user, group).log_change_group_settings
|
|
end
|
|
|
|
it 'should allow group owner to view history' do
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
result = response.parsed_body["logs"].find { |entry| entry["subject"] == "public_exit" }
|
|
|
|
expect(result["action"]).to eq(GroupHistory.actions[1].to_s)
|
|
expect(result["subject"]).to eq('public_exit')
|
|
expect(result["prev_value"]).to eq('f')
|
|
expect(result["new_value"]).to eq('t')
|
|
end
|
|
end
|
|
|
|
it 'should not be allowed to view history of an automatic group' do
|
|
group = Group.find_by(id: Group::AUTO_GROUPS[:admins])
|
|
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context 'when user is an admin' do
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
it 'should be able to view history' do
|
|
GroupActionLogger.new(admin, group).log_remove_user_from_group(user)
|
|
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
result = response.parsed_body["logs"].first
|
|
|
|
expect(result["action"]).to eq(GroupHistory.actions[3].to_s)
|
|
end
|
|
|
|
it 'should be able to view history of automatic groups' do
|
|
group = Group.find_by(id: Group::AUTO_GROUPS[:admins])
|
|
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it 'should be able to filter through the history' do
|
|
GroupActionLogger.new(admin, group).log_add_user_to_group(user)
|
|
GroupActionLogger.new(admin, group).log_remove_user_from_group(user)
|
|
|
|
get "/groups/#{group.name}/logs.json", params: {
|
|
filters: { "action" => "add_user_to_group" }
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
logs = response.parsed_body["logs"]
|
|
|
|
expect(logs.count).to eq(1)
|
|
expect(logs.first["action"]).to eq(GroupHistory.actions[2].to_s)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#request_membership' do
|
|
fab!(:new_user) { Fabricate(:user) }
|
|
|
|
it 'requires the user to log in' do
|
|
post "/groups/#{group.name}/request_membership.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it 'requires a reason' do
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json"
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it 'checks for duplicates' do
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json",
|
|
params: { reason: 'Please add me in' }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
post "/groups/#{group.name}/request_membership.json",
|
|
params: { reason: 'Please add me in' }
|
|
|
|
expect(response.status).to eq(409)
|
|
end
|
|
|
|
it 'should create the right PM' do
|
|
owner1 = Fabricate(:user, last_seen_at: Time.zone.now)
|
|
owner2 = Fabricate(:user, last_seen_at: Time.zone.now - 1 .day)
|
|
[owner1, owner2].each { |owner| group.add_owner(owner) }
|
|
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json",
|
|
params: { reason: 'Please add me in' }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
post = Post.last
|
|
topic = post.topic
|
|
body = response.parsed_body
|
|
|
|
expect(body['relative_url']).to eq(topic.relative_url)
|
|
expect(post.topic.custom_fields['requested_group_id'].to_i).to eq(group.id)
|
|
expect(post.user).to eq(user)
|
|
|
|
expect(topic.title).to eq(I18n.t('groups.request_membership_pm.title',
|
|
group_name: group.name
|
|
))
|
|
|
|
expect(post.raw).to start_with('Please add me in')
|
|
expect(topic.archetype).to eq(Archetype.private_message)
|
|
expect(topic.allowed_users).to contain_exactly(user, owner1, owner2)
|
|
expect(topic.allowed_groups).to eq([])
|
|
end
|
|
end
|
|
|
|
describe '#search ' do
|
|
fab!(:hidden_group) do
|
|
Fabricate(:group,
|
|
visibility_level: Group.visibility_levels[:owners],
|
|
name: 'KingOfTheNorth'
|
|
)
|
|
end
|
|
|
|
before do
|
|
group.update!(
|
|
name: 'GOT',
|
|
full_name: 'Daenerys Targaryen',
|
|
visibility_level: Group.visibility_levels[:logged_on_users]
|
|
)
|
|
|
|
hidden_group
|
|
end
|
|
|
|
context 'as an anon user' do
|
|
it "returns the right response" do
|
|
get '/groups/search.json'
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context 'as a normal user' do
|
|
it "returns the right response" do
|
|
sign_in(user)
|
|
|
|
get '/groups/search.json'
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expected_ids = Group::AUTO_GROUPS.map { |name, id| id }
|
|
expected_ids.delete(Group::AUTO_GROUPS[:everyone])
|
|
expected_ids << group.id
|
|
|
|
expect(groups.map { |group| group["id"] }).to contain_exactly(*expected_ids)
|
|
|
|
['GO', 'nerys'].each do |term|
|
|
get "/groups/search.json?term=#{term}"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups.length).to eq(1)
|
|
expect(groups.first['id']).to eq(group.id)
|
|
end
|
|
|
|
get "/groups/search.json?term=KingOfTheNorth"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups).to eq([])
|
|
end
|
|
end
|
|
|
|
context 'as a group owner' do
|
|
before do
|
|
hidden_group.add_owner(user)
|
|
end
|
|
|
|
it "returns the right response" do
|
|
sign_in(user)
|
|
|
|
get "/groups/search.json?term=north"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups.length).to eq(1)
|
|
expect(groups.first['id']).to eq(hidden_group.id)
|
|
end
|
|
end
|
|
|
|
context 'as an admin' do
|
|
it "returns the right response" do
|
|
sign_in(Fabricate(:admin))
|
|
|
|
get '/groups/search.json?ignore_automatic=true'
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups.length).to eq(2)
|
|
|
|
expect(groups.map { |group| group['id'] })
|
|
.to contain_exactly(group.id, hidden_group.id)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#new' do
|
|
describe 'for an anon user' do
|
|
it 'should return 404' do
|
|
get '/groups/custom/new'
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe 'for a normal user' do
|
|
before { sign_in(user) }
|
|
|
|
it 'should return 404' do
|
|
get '/groups/custom/new'
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe 'for an admin user' do
|
|
before { sign_in(Fabricate(:admin)) }
|
|
|
|
it 'should return 200' do
|
|
get '/groups/custom/new'
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#check_name' do
|
|
describe 'for an anon user' do
|
|
it 'should return the right response' do
|
|
get "/groups/check-name.json", params: { group_name: 'test' }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
it 'should return the right response' do
|
|
sign_in(Fabricate(:user))
|
|
SiteSetting.reserved_usernames = 'test|donkey'
|
|
get "/groups/check-name.json", params: { group_name: 'test' }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["available"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe "#permissions" do
|
|
before do
|
|
sign_in(other_user)
|
|
end
|
|
|
|
it "ensures the group can be seen" do
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
describe "with varying category permissions" do
|
|
fab!(:category) { Fabricate(:category) }
|
|
|
|
before do
|
|
category.set_permissions("#{group.name}": :full)
|
|
category.save!
|
|
end
|
|
|
|
it "does not return categories the user cannot see" do
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body).to eq([])
|
|
end
|
|
|
|
it "returns categories the user can see" do
|
|
group.add(other_user)
|
|
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.count).to eq(1)
|
|
expect(response.parsed_body.first["category"]["id"]).to eq(category.id)
|
|
end
|
|
end
|
|
|
|
it "returns categories alphabetically" do
|
|
sign_in(user)
|
|
|
|
["Three", "New Cat", "Abc", "Hello"].each do |name|
|
|
category = Fabricate(:category, name: name)
|
|
category.set_permissions("#{group.name}": :full)
|
|
category.save!
|
|
end
|
|
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.parsed_body.map { |permission| permission["category"]["name"] }).to eq(
|
|
["Abc", "Hello", "New Cat", "Three"]
|
|
)
|
|
end
|
|
end
|
|
end
|