FIX: Check for chat channel permissions (#38)
This commit is contained in:
parent
5549e4d5b3
commit
f2e52f7f24
|
@ -15,6 +15,11 @@ module DiscourseAi
|
|||
chat_channel = Chat::Channel.find_by(id: params[:chat_channel_id])
|
||||
raise Discourse::NotFound.new(:chat_channel) if !chat_channel
|
||||
|
||||
if !(SiteSetting.discourse_ai_enabled && SiteSetting.ai_summarization_enabled)
|
||||
raise PluginDisabled
|
||||
end
|
||||
raise Discourse::InvalidAccess if !guardian.can_join_chat_channel?(chat_channel)
|
||||
|
||||
RateLimiter.new(
|
||||
current_user,
|
||||
"ai_summarization",
|
||||
|
|
|
@ -151,7 +151,7 @@ plugins:
|
|||
client: true
|
||||
|
||||
ai_summarization_enabled:
|
||||
default: true
|
||||
default: false
|
||||
client: true
|
||||
ai_summarization_discourse_service_api_endpoint: ""
|
||||
ai_summarization_discourse_service_api_key: ""
|
||||
|
|
|
@ -2,24 +2,61 @@
|
|||
|
||||
RSpec.describe DiscourseAi::Summarization::SummaryController do
|
||||
describe "#chat_channel" do
|
||||
fab!(:user) { Fabricate(:user) }
|
||||
let!(:channel_group) { Fabricate(:group) }
|
||||
let!(:chat_channel) { Fabricate(:private_category_channel, group: channel_group) }
|
||||
|
||||
before do
|
||||
SiteSetting.ai_summarization_enabled = true
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
context "when the user can see the channel" do
|
||||
before { channel_group.add(user) }
|
||||
|
||||
describe "validating inputs" do
|
||||
it "returns a 404 if there is no chat channel" do
|
||||
post "/disoucrse-ai/summarization/chat-channel", params: { chat_channel_id: 99, since: 3 }
|
||||
post "/discourse-ai/summarization/chat-channel", params: { chat_channel_id: 99, since: 3 }
|
||||
|
||||
expect(response.status).to eq(404)
|
||||
end
|
||||
|
||||
it "returns a 400 if the since param is invalid" do
|
||||
chat_channel = Fabricate(:chat_channel)
|
||||
|
||||
post "/disoucrse-ai/summarization/chat-channel",
|
||||
post "/discourse-ai/summarization/chat-channel",
|
||||
params: {
|
||||
chat_channel_id: chat_channel.id,
|
||||
since: 0,
|
||||
}
|
||||
|
||||
expect(response.status).to eq(400)
|
||||
end
|
||||
|
||||
it "returns a 404 when the module is disabled" do
|
||||
SiteSetting.ai_summarization_enabled = false
|
||||
|
||||
post "/discourse-ai/summarization/chat-channel",
|
||||
params: {
|
||||
chat_channel_id: chat_channel.id,
|
||||
since: 1,
|
||||
}
|
||||
|
||||
expect(response.status).to eq(404)
|
||||
end
|
||||
end
|
||||
|
||||
context "when the user can't see the channel" do
|
||||
before { channel_group.remove(user) }
|
||||
|
||||
it "returns a 403 if the user can't see the chat channel" do
|
||||
post "/discourse-ai/summarization/chat-channel",
|
||||
params: {
|
||||
chat_channel_id: chat_channel.id,
|
||||
since: 1,
|
||||
}
|
||||
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue