mirror of
https://github.com/discourse/discourse.git
synced 2024-11-24 17:15:32 +08:00
6dd4bc7d57
Group owners are regular users that can add or remove users to a group The Admin UX allows admins to appoint group owners The public group UX will display group owners first and unlock UI to add and remove members Group owners can only be appointed on non automatic groups Group owners may not appoint another group owner
234 lines
6.6 KiB
Ruby
234 lines
6.6 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe GroupsController do
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
describe 'show' do
|
|
it "ensures the group can be seen" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(false)
|
|
xhr :get, :show, id: group.name
|
|
expect(response).not_to be_success
|
|
end
|
|
|
|
it "responds with JSON" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(true)
|
|
xhr :get, :show, id: group.name
|
|
expect(response).to be_success
|
|
expect(::JSON.parse(response.body)['basic_group']['id']).to eq(group.id)
|
|
end
|
|
|
|
it "works even with an upper case group name" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(true)
|
|
xhr :get, :show, id: group.name.upcase
|
|
expect(response).to be_success
|
|
expect(::JSON.parse(response.body)['basic_group']['id']).to eq(group.id)
|
|
end
|
|
end
|
|
|
|
describe "counts" do
|
|
it "ensures the group can be seen" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(false)
|
|
xhr :get, :counts, group_id: group.name
|
|
expect(response).not_to be_success
|
|
end
|
|
|
|
it "performs the query and responds with JSON" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(true)
|
|
Group.any_instance.expects(:posts_for).returns(Group.none)
|
|
xhr :get, :counts, group_id: group.name
|
|
expect(response).to be_success
|
|
end
|
|
end
|
|
|
|
describe "posts" do
|
|
it "ensures the group can be seen" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(false)
|
|
xhr :get, :posts, group_id: group.name
|
|
expect(response).not_to be_success
|
|
end
|
|
|
|
it "calls `posts_for` and responds with JSON" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(true)
|
|
Group.any_instance.expects(:posts_for).returns(Group.none)
|
|
xhr :get, :posts, group_id: group.name
|
|
expect(response).to be_success
|
|
end
|
|
end
|
|
|
|
describe "members" do
|
|
it "ensures the group can be seen" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(false)
|
|
xhr :get, :members, group_id: group.name
|
|
expect(response).not_to be_success
|
|
end
|
|
|
|
it "calls `posts_for` and responds with JSON" do
|
|
Guardian.any_instance.expects(:can_see?).with(group).returns(true)
|
|
xhr :get, :posts, group_id: group.name
|
|
expect(response).to be_success
|
|
end
|
|
|
|
# Pending until we fix group truncation
|
|
skip "ensures that membership can be paginated" do
|
|
5.times { group.add(Fabricate(:user)) }
|
|
usernames = group.users.map{ |m| m['username'] }.sort
|
|
|
|
xhr :get, :members, group_id: group.name, limit: 3
|
|
expect(response).to be_success
|
|
members = JSON.parse(response.body)
|
|
expect(members.map{ |m| m['username'] }).to eq(usernames[0..2])
|
|
|
|
xhr :get, :members, group_id: group.name, limit: 3, offset: 3
|
|
expect(response).to be_success
|
|
members = JSON.parse(response.body)
|
|
expect(members.map{ |m| m['username'] }).to eq(usernames[3..4])
|
|
end
|
|
end
|
|
|
|
|
|
describe "membership edit permission" do
|
|
it "refuses membership changes to unauthorized users" do
|
|
Guardian.any_instance.stubs(:can_edit?).with(group).returns(false)
|
|
|
|
xhr :put, :add_members, id: group.id, usernames: "bob"
|
|
expect(response).to be_forbidden
|
|
|
|
xhr :delete, :remove_member, id: group.id, username: "bob"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "cannot add members to automatic groups" do
|
|
Guardian.any_instance.stubs(:is_admin?).returns(true)
|
|
group = Fabricate(:group, name: "auto_group", automatic: true)
|
|
|
|
xhr :put, :add_members, id: group.id, usernames: "bob"
|
|
expect(response).to be_forbidden
|
|
end
|
|
end
|
|
|
|
describe "membership edits" do
|
|
before do
|
|
@user1 = Fabricate(:user)
|
|
group.add(@user1)
|
|
group.reload
|
|
|
|
Guardian.any_instance.stubs(:can_edit?).with(group).returns(true)
|
|
end
|
|
|
|
it "can make incremental adds" do
|
|
user2 = Fabricate(:user)
|
|
xhr :put, :add_members, id: group.id, usernames: user2.username
|
|
|
|
expect(response).to be_success
|
|
group.reload
|
|
expect(group.users.count).to eq(2)
|
|
end
|
|
|
|
it "can make incremental deletes" do
|
|
xhr :delete, :remove_member, id: group.id, username: @user1.username
|
|
|
|
expect(response).to be_success
|
|
group.reload
|
|
expect(group.users.count).to eq(0)
|
|
end
|
|
|
|
end
|
|
|
|
context ".add_members" do
|
|
|
|
before do
|
|
@admin = log_in(:admin)
|
|
end
|
|
|
|
it "cannot add members to automatic groups" do
|
|
xhr :put, :add_members, id: 1, usernames: "l77t"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
context "is able to add several members to a group" do
|
|
|
|
let(:user1) { Fabricate(:user) }
|
|
let(:user2) { Fabricate(:user) }
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
it "adds by username" do
|
|
xhr :put, :add_members, id: group.id, usernames: [user1.username, user2.username].join(",")
|
|
|
|
expect(response).to be_success
|
|
group.reload
|
|
expect(group.users.count).to eq(2)
|
|
end
|
|
|
|
it "adds by id" do
|
|
xhr :put, :add_members, id: group.id, user_ids: [user1.id, user2.id].join(",")
|
|
|
|
expect(response).to be_success
|
|
group.reload
|
|
expect(group.users.count).to eq(2)
|
|
end
|
|
end
|
|
|
|
it "returns 422 if member already exists" do
|
|
group = Fabricate(:group)
|
|
existing_member = Fabricate(:user)
|
|
group.add(existing_member)
|
|
group.save
|
|
|
|
xhr :put, :add_members, id: group.id, usernames: existing_member.username
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
end
|
|
|
|
context ".remove_member" do
|
|
|
|
before do
|
|
@admin = log_in(:admin)
|
|
end
|
|
|
|
it "cannot remove members from automatic groups" do
|
|
xhr :put, :remove_member, id: 1, user_id: 42
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
context "is able to remove a member" do
|
|
|
|
let(:user) { Fabricate(:user) }
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
before do
|
|
group.add(user)
|
|
group.save
|
|
end
|
|
|
|
it "removes by id" do
|
|
xhr :delete, :remove_member, id: group.id, user_id: user.id
|
|
|
|
expect(response).to be_success
|
|
group.reload
|
|
expect(group.users.count).to eq(0)
|
|
end
|
|
|
|
it "removes by username" do
|
|
xhr :delete, :remove_member, id: group.id, username: user.username
|
|
|
|
expect(response).to be_success
|
|
group.reload
|
|
expect(group.users.count).to eq(0)
|
|
end
|
|
|
|
it "removes user.primary_group_id when user is removed from group" do
|
|
user.primary_group_id = group.id
|
|
user.save
|
|
|
|
xhr :delete, :remove_member, id: group.id, username: user.username
|
|
|
|
user.reload
|
|
expect(user.primary_group_id).to eq(nil)
|
|
end
|
|
end
|
|
|
|
end
|
|
|
|
end
|