FIX: ai_bot_allowed_groups now works with restricted visibility (#180)

Previous to this change we relied on client side settings to
determine if an end user has access to the ai bot.

This meant that if a user was not aware they are a member of a
group (as it is with restricted visibility ones) they would not
see the bot button.

All checking has now moved to the server side, and tests were
added to cover.
This commit is contained in:
Sam 2023-09-04 11:52:44 +10:00 committed by GitHub
parent 43e485cbd9
commit 3f9973586e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 15 deletions

View File

@ -172,18 +172,11 @@ export default {
initialize(container) {
const settings = container.lookup("service:site-settings");
const user = container.lookup("service:current-user");
const aiBotEnaled =
settings.discourse_ai_enabled && settings.ai_bot_enabled;
const aiBotsAllowedGroups = settings.ai_bot_allowed_groups
.split("|")
.map((id) => parseInt(id, 10));
const canInteractWithAIBots = user?.groups.some((g) =>
aiBotsAllowedGroups.includes(g.id)
);
if (aiBotEnaled && canInteractWithAIBots) {
withPluginApi("1.6.0", attachHeaderIcon);
if (user?.ai_enabled_chat_bots) {
if (settings.ai_bot_add_to_header) {
withPluginApi("1.6.0", attachHeaderIcon);
}
withPluginApi("1.6.0", initializeAIBotReplies);
withPluginApi("1.6.0", initializePersonaDecorator);
}

View File

@ -190,7 +190,6 @@ discourse_ai:
default: false
client: true
ai_bot_allowed_groups:
client: true
type: group_list
list_type: compact
default: "3|14" # 3: @staff, 14: @trust_level_4

View File

@ -1,14 +1,24 @@
# frozen_string_literal: true
RSpec.describe "AI chat channel summarization", type: :system, js: true do
fab!(:user) { Fabricate(:admin) }
fab!(:user) { Fabricate(:user) }
fab!(:group) { Fabricate(:group, visibility_level: Group.visibility_levels[:staff]) }
before do
sign_in(user)
SiteSetting.ai_bot_enabled = true
SiteSetting.ai_bot_enabled_chat_bots = "gpt-4|gpt-3.5-turbo"
SiteSetting.ai_bot_allowed_groups = group.id.to_s
sign_in(user)
end
it "shows the AI bot button, which is clickable" do
it "does not show AI button to users not in group" do
visit "/latest"
expect(page).not_to have_selector(".ai-bot-button")
end
it "shows the AI bot button, which is clickable (even if group is hidden)" do
group.add(user)
group.save
visit "/latest"
expect(page).to have_selector(".ai-bot-button")
find(".ai-bot-button").click
@ -18,5 +28,9 @@ RSpec.describe "AI chat channel summarization", type: :system, js: true do
# composer is open
expect(page).to have_selector(".d-editor-container")
SiteSetting.ai_bot_add_to_header = false
visit "/latest"
expect(page).not_to have_selector(".ai-bot-button")
end
end