mirror of
https://github.com/flarum/framework.git
synced 2024-12-01 22:43:41 +08:00
Only check for bypassTagCounts permission for startDiscussion ability (#130)
This doesn't fix anything, but we should explicitly only check the permission for the ability it is meant for, just to be safe in the future. Also add more tests.
This commit is contained in:
parent
a0f9416f90
commit
fffedb4e1d
|
@ -61,7 +61,7 @@
|
|||
"test:setup": "Sets up a database for use with integration tests. Execute this only once."
|
||||
},
|
||||
"require-dev": {
|
||||
"flarum/core": "0.1.x-dev",
|
||||
"flarum/core": "0.1.x-dev#b2d053f6865e685ebf005e457d970385377bbb28",
|
||||
"flarum/testing": "*@dev"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,11 +36,13 @@ class GlobalPolicy extends AbstractPolicy
|
|||
static $enoughPrimary;
|
||||
static $enoughSecondary;
|
||||
|
||||
if (in_array($ability, ['viewDiscussions', 'startDiscussion'])) {
|
||||
if ($actor->hasPermission($ability) && $actor->hasPermission('bypassTagCounts')) {
|
||||
return $this->allow();
|
||||
}
|
||||
if ($ability === 'startDiscussion'
|
||||
&& $actor->hasPermission($ability)
|
||||
&& $actor->hasPermission('bypassTagCounts')) {
|
||||
return $this->allow();
|
||||
}
|
||||
|
||||
if (in_array($ability, ['viewDiscussions', 'startDiscussion'])) {
|
||||
if (! isset($enoughPrimary[$actor->id][$ability])) {
|
||||
$enoughPrimary[$actor->id][$ability] = Tag::whereHasPermission($actor, $ability)
|
||||
->where('tags.position', '!=', null)
|
||||
|
|
|
@ -87,6 +87,34 @@ class CreateTest extends TestCase
|
|||
$this->assertEquals(422, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function user_can_create_discussion_without_tags_if_bypass_permission_granted()
|
||||
{
|
||||
$this->prepareDatabase([
|
||||
'group_permission' => [
|
||||
['group_id' => Group::MEMBER_ID, 'permission' => 'bypassTagCounts'],
|
||||
]
|
||||
]);
|
||||
|
||||
$response = $this->send(
|
||||
$this->request('POST', '/api/discussions', [
|
||||
'authenticatedAs' => 2,
|
||||
'json' => [
|
||||
'data' => [
|
||||
'attributes' => [
|
||||
'title' => 'test - too-obscure',
|
||||
'content' => 'predetermined content for automated testing - too-obscure',
|
||||
],
|
||||
]
|
||||
],
|
||||
])
|
||||
);
|
||||
|
||||
$this->assertEquals(201, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
|
@ -145,6 +173,41 @@ class CreateTest extends TestCase
|
|||
$this->assertEquals(403, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function user_cant_create_discussion_in_primary_tag_where_can_view_but_cant_start_with_bypass_permission_granted()
|
||||
{
|
||||
$this->prepareDatabase([
|
||||
'group_permission' => [
|
||||
['group_id' => Group::MEMBER_ID, 'permission' => 'bypassTagCounts'],
|
||||
]
|
||||
]);
|
||||
|
||||
$response = $this->send(
|
||||
$this->request('POST', '/api/discussions', [
|
||||
'authenticatedAs' => 2,
|
||||
'json' => [
|
||||
'data' => [
|
||||
'attributes' => [
|
||||
'title' => 'test - too-obscure',
|
||||
'content' => 'predetermined content for automated testing - too-obscure',
|
||||
],
|
||||
'relationships' => [
|
||||
'tags' => [
|
||||
'data' => [
|
||||
['type' => 'tags', 'id' => 5]
|
||||
]
|
||||
]
|
||||
]
|
||||
],
|
||||
],
|
||||
])
|
||||
);
|
||||
|
||||
$this->assertEquals(403, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
|
|
|
@ -113,4 +113,49 @@ class GlobalPolicyTest extends TestCase
|
|||
|
||||
$this->assertTrue(User::find(2)->can('startDiscussion'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function cant_start_discussion_globally_if_permission_in_insufficient_tags_requires_start_discussion_regardless_of_bypass()
|
||||
{
|
||||
$this->prepareDatabase([
|
||||
'group_permission' => [
|
||||
['group_id' => Group::MEMBER_ID, 'permission' => 'bypassTagCounts'],
|
||||
]
|
||||
]);
|
||||
|
||||
$this->database()->table('group_permission')->where('permission', 'startDiscussion')->delete();
|
||||
|
||||
$this->assertFalse(User::find(2)->can('startDiscussion'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function can_start_discussion_globally_if_start_discussion_and_bypass_allows_regardless_of_tag_count()
|
||||
{
|
||||
$this->prepareDatabase([
|
||||
'group_permission' => [
|
||||
['group_id' => Group::MEMBER_ID, 'permission' => 'bypassTagCounts'],
|
||||
]
|
||||
]);
|
||||
|
||||
$this->app();
|
||||
|
||||
$this->assertTrue(User::find(2)->can('startDiscussion'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function can_start_discussion_globally_if_sufficient_tags_and_allows_regardless_of_start_discussion_and_bypass()
|
||||
{
|
||||
$this->database()->table('group_permission')->where('permission', 'bypassTagCounts')->delete();
|
||||
|
||||
$this->setting('flarum-tags.min_primary_tags', 0);
|
||||
$this->setting('flarum-tags.min_secondary_tags', 1);
|
||||
|
||||
$this->assertTrue(User::find(2)->can('startDiscussion'));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user