mirror of
https://github.com/discourse/discourse.git
synced 2024-11-27 23:16:20 +08:00
6e8e3c3151
We'll now return a 400 error instead of 500. 400 is a better description of the issue, and also avoids creating unnecessary noise in the logs.
2635 lines
82 KiB
Ruby
2635 lines
82 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe GroupsController do
|
|
fab!(:user) { Fabricate(:user) }
|
|
fab!(:user2) { Fabricate(:user) }
|
|
fab!(:other_user) { Fabricate(:user) }
|
|
let(:group) { Fabricate(:group, users: [user]) }
|
|
let(:moderator_group_id) { Group::AUTO_GROUPS[:moderators] }
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
fab!(:moderator) { Fabricate(:moderator) }
|
|
|
|
describe "#index" do
|
|
let(:staff_group) do
|
|
Fabricate(:group, name: "staff_group", visibility_level: Group.visibility_levels[:staff])
|
|
end
|
|
|
|
it "ensures that groups can be paginated" do
|
|
50.times { Fabricate(:group) }
|
|
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].size).to eq(36)
|
|
expect(body["total_rows_groups"]).to eq(50)
|
|
expect(body["load_more_groups"]).to eq("/groups?page=1")
|
|
|
|
get "/groups.json", params: { page: 1 }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].size).to eq(14)
|
|
expect(body["total_rows_groups"]).to eq(50)
|
|
expect(body["load_more_groups"]).to eq("/groups?page=2")
|
|
end
|
|
|
|
it "only accepts valid page numbers" do
|
|
get "/groups.json", params: { page: -1 }
|
|
expect(response.status).to eq(400)
|
|
|
|
get "/groups.json", params: { page: 0 }
|
|
expect(response.status).to eq(200)
|
|
|
|
get "/groups.json", params: { page: 1 }
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
context "when group directory is disabled" do
|
|
before { SiteSetting.enable_group_directory = false }
|
|
|
|
it "should deny access for an anon" do
|
|
get "/groups.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "should deny access for a normal user" do
|
|
sign_in(user)
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "should allow access for an admin" do
|
|
sign_in(admin)
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "should allow access for a moderator" do
|
|
sign_in(moderator)
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context "with searchable" do
|
|
it "should return the searched groups" do
|
|
testing_group = Fabricate(:group, name: "testing")
|
|
|
|
get "/groups.json", params: { filter: "test" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].first["id"]).to eq(testing_group.id)
|
|
expect(body["load_more_groups"]).to eq("/groups?filter=test&page=1")
|
|
end
|
|
end
|
|
|
|
context "with sortable" do
|
|
before do
|
|
group
|
|
sign_in(user)
|
|
end
|
|
|
|
fab!(:group_with_2_users) do
|
|
Fabricate(:group, name: "other_group", users: [user, other_user])
|
|
end
|
|
|
|
context "with default (descending) order" do
|
|
it "sorts by name" do
|
|
get "/groups.json", params: { order: "name" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq(
|
|
[group_with_2_users.id, group.id, moderator_group_id],
|
|
)
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?order=name&page=1")
|
|
end
|
|
|
|
it "sorts by user_count" do
|
|
get "/groups.json", params: { order: "user_count" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq(
|
|
[group_with_2_users.id, moderator_group_id, group.id],
|
|
)
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?order=user_count&page=1")
|
|
end
|
|
end
|
|
|
|
context "with ascending order" do
|
|
it "sorts by name" do
|
|
get "/groups.json", params: { order: "name", asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq(
|
|
[moderator_group_id, group.id, group_with_2_users.id],
|
|
)
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?asc=true&order=name&page=1")
|
|
end
|
|
|
|
it "sorts by user_count" do
|
|
get "/groups.json", params: { order: "user_count", asc: "true" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["groups"].map { |g| g["id"] }).to eq(
|
|
[moderator_group_id, group.id, group_with_2_users.id],
|
|
)
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?asc=true&order=user_count&page=1")
|
|
end
|
|
end
|
|
end
|
|
|
|
it "should return the right response" do
|
|
group
|
|
staff_group
|
|
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
group_ids = body["groups"].map { |g| g["id"] }
|
|
|
|
expect(group_ids).to contain_exactly(group.id)
|
|
|
|
expect(body["load_more_groups"]).to eq("/groups?page=1")
|
|
expect(body["total_rows_groups"]).to eq(1)
|
|
expect(body["extras"]["type_filters"].map(&:to_sym)).to eq(
|
|
described_class::TYPE_FILTERS.keys - %i[my owner automatic non_automatic],
|
|
)
|
|
end
|
|
|
|
context "when viewing groups of another user" do
|
|
describe "when an invalid username is given" do
|
|
it "should return the right response" do
|
|
group
|
|
get "/groups.json", params: { username: "asdasd" }
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
it "should return the right response" do
|
|
u = Fabricate(:user)
|
|
m = Fabricate(:user)
|
|
o = Fabricate(:user)
|
|
|
|
levels = Group.visibility_levels.values
|
|
|
|
levels
|
|
.product(levels)
|
|
.each do |group_level, members_level|
|
|
g =
|
|
Fabricate(
|
|
:group,
|
|
name: "#{group_level}_#{members_level}",
|
|
visibility_level: group_level,
|
|
members_visibility_level: members_level,
|
|
users: [u],
|
|
)
|
|
|
|
if group_level == Group.visibility_levels[:members] ||
|
|
members_level == Group.visibility_levels[:members]
|
|
g.add(m)
|
|
end
|
|
if group_level == Group.visibility_levels[:owners] ||
|
|
members_level == Group.visibility_levels[:owners]
|
|
g.add_owner(o)
|
|
end
|
|
end
|
|
|
|
# anonymous user
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0")
|
|
|
|
# logged in user
|
|
sign_in(user)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly("0_0", "0_1", "1_0", "1_1")
|
|
|
|
# member of the group
|
|
sign_in(m)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly(
|
|
"0_0",
|
|
"0_1",
|
|
"0_2",
|
|
"1_0",
|
|
"1_1",
|
|
"1_2",
|
|
"2_0",
|
|
"2_1",
|
|
"2_2",
|
|
)
|
|
|
|
# owner
|
|
sign_in(o)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly(
|
|
"0_0",
|
|
"0_1",
|
|
"0_4",
|
|
"1_0",
|
|
"1_1",
|
|
"1_4",
|
|
"2_4",
|
|
"3_4",
|
|
"4_0",
|
|
"4_1",
|
|
"4_2",
|
|
"4_3",
|
|
"4_4",
|
|
)
|
|
|
|
# moderator
|
|
sign_in(moderator)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
expect(group_names).to contain_exactly(
|
|
"0_0",
|
|
"0_1",
|
|
"0_2",
|
|
"0_3",
|
|
"1_0",
|
|
"1_1",
|
|
"1_2",
|
|
"1_3",
|
|
"2_0",
|
|
"2_1",
|
|
"2_2",
|
|
"2_3",
|
|
"3_0",
|
|
"3_1",
|
|
"3_2",
|
|
"3_3",
|
|
)
|
|
|
|
# admin
|
|
sign_in(admin)
|
|
get "/groups.json", params: { username: u.username }
|
|
|
|
expect(response.status).to eq(200)
|
|
group_names = response.parsed_body["groups"].map { |g| g["name"] }
|
|
all_group_names = levels.product(levels).map { |a, b| "#{a}_#{b}" }
|
|
expect(group_names).to contain_exactly(*all_group_names)
|
|
end
|
|
end
|
|
|
|
context "when viewing as an admin" do
|
|
before do
|
|
sign_in(admin)
|
|
group.add(admin)
|
|
group.add_owner(admin)
|
|
end
|
|
|
|
it "should return the right response" do
|
|
staff_group
|
|
get "/groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
group_ids = body["groups"].map { |g| g["id"] }
|
|
group_body = body["groups"].find { |g| g["id"] == group.id }
|
|
|
|
expect(group_body["is_group_user"]).to eq(true)
|
|
expect(group_body["is_group_owner"]).to eq(true)
|
|
expect(group_ids).to include(group.id, staff_group.id)
|
|
expect(body["load_more_groups"]).to eq("/groups?page=1")
|
|
expect(body["total_rows_groups"]).to eq(10)
|
|
|
|
expect(body["extras"]["type_filters"].map(&:to_sym)).to eq(
|
|
described_class::TYPE_FILTERS.keys - [:non_automatic],
|
|
)
|
|
end
|
|
|
|
context "when filterable by type" do
|
|
def expect_type_to_return_right_groups(type, expected_group_ids)
|
|
get "/groups.json", params: { type: type }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
group_ids = body["groups"].map { |g| g["id"] }
|
|
|
|
expect(body["total_rows_groups"]).to eq(expected_group_ids.count)
|
|
expect(group_ids).to contain_exactly(*expected_group_ids)
|
|
end
|
|
|
|
describe "my groups" do
|
|
it "should return the groups admin is a member of" do
|
|
expect_type_to_return_right_groups("my", admin.group_users.map(&:group_id))
|
|
end
|
|
end
|
|
|
|
describe "owner groups" do
|
|
it "should return the groups admin is a owner of" do
|
|
group2 = Fabricate(:group)
|
|
_group3 = Fabricate(:group)
|
|
group2.add_owner(admin)
|
|
|
|
expect_type_to_return_right_groups(
|
|
"owner",
|
|
admin.group_users.where(owner: true).map(&:group_id),
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "automatic groups" do
|
|
it "should return the right response" do
|
|
expect_type_to_return_right_groups("automatic", Group::AUTO_GROUP_IDS.keys - [0])
|
|
end
|
|
end
|
|
|
|
describe "non automatic groups" do
|
|
it "should return the right response" do
|
|
group2 = Fabricate(:group)
|
|
expect_type_to_return_right_groups("non_automatic", [group.id, group2.id])
|
|
end
|
|
end
|
|
|
|
describe "public groups" do
|
|
it "should return the right response" do
|
|
group2 = Fabricate(:group, public_admission: true)
|
|
|
|
expect_type_to_return_right_groups("public", [group2.id])
|
|
end
|
|
end
|
|
|
|
describe "close groups" do
|
|
it "should return the right response" do
|
|
group2 = Fabricate(:group, public_admission: false)
|
|
_group3 = Fabricate(:group, public_admission: true)
|
|
|
|
expect_type_to_return_right_groups("close", [group.id, group2.id])
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "groups_index_query modifier" do
|
|
fab!(:user) { Fabricate(:user) }
|
|
fab!(:cool_group) { Fabricate(:group, name: "cool-group") }
|
|
fab!(:boring_group) { Fabricate(:group, name: "boring-group") }
|
|
|
|
it "allows changing the query" do
|
|
get "/groups.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["groups"].map { |g| g["id"] }).to include(
|
|
cool_group.id,
|
|
boring_group.id,
|
|
)
|
|
|
|
get "/groups.json", params: { filter: "cool" }
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["groups"].map { |g| g["id"] }).to include(cool_group.id)
|
|
expect(response.parsed_body["groups"].map { |g| g["id"] }).not_to include(boring_group.id)
|
|
|
|
Plugin::Instance
|
|
.new
|
|
.register_modifier(:groups_index_query) do |query|
|
|
query.where("groups.name LIKE 'cool%'")
|
|
end
|
|
|
|
get "/groups.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["groups"].map { |g| g["id"] }).to include(cool_group.id)
|
|
expect(response.parsed_body["groups"].map { |g| g["id"] }).not_to include(boring_group.id)
|
|
|
|
get "/groups.json", params: { filter: "boring" }
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["groups"].map { |g| g["id"] }).not_to include(
|
|
cool_group.id,
|
|
boring_group.id,
|
|
)
|
|
ensure
|
|
DiscoursePluginRegistry.clear_modifiers!
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#show" do
|
|
it "ensures the group can be seen" do
|
|
sign_in(user)
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "returns the right response" do
|
|
sign_in(user)
|
|
mod_group = Group.find(moderator_group_id)
|
|
get "/groups/#{group.name}.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["group"]["id"]).to eq(group.id)
|
|
expect(body["extras"]["visible_group_names"]).to eq([mod_group.name, group.name])
|
|
expect(response.headers["X-Robots-Tag"]).to eq("noindex")
|
|
end
|
|
|
|
context "as an admin" do
|
|
it "returns the right response" do
|
|
sign_in(admin)
|
|
get "/groups/#{group.name}.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["group"]["id"]).to eq(group.id)
|
|
|
|
groups = Group::AUTO_GROUPS.keys
|
|
groups.delete(:everyone)
|
|
groups.push(group.name)
|
|
|
|
expect(body["extras"]["visible_group_names"]).to contain_exactly(*groups.map(&:to_s))
|
|
end
|
|
end
|
|
|
|
it "should respond to HTML" do
|
|
group.update!(bio_raw: "testing **group** bio")
|
|
|
|
get "/groups/#{group.name}.html"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.body).to have_tag "title", text: "#{group.name} - #{SiteSetting.title}"
|
|
expect(response.body).to have_tag(:meta, with: { property: "og:title", content: group.name })
|
|
|
|
# note this uses an excerpt so it strips html
|
|
expect(response.body).to have_tag(
|
|
:meta,
|
|
with: {
|
|
property: "og:description",
|
|
content: "testing group bio",
|
|
},
|
|
)
|
|
end
|
|
|
|
describe "when viewing activity filters" do
|
|
it "should return the right response" do
|
|
get "/groups/#{group.name}/activity/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body["group"]
|
|
|
|
expect(body["id"]).to eq(group.id)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#posts" do
|
|
it "ensures the group can be seen" do
|
|
sign_in(user)
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "ensures the group members can be seen" do
|
|
sign_in(user)
|
|
group.update!(members_visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "calls `posts_for` and responds with JSON" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user: user)
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.first["id"]).to eq(post.id)
|
|
end
|
|
|
|
it "returns moderator actions" do
|
|
sign_in(user)
|
|
post = Fabricate(:post, user: user, post_type: Post.types[:moderator_action])
|
|
get "/groups/#{group.name}/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.first["id"]).to eq(post.id)
|
|
end
|
|
end
|
|
|
|
describe "#members" do
|
|
it "returns correct error code with invalid params" do
|
|
sign_in(user)
|
|
|
|
get "/groups/#{group.name}/members.json?limit=-1"
|
|
expect(response.status).to eq(400)
|
|
|
|
get "/groups/#{group.name}/members.json?offset=-1"
|
|
expect(response.status).to eq(400)
|
|
|
|
get "/groups/trust_level_0/members.json?limit=2000"
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "ensures the group can be seen" do
|
|
sign_in(user)
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/members.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "ensures the group members can be seen" do
|
|
group.update!(members_visibility_level: Group.visibility_levels[:logged_on_users])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { limit: 1 }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "ensures that membership can be paginated" do
|
|
freeze_time
|
|
|
|
first_user = Fabricate(:user)
|
|
group.add(first_user)
|
|
|
|
freeze_time 1.day.from_now
|
|
|
|
4.times { group.add(Fabricate(:user)) }
|
|
usernames = group.users.map { |m| m.username }.sort
|
|
|
|
get "/groups/#{group.name}/members.json", params: { limit: 3, asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["username"] }).to eq(usernames[0..2])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { limit: 3, offset: 3, asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["username"] }).to eq(usernames[3..5])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { order: "added_at" }
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.last["added_at"]).to eq(first_user.created_at.as_json)
|
|
end
|
|
|
|
it "can sort items" do
|
|
sign_in(user)
|
|
group.update!(visibility_level: Group.visibility_levels[:logged_on_users])
|
|
other_user = Fabricate(:user)
|
|
group.add_owner(other_user)
|
|
|
|
get "/groups/#{group.name}/members.json"
|
|
|
|
expect(response.parsed_body["members"].map { |u| u["id"] }).to eq([other_user.id, user.id])
|
|
expect(response.parsed_body["owners"].map { |u| u["id"] }).to eq([other_user.id])
|
|
|
|
get "/groups/#{group.name}/members.json?order=added_at&asc=1"
|
|
|
|
expect(response.parsed_body["members"].map { |u| u["id"] }).to eq([user.id, other_user.id])
|
|
expect(response.parsed_body["owners"].map { |u| u["id"] }).to eq([other_user.id])
|
|
end
|
|
end
|
|
|
|
describe "#posts_feed" do
|
|
it "renders RSS" do
|
|
get "/groups/#{group.name}/posts.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.media_type).to eq("application/rss+xml")
|
|
end
|
|
end
|
|
|
|
describe "#mentions_feed" do
|
|
it "renders RSS" do
|
|
get "/groups/#{group.name}/mentions.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.media_type).to eq("application/rss+xml")
|
|
end
|
|
|
|
it "fails when disabled" do
|
|
SiteSetting.enable_mentions = false
|
|
|
|
get "/groups/#{group.name}/mentions.rss"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe "#mentionable" do
|
|
it "should return the right response" do
|
|
sign_in(user)
|
|
|
|
group.update!(
|
|
mentionable_level: Group::ALIAS_LEVELS[:owners_mods_and_admins],
|
|
visibility_level: Group.visibility_levels[:logged_on_users],
|
|
)
|
|
|
|
get "/groups/#{group.name}/mentionable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["mentionable"]).to eq(false)
|
|
|
|
group.update!(
|
|
mentionable_level: Group::ALIAS_LEVELS[:everyone],
|
|
visibility_level: Group.visibility_levels[:staff],
|
|
)
|
|
|
|
get "/groups/#{group.name}/mentionable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["mentionable"]).to eq(true)
|
|
|
|
group.update!(
|
|
mentionable_level: Group::ALIAS_LEVELS[:nobody],
|
|
visibility_level: Group.visibility_levels[:public],
|
|
)
|
|
|
|
get "/groups/#{group.name}/mentionable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["mentionable"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe "#messageable" do
|
|
it "should return the right response" do
|
|
user.change_trust_level!(1)
|
|
sign_in(user)
|
|
|
|
get "/groups/#{group.name}/messageable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["messageable"]).to eq(false)
|
|
|
|
group.update!(
|
|
messageable_level: Group::ALIAS_LEVELS[:everyone],
|
|
visibility_level: Group.visibility_levels[:staff],
|
|
)
|
|
|
|
get "/groups/#{group.name}/messageable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["messageable"]).to eq(true)
|
|
|
|
SiteSetting.personal_message_enabled_groups = Group::AUTO_GROUPS[:staff]
|
|
|
|
get "/groups/#{group.name}/messageable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["messageable"]).to eq(true)
|
|
|
|
group.update!(messageable_level: Group::ALIAS_LEVELS[:only_admins])
|
|
|
|
get "/groups/#{group.name}/messageable.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
expect(body["messageable"]).to eq(false)
|
|
end
|
|
end
|
|
|
|
describe "#update" do
|
|
let!(:group) do
|
|
Fabricate(:group, name: "test", users: [user], public_admission: false, public_exit: false)
|
|
end
|
|
let(:category) { Fabricate(:category) }
|
|
let(:tag) { Fabricate(:tag) }
|
|
|
|
context "with custom_fields" do
|
|
before do
|
|
user.update!(admin: true)
|
|
sign_in(user)
|
|
plugin = Plugin::Instance.new
|
|
plugin.register_editable_group_custom_field :test
|
|
@group = Fabricate(:group)
|
|
end
|
|
|
|
after { DiscoursePluginRegistry.reset! }
|
|
|
|
it "only updates allowed user fields" do
|
|
put "/groups/#{@group.id}.json",
|
|
params: {
|
|
group: {
|
|
custom_fields: {
|
|
test: :hello1,
|
|
test2: :hello2,
|
|
},
|
|
},
|
|
}
|
|
|
|
@group.reload
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(@group.custom_fields["test"]).to eq("hello1")
|
|
expect(@group.custom_fields["test2"]).to be_blank
|
|
end
|
|
|
|
it "is secure when there are no registered editable fields" do
|
|
DiscoursePluginRegistry.reset!
|
|
put "/groups/#{@group.id}.json",
|
|
params: {
|
|
group: {
|
|
custom_fields: {
|
|
test: :hello1,
|
|
test2: :hello2,
|
|
},
|
|
},
|
|
}
|
|
|
|
@group.reload
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(@group.custom_fields["test"]).to be_blank
|
|
expect(@group.custom_fields["test2"]).to be_blank
|
|
end
|
|
end
|
|
|
|
context "when user is group owner" do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "should be able update the group" do
|
|
group.update!(
|
|
allow_membership_requests: false,
|
|
visibility_level: 2,
|
|
mentionable_level: 2,
|
|
messageable_level: 2,
|
|
default_notification_level: 0,
|
|
grant_trust_level: 0,
|
|
)
|
|
|
|
expect do
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
mentionable_level: 1,
|
|
messageable_level: 1,
|
|
visibility_level: 1,
|
|
automatic_membership_email_domains: "test.org",
|
|
title: "haha",
|
|
primary_group: true,
|
|
grant_trust_level: 1,
|
|
incoming_email: "test@mail.org",
|
|
flair_bg_color: "FFF",
|
|
flair_color: "BBB",
|
|
flair_icon: "fa-adjust",
|
|
bio_raw: "testing",
|
|
full_name: "awesome team",
|
|
public_admission: true,
|
|
public_exit: true,
|
|
allow_membership_requests: true,
|
|
membership_request_template: "testing",
|
|
default_notification_level: 1,
|
|
name: "testing",
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
update_existing_users: false,
|
|
}
|
|
end.to change { GroupHistory.count }.by(13)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
|
|
expect(group.flair_bg_color).to eq("FFF")
|
|
expect(group.flair_color).to eq("BBB")
|
|
expect(group.flair_url).to eq("fa-adjust")
|
|
expect(group.bio_raw).to eq("testing")
|
|
expect(group.full_name).to eq("awesome team")
|
|
expect(group.public_admission).to eq(true)
|
|
expect(group.public_exit).to eq(true)
|
|
expect(group.allow_membership_requests).to eq(true)
|
|
expect(group.membership_request_template).to eq("testing")
|
|
expect(group.name).to eq("test")
|
|
expect(group.visibility_level).to eq(2)
|
|
expect(group.mentionable_level).to eq(1)
|
|
expect(group.messageable_level).to eq(1)
|
|
expect(group.default_notification_level).to eq(1)
|
|
expect(group.automatic_membership_email_domains).to eq(nil)
|
|
expect(group.title).to eq("haha")
|
|
expect(group.primary_group).to eq(false)
|
|
expect(group.incoming_email).to eq(nil)
|
|
expect(group.grant_trust_level).to eq(0)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
end
|
|
|
|
it "should not be allowed to update automatic groups" do
|
|
group = Group.find(Group::AUTO_GROUPS[:admins])
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { messageable_level: 1 } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "when user is group admin" do
|
|
before { sign_in(admin) }
|
|
|
|
it "should be able to update the group" do
|
|
group.update!(visibility_level: 2, members_visibility_level: 2, grant_trust_level: 0)
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_color: "BBB",
|
|
name: "testing",
|
|
incoming_email: "test@mail.org",
|
|
primary_group: true,
|
|
automatic_membership_email_domains: "test.org",
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
update_existing_users: false,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_color).to eq("BBB")
|
|
expect(group.name).to eq("testing")
|
|
expect(group.incoming_email).to eq("test@mail.org")
|
|
expect(group.primary_group).to eq(true)
|
|
expect(group.visibility_level).to eq(1)
|
|
expect(group.members_visibility_level).to eq(3)
|
|
expect(group.automatic_membership_email_domains).to eq("test.org")
|
|
expect(group.grant_trust_level).to eq(2)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
|
|
expect(Jobs::AutomaticGroupMembership.jobs.first["args"].first["group_id"]).to eq(group.id)
|
|
end
|
|
|
|
it "they should be able to update an automatic group" do
|
|
group = Group.find(Group::AUTO_GROUPS[:admins])
|
|
|
|
group.update!(
|
|
visibility_level: 2,
|
|
mentionable_level: 2,
|
|
messageable_level: 2,
|
|
default_notification_level: 2,
|
|
)
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_bg_color: "FFF",
|
|
flair_color: "BBB",
|
|
flair_icon: "fa-adjust",
|
|
name: "testing",
|
|
visibility_level: 1,
|
|
mentionable_level: 1,
|
|
messageable_level: 1,
|
|
default_notification_level: 1,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
update_existing_users: false,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_bg_color).to eq("FFF")
|
|
expect(group.flair_color).to eq("BBB")
|
|
expect(group.flair_icon).to eq("fa-adjust")
|
|
expect(group.flair_url).to eq("fa-adjust")
|
|
expect(group.name).to eq("admins")
|
|
expect(group.visibility_level).to eq(1)
|
|
expect(group.mentionable_level).to eq(1)
|
|
expect(group.messageable_level).to eq(1)
|
|
expect(group.default_notification_level).to eq(1)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
end
|
|
|
|
it "triggers a extensibility event" do
|
|
event =
|
|
DiscourseEvent
|
|
.track_events do
|
|
put "/groups/#{group.id}.json", params: { group: { flair_color: "BBB" } }
|
|
end
|
|
.last
|
|
|
|
expect(event[:event_name]).to eq(:group_updated)
|
|
expect(event[:params].first).to eq(group)
|
|
end
|
|
|
|
context "with user default notifications" do
|
|
it "should update default notification preference for existing users" do
|
|
group.update!(default_notification_level: NotificationLevels.all[:watching])
|
|
user1 = Fabricate(:user)
|
|
group.add(user1)
|
|
group.add(user2)
|
|
group_user1 = user1.group_users.first
|
|
group_user2 = user2.group_users.first
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
default_notification_level: NotificationLevels.all[:tracking],
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["user_count"]).to eq(group.group_users.count)
|
|
expect(response.parsed_body["errors"].first).to include("update_existing_users")
|
|
expect(group_user1.reload.notification_level).to eq(NotificationLevels.all[:watching])
|
|
expect(group_user2.reload.notification_level).to eq(NotificationLevels.all[:watching])
|
|
|
|
group_user1.update!(notification_level: NotificationLevels.all[:regular])
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
default_notification_level: NotificationLevels.all[:tracking],
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["user_count"]).to eq(group.group_users.count - 1)
|
|
expect(group_user1.reload.notification_level).to eq(NotificationLevels.all[:regular])
|
|
expect(group_user2.reload.notification_level).to eq(NotificationLevels.all[:watching])
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
default_notification_level: NotificationLevels.all[:tracking],
|
|
},
|
|
update_existing_users: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["success"]).to eq("OK")
|
|
expect(group_user1.reload.notification_level).to eq(NotificationLevels.all[:regular])
|
|
expect(group_user2.reload.notification_level).to eq(NotificationLevels.all[:tracking])
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
default_notification_level: NotificationLevels.all[:regular],
|
|
},
|
|
update_existing_users: false,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["success"]).to eq("OK")
|
|
expect(group_user1.reload.notification_level).to eq(NotificationLevels.all[:regular])
|
|
expect(group_user2.reload.notification_level).to eq(NotificationLevels.all[:tracking])
|
|
end
|
|
|
|
it "should update category & tag notification preferences for existing users" do
|
|
user1 = Fabricate(:user)
|
|
CategoryUser.create!(user: user1, category: category, notification_level: 4)
|
|
TagUser.create!(user: user1, tag: tag, notification_level: 4)
|
|
TagUser.create!(user: user2, tag: tag, notification_level: 4)
|
|
group.add(user1)
|
|
group.add(user2)
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_color: "BBB",
|
|
name: "testing",
|
|
incoming_email: "test@mail.org",
|
|
primary_group: true,
|
|
automatic_membership_email_domains: "test.org",
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["user_count"]).to eq(group.group_users.count - 1)
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_color: "BBB",
|
|
name: "testing",
|
|
incoming_email: "test@mail.org",
|
|
primary_group: true,
|
|
automatic_membership_email_domains: "test.org",
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
update_existing_users: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["success"]).to eq("OK")
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_color: "BBB",
|
|
name: "testing",
|
|
incoming_email: "test@mail.org",
|
|
primary_group: true,
|
|
automatic_membership_email_domains: "test.org",
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
watching_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
update_existing_users: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["success"]).to eq("OK")
|
|
expect(
|
|
CategoryUser.exists?(user: user2, category: category, notification_level: 3),
|
|
).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when user is a site moderator" do
|
|
before do
|
|
SiteSetting.moderators_manage_categories_and_groups = true
|
|
sign_in(moderator)
|
|
end
|
|
|
|
it "should not be able to update the group if the SiteSetting is false" do
|
|
SiteSetting.moderators_manage_categories_and_groups = false
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { name: "testing" } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "should not be able to update a group it cannot see" do
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { name: "testing" } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "should be able to update the group" do
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_color: "BBB",
|
|
name: "testing",
|
|
incoming_email: "test@mail.org",
|
|
primary_group: true,
|
|
automatic_membership_email_domains: "test.org",
|
|
grant_trust_level: 2,
|
|
visibility_level: 1,
|
|
members_visibility_level: 3,
|
|
tracking_category_ids: [category.id],
|
|
tracking_tags: [tag.name],
|
|
},
|
|
update_existing_users: false,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_color).to eq("BBB")
|
|
expect(group.name).to eq("testing")
|
|
expect(group.incoming_email).to eq("test@mail.org")
|
|
expect(group.primary_group).to eq(true)
|
|
expect(group.visibility_level).to eq(1)
|
|
expect(group.members_visibility_level).to eq(3)
|
|
expect(group.automatic_membership_email_domains).to eq("test.org")
|
|
expect(group.grant_trust_level).to eq(2)
|
|
expect(group.group_category_notification_defaults.first&.category).to eq(category)
|
|
expect(group.group_tag_notification_defaults.first&.tag).to eq(tag)
|
|
|
|
expect(Jobs::AutomaticGroupMembership.jobs.first["args"].first["group_id"]).to eq(group.id)
|
|
end
|
|
|
|
it "should be able to update an automatic group" do
|
|
group = Group.find(Group::AUTO_GROUPS[:trust_level_4])
|
|
|
|
group.update!(mentionable_level: 2, messageable_level: 2, default_notification_level: 2)
|
|
|
|
put "/groups/#{group.id}.json",
|
|
params: {
|
|
group: {
|
|
flair_bg_color: "FFF",
|
|
flair_color: "BBB",
|
|
flair_icon: "fa-adjust",
|
|
mentionable_level: 1,
|
|
messageable_level: 1,
|
|
default_notification_level: 1,
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group.reload
|
|
expect(group.flair_bg_color).to eq("FFF")
|
|
expect(group.flair_color).to eq("BBB")
|
|
expect(group.flair_icon).to eq("fa-adjust")
|
|
expect(group.flair_url).to eq("fa-adjust")
|
|
expect(group.name).to eq("trust_level_4")
|
|
expect(group.mentionable_level).to eq(1)
|
|
expect(group.messageable_level).to eq(1)
|
|
expect(group.default_notification_level).to eq(1)
|
|
end
|
|
|
|
it "triggers a extensibility event" do
|
|
event =
|
|
DiscourseEvent
|
|
.track_events do
|
|
put "/groups/#{group.id}.json", params: { group: { flair_color: "BBB" } }
|
|
end
|
|
.last
|
|
|
|
expect(event[:event_name]).to eq(:group_updated)
|
|
expect(event[:params].first).to eq(group)
|
|
end
|
|
end
|
|
|
|
context "when user is not a group owner or admin" do
|
|
it "should not be able to update the group" do
|
|
sign_in(user)
|
|
|
|
put "/groups/#{group.id}.json", params: { group: { name: "testing" } }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#members" do
|
|
let(:user1) do
|
|
Fabricate(
|
|
:user,
|
|
last_seen_at: Time.zone.now,
|
|
last_posted_at: Time.zone.now - 1.day,
|
|
email: "b@test.org",
|
|
)
|
|
end
|
|
|
|
let(:user2) do
|
|
Fabricate(
|
|
:user,
|
|
last_seen_at: Time.zone.now - 1.day,
|
|
last_posted_at: Time.zone.now,
|
|
email: "a@test.org",
|
|
)
|
|
end
|
|
|
|
fab!(:user3) { Fabricate(:user, last_seen_at: nil, last_posted_at: nil, email: "c@test.org") }
|
|
|
|
fab!(:bot) { Fabricate(:bot) }
|
|
let(:group) { Fabricate(:group, users: [user1, user2, user3, bot]) }
|
|
|
|
it "should allow members to be sorted by" do
|
|
get "/groups/#{group.name}/members.json", params: { order: "last_seen_at" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user1.id, user2.id, user3.id])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { order: "last_seen_at", asc: true }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user2.id, user1.id, user3.id])
|
|
|
|
get "/groups/#{group.name}/members.json", params: { order: "last_posted_at" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to eq([user2.id, user1.id, user3.id])
|
|
end
|
|
|
|
it "should not allow members to be sorted by columns that are not allowed" do
|
|
get "/groups/#{group.name}/members.json", params: { order: "email" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
members = response.parsed_body["members"]
|
|
|
|
expect(members.map { |m| m["id"] }).to contain_exactly(user1.id, user2.id, user3.id)
|
|
end
|
|
|
|
it "can show group requests" do
|
|
sign_in(admin)
|
|
|
|
user4 = Fabricate(:user)
|
|
request4 = Fabricate(:group_request, user: user4, group: group)
|
|
|
|
get "/groups/#{group.name}/members.json", params: { requesters: true }
|
|
|
|
members = response.parsed_body["members"]
|
|
expect(members.length).to eq(1)
|
|
expect(members.first["username"]).to eq(user4.username)
|
|
expect(members.first["reason"]).to eq(request4.reason)
|
|
end
|
|
|
|
describe "filterable" do
|
|
describe "as a normal user" do
|
|
it "should not allow members to be filterable by email" do
|
|
email = "uniquetest@discourse.org"
|
|
user1.update!(email: email)
|
|
|
|
get "/groups/#{group.name}/members.json", params: { filter: email }
|
|
|
|
expect(response.status).to eq(200)
|
|
members = response.parsed_body["members"]
|
|
expect(members).to eq([])
|
|
end
|
|
end
|
|
|
|
describe "as an admin" do
|
|
before { sign_in(admin) }
|
|
|
|
it "should allow members to be filterable by username" do
|
|
email = "uniquetest@discourse.org"
|
|
user1.update!(email: email)
|
|
|
|
{
|
|
email.upcase => [user1.id],
|
|
"QUEtes" => [user1.id],
|
|
"#{user1.email},#{user2.email}" => [user1.id, user2.id],
|
|
}.each do |filter, ids|
|
|
get "/groups/#{group.name}/members.json", params: { filter: filter }
|
|
|
|
expect(response.status).to eq(200)
|
|
members = response.parsed_body["members"]
|
|
expect(members.map { |m| m["id"] }).to contain_exactly(*ids)
|
|
end
|
|
end
|
|
|
|
it "should allow members to be filterable by email" do
|
|
username = "uniquetest"
|
|
user1.update!(username: username)
|
|
|
|
[username.upcase, "QUEtes"].each do |filter|
|
|
get "/groups/#{group.name}/members.json", params: { filter: filter }
|
|
|
|
expect(response.status).to eq(200)
|
|
members = response.parsed_body["members"]
|
|
expect(members.map { |m| m["id"] }).to contain_exactly(user1.id)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#edit" do
|
|
fab!(:group) { Fabricate(:group) }
|
|
|
|
context "when user is not signed in" do
|
|
it "should be forbidden" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response).to be_forbidden
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
context "with public group" do
|
|
it "should be forbidden" do
|
|
group.update!(public_admission: true, public_exit: true)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response.status).to eq(403)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when user is not an owner of the group" do
|
|
before { sign_in(user) }
|
|
|
|
it "refuses membership changes to unauthorized users" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response).to be_forbidden
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
|
|
context "when user is an admin" do
|
|
fab!(:group) { Fabricate(:group, users: [admin], automatic: true) }
|
|
|
|
before { sign_in(admin) }
|
|
|
|
it "cannot add members to automatic groups" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "bob" }
|
|
expect(response).to be_forbidden
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: "bob" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "membership edits" do
|
|
describe "#add_members" do
|
|
before { sign_in(admin) }
|
|
|
|
it "can make incremental adds" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user2.username }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group_history = GroupHistory.last
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:add_user_to_group])
|
|
expect(group_history.acting_user).to eq(admin)
|
|
expect(group_history.target_user).to eq(user2)
|
|
end
|
|
|
|
it "cannot add members to automatic groups" do
|
|
group.update!(automatic: true)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { usernames: "l77t" }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "does not notify users when the param is not present" do
|
|
expect {
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user2.username }
|
|
}.not_to change { Topic.where(archetype: "private_message").count }
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "notifies users when the param is present" do
|
|
expect {
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
usernames: user2.username,
|
|
notify_users: true,
|
|
}
|
|
}.to change { Topic.where(archetype: "private_message").count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(Topic.last.topic_users.map(&:user_id)).to include(
|
|
Discourse::SYSTEM_USER_ID,
|
|
user2.id,
|
|
)
|
|
end
|
|
|
|
it "does not add users without sufficient permission" do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { usernames: other_user.username }
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "does not send invites if user cannot invite" do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { emails: "test@example.com" }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
context "when is able to add several members to a group" do
|
|
fab!(:user1) { Fabricate(:user) }
|
|
fab!(:user2) { Fabricate(:user, username: "UsEr2") }
|
|
|
|
it "adds by username" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
usernames: [user1.username, user2.username.upcase].join(","),
|
|
}
|
|
end.to change { group.users.count }.by(2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "adds by id" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
user_ids: [user1.id, user2.id].join(","),
|
|
}
|
|
end.to change { group.users.count }.by(2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "adds by email" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
user_emails: [user1.email, user2.email].join(","),
|
|
}
|
|
end.to change { group.users.count }.by(2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "adds missing users even if some exists" do
|
|
user2.update!(username: "alice")
|
|
user3 = Fabricate(:user, username: "bob")
|
|
[user2, user3].each { |user| group.add(user) }
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
user_emails: [user1.email, user2.email, user3.email].join(","),
|
|
}
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "sends invites to new users and ignores existing users" do
|
|
user1.update!(username: "john")
|
|
user2.update!(username: "alice")
|
|
[user1, user2].each { |user| group.add(user) }
|
|
emails = %w[something@gmail.com anotherone@yahoo.com]
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
user_emails: [user1.email, user2.email].join(","),
|
|
emails: emails.join(","),
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["emails"]).to eq(emails)
|
|
|
|
emails.each do |email|
|
|
invite = Invite.find_by(email: email)
|
|
expect(invite.groups).to eq([group])
|
|
end
|
|
end
|
|
|
|
it "displays warning when all members already exists" do
|
|
user1.update!(username: "john")
|
|
user2.update!(username: "alice")
|
|
user3 = Fabricate(:user, username: "bob")
|
|
[user1, user2, user3].each { |user| group.add(user) }
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
user_emails: [user1.email, user2.email, user3.email].join(","),
|
|
}
|
|
end.not_to change { group.users.count }
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("groups.errors.member_already_exist", username: "alice, bob, john", count: 3),
|
|
)
|
|
end
|
|
|
|
it "display error when try to add to many users at once" do
|
|
stub_const(GroupsController, "ADD_MEMBERS_LIMIT", 1) do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
user_emails: [user1.email, user2.email].join(","),
|
|
}
|
|
end.not_to change { group.reload.users.count }
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("groups.errors.adding_too_many_users", count: 1),
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
it "returns 422 if member already exists" do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: user.username }
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("groups.errors.member_already_exist", username: user.username, count: 1),
|
|
)
|
|
end
|
|
|
|
it "returns 400 if member is not found" do
|
|
[
|
|
{ usernames: "some thing" },
|
|
{ user_ids: "-5,-6" },
|
|
{ user_emails: "some@test.org" },
|
|
].each do |params|
|
|
put "/groups/#{group.id}/members.json", params: params
|
|
|
|
expect(response.status).to eq(400)
|
|
|
|
body = response.parsed_body
|
|
|
|
expect(body["error_type"]).to eq("invalid_parameters")
|
|
end
|
|
end
|
|
|
|
it "return a 400 if no user or emails are present" do
|
|
[
|
|
{ usernames: "nouserwiththisusername", emails: "" },
|
|
{ usernames: "", emails: "" },
|
|
].each do |params|
|
|
put "/groups/#{group.id}/members.json", params: params
|
|
expect(response.status).to eq(400)
|
|
body = response.parsed_body
|
|
|
|
expect(body["error_type"]).to eq("invalid_parameters")
|
|
end
|
|
end
|
|
|
|
it "will send invites to each email with group_id set" do
|
|
emails = %w[something@gmail.com anotherone@yahoo.com]
|
|
put "/groups/#{group.id}/members.json", params: { emails: emails.join(",") }
|
|
|
|
expect(response.status).to eq(200)
|
|
body = response.parsed_body
|
|
|
|
expect(body["emails"]).to eq(emails)
|
|
|
|
emails.each do |email|
|
|
invite = Invite.find_by(email: email)
|
|
expect(invite.groups).to eq([group])
|
|
end
|
|
end
|
|
|
|
it "adds known users by email when DiscourseConnect is enabled" do
|
|
SiteSetting.discourse_connect_url = "https://www.example.com/sso"
|
|
SiteSetting.enable_discourse_connect = true
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/members.json", params: { emails: other_user.email }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "will find users by email, and invite the correct user" do
|
|
new_user = Fabricate(:user)
|
|
expect(new_user.group_ids.include?(group.id)).to eq(false)
|
|
|
|
put "/groups/#{group.id}/members.json", params: { emails: new_user.email }
|
|
|
|
expect(new_user.reload.group_ids.include?(group.id)).to eq(true)
|
|
end
|
|
|
|
it "will invite the user if their username and email are both invited" do
|
|
new_user = Fabricate(:user)
|
|
put "/groups/#{group.id}/members.json",
|
|
params: {
|
|
usernames: new_user.username,
|
|
emails: new_user.email,
|
|
}
|
|
expect(response.status).to eq(200)
|
|
expect(new_user.reload.group_ids.include?(group.id)).to eq(true)
|
|
end
|
|
|
|
context "with public group" do
|
|
before { group.update!(public_admission: true, public_exit: true) }
|
|
|
|
context "when admin" do
|
|
it "can make incremental adds" do
|
|
expect do
|
|
put "/groups/#{group.id}/members.json", params: { usernames: other_user.username }
|
|
end.to change { group.users.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
group_history = GroupHistory.last
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:add_user_to_group])
|
|
expect(group_history.acting_user).to eq(admin)
|
|
expect(group_history.target_user).to eq(other_user)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#add_owners" do
|
|
context "when logged in as an admin" do
|
|
before { sign_in(admin) }
|
|
|
|
it "should work" do
|
|
put "/groups/#{group.id}/owners.json",
|
|
params: {
|
|
usernames: [user.username, admin.username].join(","),
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
response_body = response.parsed_body
|
|
|
|
expect(response_body["usernames"]).to contain_exactly(user.username, admin.username)
|
|
|
|
expect(group.group_users.where(owner: true).map(&:user)).to contain_exactly(user, admin)
|
|
end
|
|
|
|
it "returns not-found error when there is no group" do
|
|
group.destroy!
|
|
|
|
put "/groups/#{group.id}/owners.json", params: { usernames: user.username }
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "does not allow adding owners to an automatic group" do
|
|
group.update!(automatic: true)
|
|
|
|
expect do
|
|
put "/groups/#{group.id}/owners.json", params: { usernames: user.username }
|
|
end.to_not change { group.group_users.count }
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to eq(
|
|
[I18n.t("groups.errors.can_not_modify_automatic")],
|
|
)
|
|
end
|
|
|
|
it "does not notify users when the param is not present" do
|
|
put "/groups/#{group.id}/owners.json", params: { usernames: user.username }
|
|
expect(response.status).to eq(200)
|
|
|
|
topic =
|
|
Topic.find_by(
|
|
title:
|
|
I18n.t(
|
|
"system_messages.user_added_to_group_as_owner.subject_template",
|
|
group_name: group.name,
|
|
),
|
|
archetype: "private_message",
|
|
)
|
|
expect(topic.nil?).to eq(true)
|
|
end
|
|
|
|
it "notifies users when the param is present" do
|
|
put "/groups/#{group.id}/owners.json",
|
|
params: {
|
|
usernames: user.username,
|
|
notify_users: true,
|
|
}
|
|
expect(response.status).to eq(200)
|
|
|
|
topic =
|
|
Topic.find_by(
|
|
title:
|
|
I18n.t(
|
|
"system_messages.user_added_to_group_as_owner.subject_template",
|
|
group_name: group.name,
|
|
),
|
|
archetype: "private_message",
|
|
)
|
|
expect(topic.nil?).to eq(false)
|
|
expect(topic.topic_users.map(&:user_id)).to include(-1, user.id)
|
|
end
|
|
end
|
|
|
|
context "when logged in as a moderator" do
|
|
before { sign_in(moderator) }
|
|
|
|
context "with moderators_manage_categories_and_groups enabled" do
|
|
before { SiteSetting.moderators_manage_categories_and_groups = true }
|
|
|
|
it "adds owners" do
|
|
put "/groups/#{group.id}/owners.json",
|
|
params: {
|
|
usernames: [user.username, admin.username, moderator.username].join(","),
|
|
}
|
|
|
|
response_body = response.parsed_body
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response_body["usernames"]).to contain_exactly(
|
|
user.username,
|
|
admin.username,
|
|
moderator.username,
|
|
)
|
|
expect(group.group_users.where(owner: true).map(&:user)).to contain_exactly(
|
|
user,
|
|
admin,
|
|
moderator,
|
|
)
|
|
end
|
|
end
|
|
|
|
context "with moderators_manage_categories_and_groups disabled" do
|
|
before { SiteSetting.moderators_manage_categories_and_groups = false }
|
|
|
|
it "prevents adding of owners with a 403 response" do
|
|
put "/groups/#{group.id}/owners.json",
|
|
params: {
|
|
usernames: [user.username, admin.username, moderator.username].join(","),
|
|
}
|
|
|
|
expect(response.status).to eq(403)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
|
|
expect(group.group_users.where(owner: true).map(&:user)).to be_empty
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when logged in as a non-owner" do
|
|
before { sign_in(user) }
|
|
|
|
it "prevents adding of owners with a 403 response" do
|
|
put "/groups/#{group.id}/owners.json",
|
|
params: {
|
|
usernames: [user.username, admin.username].join(","),
|
|
}
|
|
|
|
expect(response.status).to eq(403)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
|
|
expect(group.group_users.where(owner: true).map(&:user)).to be_empty
|
|
end
|
|
end
|
|
|
|
context "when logged in as an owner" do
|
|
before { sign_in(user) }
|
|
|
|
it "allows adding new owners" do
|
|
group.add_owner(user)
|
|
|
|
put "/groups/#{group.id}/owners.json",
|
|
params: {
|
|
usernames: [user.username, admin.username].join(","),
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["usernames"]).to contain_exactly(
|
|
user.username,
|
|
admin.username,
|
|
)
|
|
expect(group.group_users.where(owner: true).map(&:user)).to contain_exactly(user, admin)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#join" do
|
|
let(:public_group) { Fabricate(:public_group) }
|
|
|
|
it "should allow a user to join a public group" do
|
|
sign_in(user)
|
|
|
|
expect do put "/groups/#{public_group.id}/join.json" end.to change {
|
|
public_group.users.count
|
|
}.by(1)
|
|
|
|
expect(response.status).to eq(204)
|
|
end
|
|
|
|
it "should not allow a user to join a nonpublic group" do
|
|
sign_in(user)
|
|
|
|
expect do put "/groups/#{group.id}/join.json" end.not_to change { group.users.count }
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "should not allow an anonymous user to call the join method" do
|
|
expect do put "/groups/#{group.id}/join.json" end.not_to change { group.users.count }
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "the join method is idempotent" do
|
|
sign_in(user)
|
|
|
|
expect do put "/groups/#{public_group.id}/join.json" end.to change {
|
|
public_group.users.count
|
|
}.by(1)
|
|
expect(response.status).to eq(204)
|
|
|
|
expect do put "/groups/#{public_group.id}/join.json" end.not_to change {
|
|
public_group.users.count
|
|
}
|
|
expect(response.status).to eq(204)
|
|
|
|
expect do put "/groups/#{public_group.id}/join.json" end.not_to change {
|
|
public_group.users.count
|
|
}
|
|
expect(response.status).to eq(204)
|
|
end
|
|
end
|
|
|
|
describe "#remove_member" do
|
|
before { sign_in(admin) }
|
|
|
|
it "cannot remove members from automatic groups" do
|
|
group.update!(automatic: true)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: 42 }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "raises an error if user to be removed is not found" do
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: -10 }
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "returns skipped_usernames response body when removing a valid user but is not a member of that group" do
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: -1 }
|
|
|
|
response_body = response.parsed_body
|
|
expect(response.status).to eq(200)
|
|
expect(response_body["usernames"]).to eq([])
|
|
expect(response_body["skipped_usernames"].first).to eq("system")
|
|
end
|
|
|
|
context "when is able to remove a member" do
|
|
it "removes by id" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: user.id }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by id with integer in json" do
|
|
expect do
|
|
headers = { CONTENT_TYPE: "application/json" }
|
|
delete "/groups/#{group.id}/members.json",
|
|
params: "{\"user_id\":#{user.id}}",
|
|
headers: headers
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by username" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json", params: { username: user.username }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes user.primary_group_id when user is removed from group" do
|
|
user.update!(primary_group_id: group.id)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { user_id: user.id }
|
|
|
|
expect(user.reload.primary_group_id).to eq(nil)
|
|
end
|
|
|
|
it "removes by user_email" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json", params: { user_email: user.email }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
context "with public group" do
|
|
let(:group) { Fabricate(:public_group, users: [other_user]) }
|
|
|
|
context "when admin" do
|
|
it "removes by username" do
|
|
expect do
|
|
delete "/groups/#{group.id}/members.json", params: { username: other_user.username }
|
|
end.to change { group.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
it "should not allow a underprivileged user to leave a group for another user" do
|
|
sign_in(user)
|
|
|
|
delete "/groups/#{group.id}/members.json", params: { username: other_user.username }
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#remove_members" do
|
|
context "when is able to remove several members from a group" do
|
|
fab!(:user1) { Fabricate(:user) }
|
|
fab!(:user2) { Fabricate(:user, username: "UsEr2") }
|
|
let(:group1) { Fabricate(:group, users: [user1, user2]) }
|
|
|
|
it "removes by username" do
|
|
expect do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: {
|
|
usernames: [user1.username, user2.username.upcase].join(","),
|
|
}
|
|
end.to change { group1.users.count }.by(-2)
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by id" do
|
|
expect do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: {
|
|
user_ids: [user1.id, user2.id].join(","),
|
|
}
|
|
end.to change { group1.users.count }.by(-2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by id with integer in json" do
|
|
expect do
|
|
headers = { CONTENT_TYPE: "application/json" }
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: "{\"user_ids\":#{user1.id}}",
|
|
headers: headers
|
|
end.to change { group1.users.count }.by(-1)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "removes by email" do
|
|
expect do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: {
|
|
user_emails: [user1.email, user2.email].join(","),
|
|
}
|
|
end.to change { group1.users.count }.by(-2)
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "only removes users in that group" do
|
|
delete "/groups/#{group1.id}/members.json",
|
|
params: {
|
|
usernames: [user.username, user2.username].join(","),
|
|
}
|
|
|
|
response_body = response.parsed_body
|
|
expect(response.status).to eq(200)
|
|
expect(response_body["usernames"].first).to eq(user2.username)
|
|
expect(response_body["skipped_usernames"].first).to eq(user.username)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#leave" do
|
|
let(:group_with_public_exit) { Fabricate(:group, public_exit: true, users: [user]) }
|
|
|
|
it "should allow a user to leave a group with public exit" do
|
|
sign_in(user)
|
|
|
|
expect do delete "/groups/#{group_with_public_exit.id}/leave.json" end.to change {
|
|
group_with_public_exit.users.count
|
|
}.by(-1)
|
|
|
|
expect(response.status).to eq(204)
|
|
end
|
|
|
|
it "should not allow a user to leave a group without public exit" do
|
|
sign_in(user)
|
|
|
|
expect do delete "/groups/#{group.id}/leave.json" end.not_to change { group.users.count }
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "should not allow an anonymous user to call the leave method" do
|
|
expect do delete "/groups/#{group_with_public_exit.id}/leave.json" end.not_to change {
|
|
group_with_public_exit.users.count
|
|
}
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "the leave method is idempotent" do
|
|
sign_in(user)
|
|
|
|
expect do delete "/groups/#{group_with_public_exit.id}/leave.json" end.to change {
|
|
group_with_public_exit.users.count
|
|
}.by(-1)
|
|
expect(response.status).to eq(204)
|
|
|
|
expect do delete "/groups/#{group_with_public_exit.id}/leave.json" end.not_to change {
|
|
group_with_public_exit.users.count
|
|
}
|
|
expect(response.status).to eq(204)
|
|
|
|
expect do delete "/groups/#{group_with_public_exit.id}/leave.json" end.not_to change {
|
|
group_with_public_exit.users.count
|
|
}
|
|
expect(response.status).to eq(204)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#handle_membership_request" do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "sends a private message when accepted" do
|
|
GroupRequest.create!(group: group, user: other_user)
|
|
expect {
|
|
put "/groups/#{group.id}/handle_membership_request.json",
|
|
params: {
|
|
user_id: other_user.id,
|
|
accept: true,
|
|
}
|
|
}.to change { Topic.count }.by(1).and change { Post.count }.by(1)
|
|
|
|
topic = Topic.last
|
|
expect(topic.archetype).to eq(Archetype.private_message)
|
|
expect(topic.title).to eq(I18n.t("groups.request_accepted_pm.title", group_name: group.name))
|
|
expect(topic.first_post.raw).to eq(
|
|
I18n.t("groups.request_accepted_pm.body", group_name: group.name).strip,
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "#histories" do
|
|
context "when user is not signed in" do
|
|
it "should raise the right error" do
|
|
get "/groups/#{group.name}/logs.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "when user is not a group owner" do
|
|
before { sign_in(user) }
|
|
|
|
it "should be forbidden" do
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
|
|
describe "when user is a group owner" do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
describe "when viewing a public group" do
|
|
before do
|
|
group.update!(public_admission: true, public_exit: true)
|
|
|
|
GroupActionLogger.new(user, group).log_change_group_settings
|
|
end
|
|
|
|
it "should allow group owner to view history" do
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
result = response.parsed_body["logs"].find { |entry| entry["subject"] == "public_exit" }
|
|
|
|
expect(result["action"]).to eq(GroupHistory.actions[1].to_s)
|
|
expect(result["subject"]).to eq("public_exit")
|
|
expect(result["prev_value"]).to eq("f")
|
|
expect(result["new_value"]).to eq("t")
|
|
end
|
|
end
|
|
|
|
it "should not be allowed to view history of an automatic group" do
|
|
group = Group.find_by(id: Group::AUTO_GROUPS[:admins])
|
|
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "when user is an admin" do
|
|
before { sign_in(admin) }
|
|
|
|
it "should be able to view history" do
|
|
GroupActionLogger.new(admin, group).log_remove_user_from_group(user)
|
|
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
result = response.parsed_body["logs"].first
|
|
|
|
expect(result["action"]).to eq(GroupHistory.actions[3].to_s)
|
|
end
|
|
|
|
it "should be able to view history of automatic groups" do
|
|
group = Group.find_by(id: Group::AUTO_GROUPS[:admins])
|
|
|
|
get "/groups/#{group.name}/logs.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "should be able to filter through the history" do
|
|
GroupActionLogger.new(admin, group).log_add_user_to_group(user)
|
|
GroupActionLogger.new(admin, group).log_remove_user_from_group(user)
|
|
|
|
get "/groups/#{group.name}/logs.json",
|
|
params: {
|
|
filters: {
|
|
"action" => "add_user_to_group",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
logs = response.parsed_body["logs"]
|
|
|
|
expect(logs.count).to eq(1)
|
|
expect(logs.first["action"]).to eq(GroupHistory.actions[2].to_s)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#request_membership" do
|
|
fab!(:new_user) { Fabricate(:user) }
|
|
|
|
it "requires the user to log in" do
|
|
post "/groups/#{group.name}/request_membership.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "requires a reason" do
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json"
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "checks for duplicates" do
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json", params: { reason: "Please add me in" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
post "/groups/#{group.name}/request_membership.json", params: { reason: "Please add me in" }
|
|
|
|
expect(response.status).to eq(409)
|
|
end
|
|
|
|
it "limits the character count of the reason" do
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json",
|
|
params: {
|
|
reason: "x" * (GroupRequest::REASON_CHARACTER_LIMIT + 1),
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to contain_exactly(
|
|
"Reason is too long (maximum is 5000 characters)",
|
|
)
|
|
end
|
|
|
|
it "should create the right PM" do
|
|
owner1 = Fabricate(:user, last_seen_at: Time.zone.now)
|
|
owner2 = Fabricate(:user, last_seen_at: Time.zone.now - 1.day)
|
|
[owner1, owner2].each { |owner| group.add_owner(owner) }
|
|
|
|
sign_in(user)
|
|
|
|
post "/groups/#{group.name}/request_membership.json", params: { reason: "Please add me in" }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
post = Post.last
|
|
topic = post.topic
|
|
body = response.parsed_body
|
|
|
|
expect(body["relative_url"]).to eq(topic.relative_url)
|
|
expect(post.topic.custom_fields["requested_group_id"].to_i).to eq(group.id)
|
|
expect(post.user).to eq(user)
|
|
|
|
expect(topic.title).to eq(
|
|
I18n.t("groups.request_membership_pm.title", group_name: group.name),
|
|
)
|
|
|
|
expect(post.raw).to start_with("Please add me in")
|
|
expect(topic.archetype).to eq(Archetype.private_message)
|
|
expect(topic.allowed_users).to contain_exactly(user, owner1, owner2)
|
|
expect(topic.allowed_groups).to eq([])
|
|
end
|
|
end
|
|
|
|
describe "#search " do
|
|
fab!(:hidden_group) do
|
|
Fabricate(:group, visibility_level: Group.visibility_levels[:owners], name: "KingOfTheNorth")
|
|
end
|
|
|
|
before do
|
|
group.update!(
|
|
name: "GOT",
|
|
full_name: "Daenerys Targaryen",
|
|
visibility_level: Group.visibility_levels[:logged_on_users],
|
|
)
|
|
|
|
hidden_group
|
|
end
|
|
|
|
context "as an anon user" do
|
|
it "returns the right response" do
|
|
get "/groups/search.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "as a normal user" do
|
|
it "returns the right response" do
|
|
sign_in(user)
|
|
|
|
get "/groups/search.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expected_ids = Group::AUTO_GROUPS.map { |name, id| id }
|
|
expected_ids.delete(Group::AUTO_GROUPS[:everyone])
|
|
expected_ids << group.id
|
|
|
|
expect(groups.map { |group| group["id"] }).to contain_exactly(*expected_ids)
|
|
|
|
%w[GO nerys].each do |term|
|
|
get "/groups/search.json?term=#{term}"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups.length).to eq(1)
|
|
expect(groups.first["id"]).to eq(group.id)
|
|
end
|
|
|
|
get "/groups/search.json?term=KingOfTheNorth"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups).to eq([])
|
|
end
|
|
end
|
|
|
|
context "as a group owner" do
|
|
before { hidden_group.add_owner(user) }
|
|
|
|
it "returns the right response" do
|
|
sign_in(user)
|
|
|
|
get "/groups/search.json?term=north"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups.length).to eq(1)
|
|
expect(groups.first["id"]).to eq(hidden_group.id)
|
|
end
|
|
end
|
|
|
|
context "as an admin" do
|
|
it "returns the right response" do
|
|
sign_in(admin)
|
|
|
|
get "/groups/search.json?ignore_automatic=true"
|
|
|
|
expect(response.status).to eq(200)
|
|
groups = response.parsed_body
|
|
|
|
expect(groups.length).to eq(2)
|
|
|
|
expect(groups.map { |group| group["id"] }).to contain_exactly(group.id, hidden_group.id)
|
|
end
|
|
end
|
|
|
|
describe "groups_search_query modifier" do
|
|
fab!(:user) { Fabricate(:user) }
|
|
fab!(:cool_group) { Fabricate(:group, name: "cool-group") }
|
|
fab!(:boring_group) { Fabricate(:group, name: "boring-group") }
|
|
|
|
before { sign_in(user) }
|
|
|
|
it "allows changing the query" do
|
|
get "/groups/search.json", params: { term: "cool" }
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.map { |g| g["id"] }).to include(cool_group.id)
|
|
expect(response.parsed_body.map { |g| g["id"] }).not_to include(boring_group.id)
|
|
|
|
Plugin::Instance
|
|
.new
|
|
.register_modifier(:groups_search_query) do |query|
|
|
query.where("groups.name LIKE 'boring%'")
|
|
end
|
|
|
|
get "/groups/search.json", params: { term: "cool" }
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.map { |g| g["id"] }).not_to include(
|
|
cool_group.id,
|
|
boring_group.id,
|
|
)
|
|
ensure
|
|
DiscoursePluginRegistry.clear_modifiers!
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#new" do
|
|
describe "for an anon user" do
|
|
it "should return 404" do
|
|
get "/groups/custom/new"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe "for a normal user" do
|
|
before { sign_in(user) }
|
|
|
|
it "should return 404" do
|
|
get "/groups/custom/new"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe "for an admin user" do
|
|
before { sign_in(admin) }
|
|
|
|
it "should return 200" do
|
|
get "/groups/custom/new"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#check_name" do
|
|
describe "for an anon user" do
|
|
it "should return the right response" do
|
|
get "/groups/check-name.json", params: { group_name: "test" }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
it "should return the right response" do
|
|
sign_in(Fabricate(:user))
|
|
SiteSetting.reserved_usernames = "test|donkey"
|
|
get "/groups/check-name.json", params: { group_name: "test" }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["available"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe "#permissions" do
|
|
before { sign_in(other_user) }
|
|
|
|
it "ensures the group can be seen" do
|
|
group.update!(visibility_level: Group.visibility_levels[:owners])
|
|
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
describe "with varying category permissions" do
|
|
fab!(:category) { Fabricate(:category) }
|
|
|
|
before do
|
|
category.set_permissions("#{group.name}": :full)
|
|
category.save!
|
|
end
|
|
|
|
it "does not return categories the user cannot see" do
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body).to eq([])
|
|
end
|
|
|
|
it "returns categories the user can see" do
|
|
group.add(other_user)
|
|
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.count).to eq(1)
|
|
expect(response.parsed_body.first["category"]["id"]).to eq(category.id)
|
|
end
|
|
end
|
|
|
|
it "returns categories alphabetically" do
|
|
sign_in(user)
|
|
|
|
["Three", "New Cat", "Abc", "Hello"].each do |name|
|
|
category = Fabricate(:category, name: name)
|
|
category.set_permissions("#{group.name}": :full)
|
|
category.save!
|
|
end
|
|
|
|
get "/groups/#{group.name}/permissions.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.parsed_body.map { |permission| permission["category"]["name"] }).to eq(
|
|
["Abc", "Hello", "New Cat", "Three"],
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "#test_email_settings" do
|
|
let(:params) do
|
|
{
|
|
protocol: protocol,
|
|
ssl: ssl,
|
|
port: port,
|
|
host: host,
|
|
username: username,
|
|
password: password,
|
|
}
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
group.group_users.where(user: user).last.update(owner: user)
|
|
end
|
|
|
|
context "when validating smtp" do
|
|
let(:protocol) { "smtp" }
|
|
let(:username) { "test@gmail.com" }
|
|
let(:password) { "password" }
|
|
let(:domain) { nil }
|
|
let(:ssl) { true }
|
|
let(:host) { "smtp.somemailsite.com" }
|
|
let(:port) { 587 }
|
|
|
|
context "when an error is raised" do
|
|
before do
|
|
EmailSettingsValidator.expects(:validate_smtp).raises(
|
|
Net::SMTPAuthenticationError,
|
|
"Invalid credentials",
|
|
)
|
|
end
|
|
it "uses the friendly error message functionality to return the message to the user" do
|
|
post "/groups/#{group.id}/test_email_settings.json", params: params
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("email_settings.smtp_authentication_error"),
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when validating imap" do
|
|
let(:protocol) { "imap" }
|
|
let(:username) { "test@gmail.com" }
|
|
let(:password) { "password" }
|
|
let(:domain) { nil }
|
|
let(:ssl) { true }
|
|
let(:host) { "imap.somemailsite.com" }
|
|
let(:port) { 993 }
|
|
|
|
it "validates with the correct TLS settings" do
|
|
EmailSettingsValidator.expects(:validate_imap).with(has_entry(ssl: true))
|
|
post "/groups/#{group.id}/test_email_settings.json", params: params
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
context "when an error is raised" do
|
|
before do
|
|
EmailSettingsValidator.expects(:validate_imap).raises(
|
|
Net::IMAP::NoResponseError,
|
|
stub(data: stub(text: "Invalid credentials")),
|
|
)
|
|
end
|
|
it "uses the friendly error message functionality to return the message to the user" do
|
|
post "/groups/#{group.id}/test_email_settings.json", params: params
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("email_settings.imap_authentication_error"),
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "global param validation and rate limit" do
|
|
let(:protocol) { "smtp" }
|
|
let(:host) { "smtp.gmail.com" }
|
|
let(:port) { 587 }
|
|
let(:username) { "test@gmail.com" }
|
|
let(:password) { "password" }
|
|
let(:ssl) { true }
|
|
|
|
context "when the protocol is not accepted" do
|
|
let(:protocol) { "sigma" }
|
|
it "raises an invalid params error" do
|
|
post "/groups/#{group.id}/test_email_settings.json", params: params
|
|
expect(response.status).to eq(400)
|
|
expect(response.parsed_body["errors"].first).to match(
|
|
/Valid protocols to test are smtp and imap/,
|
|
)
|
|
end
|
|
end
|
|
|
|
context "when user does not have access to the group" do
|
|
before { group.group_users.destroy_all }
|
|
it "errors if the user does not have access to the group" do
|
|
post "/groups/#{group.id}/test_email_settings.json", params: params
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "when rate limited" do
|
|
use_redis_snapshotting
|
|
|
|
it "rate limits anon searches per user" do
|
|
RateLimiter.enable
|
|
|
|
5.times { post "/groups/#{group.id}/test_email_settings.json", params: params }
|
|
post "/groups/#{group.id}/test_email_settings.json", params: params
|
|
expect(response.status).to eq(429)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|