mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 20:53:40 +08:00
3d581ce159
After this commit, category group permissions can only be seen by users that are allowed to manage a category. In the past, we inadvertently included a category's group permissions settings in `CategoriesController#show` and `CategoriesController#find_by_slug` endpoints for normal users when those settings are only a concern to users that can manage a category.
713 lines
23 KiB
Ruby
713 lines
23 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe CategoriesController do
|
|
let(:admin) { Fabricate(:admin) }
|
|
let!(:category) { Fabricate(:category, user: admin) }
|
|
fab!(:user) { Fabricate(:user) }
|
|
|
|
context 'index' do
|
|
|
|
it 'web crawler view has correct urls for subfolder install' do
|
|
set_subfolder "/forum"
|
|
get '/categories', headers: { 'HTTP_USER_AGENT' => 'Googlebot' }
|
|
html = Nokogiri::HTML5(response.body)
|
|
expect(html.css('body.crawler')).to be_present
|
|
expect(html.css("a[href=\"/forum/c/#{category.slug}/#{category.id}\"]")).to be_present
|
|
end
|
|
|
|
it "properly preloads topic list" do
|
|
SiteSetting.categories_topics = 5
|
|
SiteSetting.categories_topics.times { Fabricate(:topic) }
|
|
get "/categories"
|
|
|
|
expect(response.body).to have_tag("div#data-preloaded") do |element|
|
|
json = JSON.parse(element.current_scope.attribute('data-preloaded').value)
|
|
expect(json['topic_list_latest']).to include(%{"more_topics_url":"/latest"})
|
|
end
|
|
end
|
|
|
|
it "Shows correct title if category list is set for homepage" do
|
|
SiteSetting.top_menu = "categories|latest"
|
|
get "/"
|
|
|
|
expect(response.body).to have_tag "title", text: "Discourse"
|
|
|
|
SiteSetting.short_site_description = "Official community"
|
|
get "/"
|
|
|
|
expect(response.body).to have_tag "title", text: "Discourse - Official community"
|
|
end
|
|
|
|
it "redirects /category paths to /c paths" do
|
|
get "/category/uncategorized"
|
|
expect(response.status).to eq(302)
|
|
expect(response.body).to include("c/uncategorized")
|
|
end
|
|
|
|
it "respects permalinks before redirecting /category paths to /c paths" do
|
|
_perm = Permalink.create!(url: "category/something", category_id: category.id)
|
|
|
|
get "/category/something"
|
|
expect(response.status).to eq(301)
|
|
expect(response.body).to include(category.slug)
|
|
end
|
|
|
|
it 'returns the right response for a normal user' do
|
|
sign_in(user)
|
|
|
|
get "/categories.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
category_list = response.parsed_body["category_list"]
|
|
|
|
expect(category_list["categories"].map { |c| c["id"] }).to contain_exactly(
|
|
SiteSetting.get(:uncategorized_category_id), category.id
|
|
)
|
|
end
|
|
|
|
it 'does not returns subcatgories without permission' do
|
|
subcategory = Fabricate(:category, user: admin, parent_category: category)
|
|
subcategory.set_permissions(admins: :full)
|
|
subcategory.save!
|
|
|
|
sign_in(user)
|
|
|
|
get "/categories.json?include_subcategories=true"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
category_list = response.parsed_body["category_list"]
|
|
|
|
subcategories_for_category = category_list["categories"][1]["subcategory_list"]
|
|
expect(subcategories_for_category).to eq(nil)
|
|
end
|
|
|
|
it 'returns the right subcategory response with permission' do
|
|
subcategory = Fabricate(:category, user: admin, parent_category: category)
|
|
|
|
sign_in(user)
|
|
|
|
get "/categories.json?include_subcategories=true"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
category_list = response.parsed_body["category_list"]
|
|
|
|
subcategories_for_category = category_list["categories"][1]["subcategory_list"]
|
|
expect(subcategories_for_category.count).to eq(1)
|
|
expect(subcategories_for_category.first["parent_category_id"]).to eq(category.id)
|
|
expect(subcategories_for_category.first["id"]).to eq(subcategory.id)
|
|
end
|
|
|
|
it 'does not return subcategories without query param' do
|
|
subcategory = Fabricate(:category, user: admin, parent_category: category)
|
|
|
|
sign_in(user)
|
|
|
|
get "/categories.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
category_list = response.parsed_body["category_list"]
|
|
|
|
subcategories_for_category = category_list["categories"][1]["subcategory_list"]
|
|
expect(subcategories_for_category).to eq(nil)
|
|
end
|
|
|
|
it 'does not show uncategorized unless allow_uncategorized_topics' do
|
|
SiteSetting.desktop_category_page_style = "categories_boxes_with_topics"
|
|
|
|
uncategorized = Category.find(SiteSetting.uncategorized_category_id)
|
|
Fabricate(:topic, category: uncategorized)
|
|
CategoryFeaturedTopic.feature_topics
|
|
|
|
SiteSetting.allow_uncategorized_topics = false
|
|
|
|
get "/categories.json"
|
|
expect(response.parsed_body["category_list"]["categories"].map { |x| x['id'] }).not_to include(uncategorized.id)
|
|
end
|
|
end
|
|
|
|
context 'extensibility event' do
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
it "triggers a extensibility event" do
|
|
event = DiscourseEvent.track_events {
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: 'hello',
|
|
color: 'ff0',
|
|
text_color: 'fff'
|
|
}
|
|
}.last
|
|
|
|
expect(event[:event_name]).to eq(:category_updated)
|
|
expect(event[:params].first).to eq(category)
|
|
end
|
|
end
|
|
|
|
context '#create' do
|
|
it "requires the user to be logged in" do
|
|
post "/categories.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
describe "logged in" do
|
|
before do
|
|
Jobs.run_immediately!
|
|
sign_in(admin)
|
|
end
|
|
|
|
it "raises an exception when they don't have permission to create it" do
|
|
sign_in(Fabricate(:user))
|
|
post "/categories.json", params: {
|
|
name: 'hello', color: 'ff0', text_color: 'fff'
|
|
}
|
|
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "raises an exception when the name is missing" do
|
|
post "/categories.json", params: { color: "ff0", text_color: "fff" }
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
describe "failure" do
|
|
it "returns errors on a duplicate category name" do
|
|
category = Fabricate(:category, user: admin)
|
|
|
|
post "/categories.json", params: {
|
|
name: category.name, color: "ff0", text_color: "fff"
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "returns errors with invalid group" do
|
|
category = Fabricate(:category, user: admin)
|
|
readonly = CategoryGroup.permission_types[:readonly]
|
|
|
|
post "/categories.json", params: {
|
|
name: category.name, color: "ff0", text_color: "fff", permissions: { "invalid_group" => readonly }
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body['errors']).to be_present
|
|
end
|
|
end
|
|
|
|
describe "success" do
|
|
it "works" do
|
|
SiteSetting.enable_category_group_moderation = true
|
|
|
|
readonly = CategoryGroup.permission_types[:readonly]
|
|
create_post = CategoryGroup.permission_types[:create_post]
|
|
group = Fabricate(:group)
|
|
|
|
post "/categories.json", params: {
|
|
name: "hello",
|
|
color: "ff0",
|
|
text_color: "fff",
|
|
slug: "hello-cat",
|
|
auto_close_hours: 72,
|
|
search_priority: Searchable::PRIORITIES[:ignore],
|
|
reviewable_by_group_name: group.name,
|
|
permissions: {
|
|
"everyone" => readonly,
|
|
"staff" => create_post
|
|
}
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
cat_json = response.parsed_body['category']
|
|
expect(cat_json).to be_present
|
|
expect(cat_json['reviewable_by_group_name']).to eq(group.name)
|
|
expect(cat_json['name']).to eq('hello')
|
|
expect(cat_json['slug']).to eq('hello-cat')
|
|
expect(cat_json['color']).to eq('ff0')
|
|
expect(cat_json['auto_close_hours']).to eq(72)
|
|
expect(cat_json['search_priority']).to eq(Searchable::PRIORITIES[:ignore])
|
|
|
|
category = Category.find(cat_json['id'])
|
|
expect(category.category_groups.map { |g| [g.group_id, g.permission_type] }.sort).to eq([
|
|
[Group[:everyone].id, readonly], [Group[:staff].id, create_post]
|
|
])
|
|
expect(UserHistory.count).to eq(4) # 1 + 3 (bootstrap mode)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#show' do
|
|
before do
|
|
category.set_permissions(admins: :full)
|
|
category.save!
|
|
end
|
|
|
|
it "requires the user to be logged in" do
|
|
get "/c/#{category.id}/show.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
describe "logged in" do
|
|
it "raises an exception if they don't have permission to see it" do
|
|
admin.update!(admin: false)
|
|
sign_in(admin)
|
|
get "/c/#{category.id}/show.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "renders category for users that have permission" do
|
|
sign_in(admin)
|
|
get "/c/#{category.id}/show.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#destroy' do
|
|
it "requires the user to be logged in" do
|
|
delete "/categories/category.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
describe "logged in" do
|
|
it "raises an exception if they don't have permission to delete it" do
|
|
admin.update!(admin: false)
|
|
sign_in(admin)
|
|
delete "/categories/#{category.slug}.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "deletes the record" do
|
|
sign_in(admin)
|
|
|
|
id = Fabricate(:topic_timer, category: category).id
|
|
|
|
expect do
|
|
delete "/categories/#{category.slug}.json"
|
|
end.to change(Category, :count).by(-1)
|
|
expect(response.status).to eq(200)
|
|
expect(UserHistory.count).to eq(1)
|
|
expect(TopicTimer.where(id: id).exists?).to eq(false)
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#reorder' do
|
|
it "reorders the categories" do
|
|
sign_in(admin)
|
|
|
|
c1 = category
|
|
c2 = Fabricate(:category)
|
|
c3 = Fabricate(:category)
|
|
c4 = Fabricate(:category)
|
|
if c3.id < c2.id
|
|
tmp = c3; c2 = c3; c3 = tmp
|
|
end
|
|
c1.position = 8
|
|
c2.position = 6
|
|
c3.position = 7
|
|
c4.position = 5
|
|
|
|
payload = {}
|
|
payload[c1.id] = 4
|
|
payload[c2.id] = 6
|
|
payload[c3.id] = 6
|
|
payload[c4.id] = 5
|
|
|
|
post "/categories/reorder.json", params: { mapping: MultiJson.dump(payload) }
|
|
|
|
SiteSetting.fixed_category_positions = true
|
|
list = CategoryList.new(Guardian.new(admin))
|
|
|
|
expect(list.categories).to eq([
|
|
Category.find(SiteSetting.uncategorized_category_id),
|
|
c1,
|
|
c4,
|
|
c2,
|
|
c3
|
|
])
|
|
end
|
|
end
|
|
|
|
context '#update' do
|
|
before do
|
|
Jobs.run_immediately!
|
|
end
|
|
|
|
it "requires the user to be logged in" do
|
|
put "/categories/category.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
describe "logged in" do
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
it "raises an exception if they don't have permission to edit it" do
|
|
sign_in(Fabricate(:user))
|
|
put "/categories/#{category.slug}.json", params: {
|
|
name: 'hello',
|
|
color: 'ff0',
|
|
text_color: 'fff'
|
|
}
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "returns errors on a duplicate category name" do
|
|
other_category = Fabricate(:category, name: "Other", user: admin)
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: other_category.name,
|
|
color: "ff0",
|
|
text_color: "fff",
|
|
}
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "returns errors when there is a name conflict while moving a category into another" do
|
|
parent_category = Fabricate(:category, name: "Parent", user: admin)
|
|
other_category = Fabricate(:category, name: category.name, user: admin, parent_category: parent_category, slug: "a-different-slug")
|
|
|
|
put "/categories/#{category.id}.json", params: {
|
|
parent_category_id: parent_category.id,
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "returns 422 if email_in address is already in use for other category" do
|
|
_other_category = Fabricate(:category, name: "Other", email_in: "mail@example.com")
|
|
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: "Email",
|
|
email_in: "mail@example.com",
|
|
color: "ff0",
|
|
text_color: "fff",
|
|
}
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
describe "success" do
|
|
it "updates attributes correctly" do
|
|
SiteSetting.tagging_enabled = true
|
|
readonly = CategoryGroup.permission_types[:readonly]
|
|
create_post = CategoryGroup.permission_types[:create_post]
|
|
tag_group = Fabricate(:tag_group)
|
|
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: "hello",
|
|
color: "ff0",
|
|
text_color: "fff",
|
|
slug: "hello-category",
|
|
auto_close_hours: 72,
|
|
permissions: {
|
|
"everyone" => readonly,
|
|
"staff" => create_post
|
|
},
|
|
custom_fields: {
|
|
"dancing" => "frogs"
|
|
},
|
|
minimum_required_tags: "",
|
|
allow_global_tags: 'true',
|
|
required_tag_group_name: tag_group.name,
|
|
min_tags_from_required_group: 2
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
category.reload
|
|
expect(category.category_groups.map { |g| [g.group_id, g.permission_type] }.sort).to eq([
|
|
[Group[:everyone].id, readonly], [Group[:staff].id, create_post]
|
|
])
|
|
expect(category.name).to eq("hello")
|
|
expect(category.slug).to eq("hello-category")
|
|
expect(category.color).to eq("ff0")
|
|
expect(category.auto_close_hours).to eq(72)
|
|
expect(category.custom_fields).to eq("dancing" => "frogs")
|
|
expect(category.minimum_required_tags).to eq(0)
|
|
expect(category.allow_global_tags).to eq(true)
|
|
expect(category.required_tag_group_id).to eq(tag_group.id)
|
|
expect(category.min_tags_from_required_group).to eq(2)
|
|
end
|
|
|
|
it 'logs the changes correctly' do
|
|
category.update!(permissions: { "admins" => CategoryGroup.permission_types[:create_post] })
|
|
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: 'new name',
|
|
color: category.color,
|
|
text_color: category.text_color,
|
|
slug: category.slug,
|
|
permissions: {
|
|
"everyone" => CategoryGroup.permission_types[:create_post]
|
|
},
|
|
}
|
|
expect(response.status).to eq(200)
|
|
expect(UserHistory.count).to eq(5) # 2 + 3 (bootstrap mode)
|
|
end
|
|
|
|
it 'updates per-category settings correctly' do
|
|
category.custom_fields[Category::REQUIRE_TOPIC_APPROVAL] = false
|
|
category.custom_fields[Category::REQUIRE_REPLY_APPROVAL] = false
|
|
category.custom_fields[Category::NUM_AUTO_BUMP_DAILY] = 0
|
|
|
|
category.navigate_to_first_post_after_read = false
|
|
category.save!
|
|
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: category.name,
|
|
color: category.color,
|
|
text_color: category.text_color,
|
|
navigate_to_first_post_after_read: true,
|
|
custom_fields: {
|
|
require_reply_approval: true,
|
|
require_topic_approval: true,
|
|
num_auto_bump_daily: 10
|
|
}
|
|
}
|
|
|
|
category.reload
|
|
expect(category.require_topic_approval?).to eq(true)
|
|
expect(category.require_reply_approval?).to eq(true)
|
|
expect(category.num_auto_bump_daily).to eq(10)
|
|
expect(category.navigate_to_first_post_after_read).to eq(true)
|
|
end
|
|
|
|
it "can remove required tag group" do
|
|
SiteSetting.tagging_enabled = true
|
|
category.update!(required_tag_group: Fabricate(:tag_group))
|
|
put "/categories/#{category.id}.json", params: {
|
|
name: category.name,
|
|
color: category.color,
|
|
text_color: category.text_color,
|
|
allow_global_tags: 'false',
|
|
min_tags_from_required_group: 1,
|
|
required_tag_group_name: ''
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
category.reload
|
|
expect(category.required_tag_group).to be_nil
|
|
end
|
|
|
|
it "does not update other fields" do
|
|
SiteSetting.tagging_enabled = true
|
|
tag_group_1 = Fabricate(:tag_group)
|
|
tag_group_2 = Fabricate(:tag_group)
|
|
|
|
category.update!(
|
|
allowed_tags: ["hello", "world"],
|
|
allowed_tag_groups: [tag_group_1.name],
|
|
required_tag_group_name: tag_group_2.name,
|
|
custom_fields: { field_1: 'hello', field_2: 'hello' }
|
|
)
|
|
|
|
put "/categories/#{category.id}.json"
|
|
expect(response.status).to eq(200)
|
|
category.reload
|
|
expect(category.tags.pluck(:name)).to contain_exactly("hello", "world")
|
|
expect(category.tag_groups.pluck(:name)).to contain_exactly(tag_group_1.name)
|
|
expect(category.required_tag_group).to eq(tag_group_2)
|
|
expect(category.custom_fields).to eq({ 'field_1' => 'hello', 'field_2' => 'hello' })
|
|
|
|
put "/categories/#{category.id}.json", params: { allowed_tags: [], custom_fields: { field_1: nil } }
|
|
expect(response.status).to eq(200)
|
|
category.reload
|
|
expect(category.tags).to be_blank
|
|
expect(category.tag_groups.pluck(:name)).to contain_exactly(tag_group_1.name)
|
|
expect(category.required_tag_group).to eq(tag_group_2)
|
|
expect(category.custom_fields).to eq({ 'field_2' => 'hello' })
|
|
|
|
put "/categories/#{category.id}.json", params: { allowed_tags: [], allowed_tag_groups: [], required_tag_group_name: nil, custom_fields: { field_1: 'hi', field_2: nil } }
|
|
expect(response.status).to eq(200)
|
|
category.reload
|
|
expect(category.tags).to be_blank
|
|
expect(category.tag_groups).to be_blank
|
|
expect(category.required_tag_group).to eq(nil)
|
|
expect(category.custom_fields).to eq({ 'field_1' => 'hi' })
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#update_slug' do
|
|
it 'requires the user to be logged in' do
|
|
put "/category/category/slug.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
describe 'logged in' do
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
it 'rejects blank' do
|
|
put "/category/#{category.id}/slug.json", params: { slug: ' ' }
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to eq(["Slug can't be blank"])
|
|
end
|
|
|
|
it 'accepts valid custom slug' do
|
|
put "/category/#{category.id}/slug.json", params: { slug: 'valid-slug' }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(category.reload.slug).to eq('valid-slug')
|
|
end
|
|
|
|
it 'accepts not well formed custom slug' do
|
|
put "/category/#{category.id}/slug.json", params: { slug: ' valid slug' }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(category.reload.slug).to eq('valid-slug')
|
|
end
|
|
|
|
it 'accepts and sanitize custom slug when the slug generation method is not ascii' do
|
|
SiteSetting.slug_generation_method = 'none'
|
|
put "/category/#{category.id}/slug.json", params: { slug: ' another !_ slug @' }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(category.reload.slug).to eq('another-slug')
|
|
SiteSetting.slug_generation_method = 'ascii'
|
|
end
|
|
|
|
it 'rejects invalid custom slug' do
|
|
put "/category/#{category.id}/slug.json", params: { slug: '.' }
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to eq(["Slug is invalid"])
|
|
end
|
|
end
|
|
end
|
|
|
|
context '#categories_and_topics' do
|
|
before do
|
|
10.times.each { Fabricate(:topic) }
|
|
end
|
|
|
|
it 'works when SiteSetting.categories_topics is non-null' do
|
|
SiteSetting.categories_topics = 5
|
|
|
|
get '/categories_and_latest.json'
|
|
expect(response.parsed_body['topic_list']['topics'].size).to eq(5)
|
|
end
|
|
|
|
it 'works when SiteSetting.categories_topics is null' do
|
|
SiteSetting.categories_topics = 0
|
|
|
|
get '/categories_and_latest.json'
|
|
json = response.parsed_body
|
|
|
|
category_list = json['category_list']
|
|
topic_list = json['topic_list']
|
|
|
|
expect(category_list['categories'].size).to eq(2) # 'Uncategorized' and category
|
|
expect(topic_list['topics'].size).to eq(5)
|
|
|
|
Fabricate(:category, parent_category: category)
|
|
|
|
get '/categories_and_latest.json'
|
|
json = response.parsed_body
|
|
expect(json['category_list']['categories'].size).to eq(2)
|
|
expect(json['topic_list']['topics'].size).to eq(5)
|
|
|
|
Fabricate(:category)
|
|
Fabricate(:category)
|
|
|
|
get '/categories_and_latest.json'
|
|
json = response.parsed_body
|
|
expect(json['category_list']['categories'].size).to eq(4)
|
|
expect(json['topic_list']['topics'].size).to eq(6)
|
|
end
|
|
|
|
it 'does not show uncategorized unless allow_uncategorized_topics' do
|
|
uncategorized = Category.find(SiteSetting.uncategorized_category_id)
|
|
Fabricate(:topic, category: uncategorized)
|
|
CategoryFeaturedTopic.feature_topics
|
|
|
|
SiteSetting.allow_uncategorized_topics = false
|
|
|
|
get "/categories_and_latest.json"
|
|
expect(response.parsed_body["category_list"]["categories"].map { |x| x['id'] }).not_to include(uncategorized.id)
|
|
end
|
|
|
|
describe 'Showing top topics from private categories' do
|
|
it 'returns the top topic from the private category when the user is a member' do
|
|
restricted_group = Fabricate(:group)
|
|
private_cat = Fabricate(:private_category, group: restricted_group)
|
|
private_topic = Fabricate(:topic, category: private_cat, like_count: 1000, posts_count: 100)
|
|
TopTopic.refresh!
|
|
restricted_group.add(user)
|
|
sign_in(user)
|
|
|
|
get "/categories_and_top.json"
|
|
parsed_topic = response.parsed_body.dig('topic_list', 'topics').detect do |t|
|
|
t.dig('id') == private_topic.id
|
|
end
|
|
|
|
expect(parsed_topic).to be_present
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#visible_groups' do
|
|
fab!(:public_group) { Fabricate(:group, visibility_level: Group.visibility_levels[:public], name: 'aaa') }
|
|
fab!(:private_group) { Fabricate(:group, visibility_level: Group.visibility_levels[:staff], name: 'bbb') }
|
|
fab!(:user_only_group) { Fabricate(:group, visibility_level: Group.visibility_levels[:members], name: 'ccc') }
|
|
|
|
it 'responds with 404 when id param is invalid' do
|
|
get "/c/-9999/visible_groups.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "responds with 403 when category is restricted to the current user" do
|
|
category.set_permissions(private_group.name => :full)
|
|
category.save!
|
|
|
|
get "/c/#{category.id}/visible_groups.json"
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "returns the names of the groups that are visible to an admin" do
|
|
sign_in(admin)
|
|
|
|
category.set_permissions(
|
|
"everyone" => :readonly,
|
|
private_group.name => :full,
|
|
public_group.name => :full,
|
|
user_only_group.name => :full,
|
|
)
|
|
|
|
category.save!
|
|
|
|
get "/c/#{category.id}/visible_groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["groups"]).to eq([public_group.name, private_group.name, user_only_group.name])
|
|
end
|
|
|
|
it "returns the names of the groups that are visible to a user and excludes the everyone group" do
|
|
sign_in(user)
|
|
|
|
category.set_permissions(
|
|
"everyone" => :readonly,
|
|
private_group.name => :full,
|
|
public_group.name => :full,
|
|
user_only_group.name => :full,
|
|
)
|
|
|
|
category.save!
|
|
|
|
get "/c/#{category.id}/visible_groups.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["groups"]).to eq([public_group.name])
|
|
end
|
|
end
|
|
end
|