FIX: Check for chat channel permissions (#38)
This commit is contained in:
Roman Rizzi
GitHub
parent
5549e4d5b3
commit
f2e52f7f24
|
|
@ -15,6 +15,11 @@ module DiscourseAi
|
||||||
chat_channel = Chat::Channel.find_by(id: params[:chat_channel_id])
|
chat_channel = Chat::Channel.find_by(id: params[:chat_channel_id])
|
||||||
raise Discourse::NotFound.new(:chat_channel) if !chat_channel
|
raise Discourse::NotFound.new(:chat_channel) if !chat_channel
|
||||||
|
|
||||||
|
if !(SiteSetting.discourse_ai_enabled && SiteSetting.ai_summarization_enabled)
|
||||||
|
raise PluginDisabled
|
||||||
|
end
|
||||||
|
raise Discourse::InvalidAccess if !guardian.can_join_chat_channel?(chat_channel)
|
||||||
|
|
||||||
RateLimiter.new(
|
RateLimiter.new(
|
||||||
current_user,
|
current_user,
|
||||||
"ai_summarization",
|
"ai_summarization",
|
||||||
|
|
|
||||||
|
|
@ -151,7 +151,7 @@ plugins:
|
||||||
client: true
|
client: true
|
||||||
|
|
||||||
ai_summarization_enabled:
|
ai_summarization_enabled:
|
||||||
default: true
|
default: false
|
||||||
client: true
|
client: true
|
||||||
ai_summarization_discourse_service_api_endpoint: ""
|
ai_summarization_discourse_service_api_endpoint: ""
|
||||||
ai_summarization_discourse_service_api_key: ""
|
ai_summarization_discourse_service_api_key: ""
|
||||||
|
|
|
||||||
|
|
@ -2,24 +2,61 @@
|
||||||
|
|
||||||
RSpec.describe DiscourseAi::Summarization::SummaryController do
|
RSpec.describe DiscourseAi::Summarization::SummaryController do
|
||||||
describe "#chat_channel" do
|
describe "#chat_channel" do
|
||||||
|
fab!(:user) { Fabricate(:user) }
|
||||||
|
let!(:channel_group) { Fabricate(:group) }
|
||||||
|
let!(:chat_channel) { Fabricate(:private_category_channel, group: channel_group) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
SiteSetting.ai_summarization_enabled = true
|
||||||
|
sign_in(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
context "when the user can see the channel" do
|
||||||
|
before { channel_group.add(user) }
|
||||||
|
|
||||||
describe "validating inputs" do
|
describe "validating inputs" do
|
||||||
it "returns a 404 if there is no chat channel" do
|
it "returns a 404 if there is no chat channel" do
|
||||||
post "/disoucrse-ai/summarization/chat-channel", params: { chat_channel_id: 99, since: 3 }
|
post "/discourse-ai/summarization/chat-channel", params: { chat_channel_id: 99, since: 3 }
|
||||||
|
|
||||||
expect(response.status).to eq(404)
|
expect(response.status).to eq(404)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "returns a 400 if the since param is invalid" do
|
it "returns a 400 if the since param is invalid" do
|
||||||
chat_channel = Fabricate(:chat_channel)
|
post "/discourse-ai/summarization/chat-channel",
|
||||||
|
|
||||||
post "/disoucrse-ai/summarization/chat-channel",
|
|
||||||
params: {
|
params: {
|
||||||
chat_channel_id: chat_channel.id,
|
chat_channel_id: chat_channel.id,
|
||||||
since: 0,
|
since: 0,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
expect(response.status).to eq(400)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns a 404 when the module is disabled" do
|
||||||
|
SiteSetting.ai_summarization_enabled = false
|
||||||
|
|
||||||
|
post "/discourse-ai/summarization/chat-channel",
|
||||||
|
params: {
|
||||||
|
chat_channel_id: chat_channel.id,
|
||||||
|
since: 1,
|
||||||
|
}
|
||||||
|
|
||||||
expect(response.status).to eq(404)
|
expect(response.status).to eq(404)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "when the user can't see the channel" do
|
||||||
|
before { channel_group.remove(user) }
|
||||||
|
|
||||||
|
it "returns a 403 if the user can't see the chat channel" do
|
||||||
|
post "/discourse-ai/summarization/chat-channel",
|
||||||
|
params: {
|
||||||
|
chat_channel_id: chat_channel.id,
|
||||||
|
since: 1,
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue