mirror of
https://github.com/discourse/discourse.git
synced 2024-12-19 15:54:25 +08:00
61bd7d5d11
Followup 3094f32ff5
,
this fixes an issue with the logic in this commit where
we were returning false if any of the conditionals here
were false, regardless of the type of `obj`, where we should
have only done this if `obj` was a `PostAction`, which lead
us to return false in cases where we were checking if the
user could edit their own post as anon.
102 lines
3.6 KiB
Ruby
102 lines
3.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe PostGuardian do
|
|
fab!(:groupless_user) { Fabricate(:user) }
|
|
fab!(:user) { Fabricate(:user, refresh_auto_groups: true) }
|
|
fab!(:anon) { Fabricate(:anonymous) }
|
|
fab!(:admin)
|
|
fab!(:moderator)
|
|
fab!(:group)
|
|
fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }
|
|
fab!(:category)
|
|
fab!(:topic) { Fabricate(:topic, category: category) }
|
|
fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true) }
|
|
fab!(:post) { Fabricate(:post, topic: topic) }
|
|
|
|
describe "#can_see_hidden_post?" do
|
|
context "when the hidden_post_visible_groups contains everyone" do
|
|
before { SiteSetting.hidden_post_visible_groups = "#{Group::AUTO_GROUPS[:everyone]}" }
|
|
|
|
it "returns true for everyone" do
|
|
expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
end
|
|
end
|
|
|
|
context "when the post is a created by the user" do
|
|
fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true, user: user) }
|
|
|
|
before { SiteSetting.hidden_post_visible_groups = "" }
|
|
|
|
it "returns true for the author" do
|
|
SiteSetting.hidden_post_visible_groups = ""
|
|
expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
end
|
|
end
|
|
|
|
context "when the post is a created by another user" do
|
|
before { SiteSetting.hidden_post_visible_groups = "14|#{group.id}" }
|
|
|
|
it "returns true for staff users" do
|
|
expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
end
|
|
|
|
it "returns false for anonymous users" do
|
|
expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(false)
|
|
end
|
|
|
|
it "returns true if the user is in hidden_post_visible_groups" do
|
|
expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
|
|
end
|
|
|
|
it "returns false if the user is not in hidden_post_visible_groups" do
|
|
expect(Guardian.new(groupless_user).can_see_hidden_post?(hidden_post)).to eq(false)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#is_in_edit_post_groups?" do
|
|
it "returns true if the user is in edit_all_post_groups" do
|
|
SiteSetting.edit_all_post_groups = group.id.to_s
|
|
|
|
expect(Guardian.new(user).is_in_edit_post_groups?).to eq(true)
|
|
end
|
|
|
|
it "returns false if the user is not in edit_all_post_groups" do
|
|
SiteSetting.edit_all_post_groups = Group::AUTO_GROUPS[:trust_level_4]
|
|
|
|
expect(Guardian.new(Fabricate(:trust_level_3)).is_in_edit_post_groups?).to eq(false)
|
|
end
|
|
|
|
it "returns false if the edit_all_post_groups is empty" do
|
|
SiteSetting.edit_all_post_groups = nil
|
|
|
|
expect(Guardian.new(user).is_in_edit_post_groups?).to eq(false)
|
|
end
|
|
end
|
|
|
|
describe "#can_edit_post?" do
|
|
it "returns true for the author" do
|
|
post.update!(user: user)
|
|
expect(Guardian.new(user).can_edit_post?(post)).to eq(true)
|
|
end
|
|
|
|
it "returns false for users who are not the author" do
|
|
expect(Guardian.new(user).can_edit_post?(post)).to eq(false)
|
|
end
|
|
|
|
it "returns true for admins who are not the author" do
|
|
expect(Guardian.new(admin).can_edit_post?(post)).to eq(true)
|
|
end
|
|
|
|
it "returns true for the author if they are anonymous" do
|
|
SiteSetting.allow_anonymous_posting = true
|
|
post.update!(user: anon)
|
|
expect(Guardian.new(anon).can_edit_post?(post)).to eq(true)
|
|
end
|
|
end
|
|
end
|