mirror of
https://github.com/discourse/discourse.git
synced 2024-11-28 00:54:21 +08:00
110 lines
3.3 KiB
Ruby
110 lines
3.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe Admin::ImpersonateController do
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
fab!(:moderator) { Fabricate(:moderator) }
|
|
fab!(:user) { Fabricate(:user) }
|
|
fab!(:another_admin) { Fabricate(:admin) }
|
|
|
|
describe "#index" do
|
|
context "when logged in as an admin" do
|
|
before { sign_in(admin) }
|
|
|
|
it "returns success" do
|
|
get "/admin/impersonate.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
shared_examples "impersonation inaccessible" do
|
|
it "denies access with a 404 response" do
|
|
get "/admin/impersonate.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
|
|
end
|
|
end
|
|
|
|
context "when logged in as a moderator" do
|
|
before { sign_in(moderator) }
|
|
|
|
include_examples "impersonation inaccessible"
|
|
end
|
|
|
|
context "when logged in as a non-staff user" do
|
|
before { sign_in(user) }
|
|
|
|
include_examples "impersonation inaccessible"
|
|
end
|
|
end
|
|
|
|
describe "#create" do
|
|
context "when logged in as an admin" do
|
|
before { sign_in(admin) }
|
|
|
|
it "requires a username_or_email parameter" do
|
|
post "/admin/impersonate.json"
|
|
expect(response.status).to eq(400)
|
|
expect(session[:current_user_id]).to eq(admin.id)
|
|
end
|
|
|
|
it "returns 404 when that user does not exist" do
|
|
post "/admin/impersonate.json", params: { username_or_email: "hedonismbot" }
|
|
expect(response.status).to eq(404)
|
|
expect(session[:current_user_id]).to eq(admin.id)
|
|
end
|
|
|
|
it "raises an invalid access error if the user can't be impersonated" do
|
|
post "/admin/impersonate.json", params: { username_or_email: another_admin.email }
|
|
expect(response.status).to eq(403)
|
|
expect(session[:current_user_id]).to eq(admin.id)
|
|
end
|
|
|
|
context "with success" do
|
|
it "succeeds and logs the impersonation" do
|
|
expect do
|
|
post "/admin/impersonate.json", params: { username_or_email: user.username }
|
|
end.to change { UserHistory.where(action: UserHistory.actions[:impersonate]).count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(session[:current_user_id]).to eq(user.id)
|
|
end
|
|
|
|
it "also works with an email address" do
|
|
post "/admin/impersonate.json", params: { username_or_email: user.email }
|
|
expect(response.status).to eq(200)
|
|
expect(session[:current_user_id]).to eq(user.id)
|
|
end
|
|
end
|
|
end
|
|
|
|
shared_examples "impersonation not allowed" do
|
|
it "prevents impersonation with a with 404 response" do
|
|
expect do
|
|
post "/admin/impersonate.json", params: { username_or_email: user.username }
|
|
end.not_to change { UserHistory.where(action: UserHistory.actions[:impersonate]).count }
|
|
|
|
expect(response.status).to eq(404)
|
|
expect(session[:current_user_id]).to eq(current_user.id)
|
|
end
|
|
end
|
|
|
|
context "when logged in as a moderator" do
|
|
before { sign_in(moderator) }
|
|
|
|
include_examples "impersonation not allowed" do
|
|
let(:current_user) { moderator }
|
|
end
|
|
end
|
|
|
|
context "when logged in as a non-staff user" do
|
|
before { sign_in(user) }
|
|
|
|
include_examples "impersonation not allowed" do
|
|
let(:current_user) { user }
|
|
end
|
|
end
|
|
end
|
|
end
|