2019-04-29 20:27:42 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-07-27 02:39:47 -04:00
|
|
|
require 'rails_helper'
|
|
|
|
|
2017-08-23 23:01:11 -04:00
|
|
|
RSpec.describe Admin::GroupsController do
|
2019-05-06 23:12:20 -04:00
|
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
fab!(:user) { Fabricate(:user) }
|
|
|
|
fab!(:group) { Fabricate(:group) }
|
2017-07-27 02:39:47 -04:00
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(admin)
|
|
|
|
end
|
|
|
|
|
2017-08-24 02:28:18 -04:00
|
|
|
describe '#create' do
|
2019-06-05 22:05:33 -04:00
|
|
|
let(:group_params) do
|
|
|
|
{
|
2017-08-31 00:06:56 -04:00
|
|
|
group: {
|
|
|
|
name: 'testing',
|
|
|
|
usernames: [admin.username, user.username].join(","),
|
|
|
|
owner_usernames: [user.username].join(","),
|
|
|
|
allow_membership_requests: true,
|
|
|
|
membership_request_template: 'Testing',
|
2019-08-14 09:30:04 -04:00
|
|
|
members_visibility_level: Group.visibility_levels[:staff]
|
2017-08-31 00:06:56 -04:00
|
|
|
}
|
2017-07-27 02:39:47 -04:00
|
|
|
}
|
2019-06-05 22:05:33 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'should work' do
|
|
|
|
post "/admin/groups.json", params: group_params
|
2017-07-27 02:39:47 -04:00
|
|
|
|
2018-04-06 05:11:00 -04:00
|
|
|
expect(response.status).to eq(200)
|
2017-07-27 02:39:47 -04:00
|
|
|
|
|
|
|
group = Group.last
|
|
|
|
|
|
|
|
expect(group.name).to eq('testing')
|
|
|
|
expect(group.users).to contain_exactly(admin, user)
|
|
|
|
expect(group.allow_membership_requests).to eq(true)
|
2017-08-08 05:53:02 -04:00
|
|
|
expect(group.membership_request_template).to eq('Testing')
|
2019-08-14 09:30:04 -04:00
|
|
|
expect(group.members_visibility_level).to eq(Group.visibility_levels[:staff])
|
2017-07-27 02:39:47 -04:00
|
|
|
end
|
2019-06-05 22:05:33 -04:00
|
|
|
|
|
|
|
context "custom_fields" do
|
|
|
|
before do
|
|
|
|
plugin = Plugin::Instance.new
|
|
|
|
plugin.register_editable_group_custom_field :test
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
2020-05-15 09:04:38 -04:00
|
|
|
DiscoursePluginRegistry.reset!
|
2019-06-05 22:05:33 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it "only updates allowed user fields" do
|
|
|
|
params = group_params
|
|
|
|
params[:group].merge!(custom_fields: { test: :hello1, test2: :hello2 })
|
|
|
|
|
|
|
|
post "/admin/groups.json", params: params
|
|
|
|
|
|
|
|
group = Group.last
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(group.custom_fields['test']).to eq('hello1')
|
|
|
|
expect(group.custom_fields['test2']).to be_blank
|
|
|
|
end
|
|
|
|
|
|
|
|
it "is secure when there are no registered editable fields" do
|
2020-05-15 09:04:38 -04:00
|
|
|
DiscoursePluginRegistry.reset!
|
2019-06-05 22:05:33 -04:00
|
|
|
params = group_params
|
|
|
|
params[:group].merge!(custom_fields: { test: :hello1, test2: :hello2 })
|
|
|
|
|
|
|
|
post "/admin/groups.json", params: params
|
|
|
|
|
|
|
|
group = Group.last
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(group.custom_fields['test']).to be_blank
|
|
|
|
expect(group.custom_fields['test2']).to be_blank
|
|
|
|
end
|
|
|
|
end
|
2021-09-05 20:18:51 -04:00
|
|
|
|
|
|
|
context 'with Group.plugin_permitted_params' do
|
|
|
|
after do
|
|
|
|
DiscoursePluginRegistry.reset!
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'filter unpermitted params' do
|
|
|
|
params = group_params
|
|
|
|
params[:group].merge!(allow_unknown_sender_topic_replies: true)
|
|
|
|
|
|
|
|
post "/admin/groups.json", params: params
|
|
|
|
expect(Group.last.allow_unknown_sender_topic_replies).to eq(false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows plugin to allow custom params' do
|
|
|
|
params = group_params
|
|
|
|
params[:group].merge!(allow_unknown_sender_topic_replies: true)
|
|
|
|
|
|
|
|
plugin = Plugin::Instance.new
|
|
|
|
plugin.register_group_param :allow_unknown_sender_topic_replies
|
|
|
|
|
|
|
|
post "/admin/groups.json", params: params
|
|
|
|
expect(Group.last.allow_unknown_sender_topic_replies).to eq(true)
|
|
|
|
end
|
|
|
|
end
|
2017-07-27 02:39:47 -04:00
|
|
|
end
|
2017-08-02 07:58:35 -04:00
|
|
|
|
2017-08-23 23:01:11 -04:00
|
|
|
describe '#add_owners' do
|
2017-08-02 07:58:35 -04:00
|
|
|
it 'should work' do
|
2017-08-31 00:06:56 -04:00
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: [user.username, admin.username].join(",")
|
|
|
|
}
|
2017-08-02 07:58:35 -04:00
|
|
|
}
|
|
|
|
|
2018-03-26 05:33:03 -04:00
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
2020-05-07 11:04:12 -04:00
|
|
|
response_body = response.parsed_body
|
2018-03-26 05:33:03 -04:00
|
|
|
|
|
|
|
expect(response_body["usernames"]).to contain_exactly(user.username, admin.username)
|
2017-08-02 07:58:35 -04:00
|
|
|
|
|
|
|
expect(group.group_users.where(owner: true).map(&:user))
|
|
|
|
.to contain_exactly(user, admin)
|
|
|
|
end
|
2020-04-20 21:50:20 -04:00
|
|
|
|
|
|
|
it 'returns not-found error when there is no group' do
|
|
|
|
group.destroy!
|
|
|
|
|
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: user.username
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not allow adding owners to an automatic group' do
|
|
|
|
group.update!(automatic: true)
|
|
|
|
|
|
|
|
expect do
|
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: user.username
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end.to_not change { group.group_users.count }
|
|
|
|
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to eq(["You cannot modify an automatic group"])
|
|
|
|
end
|
2020-08-04 11:02:01 -04:00
|
|
|
|
|
|
|
it 'does not notify users when the param is not present' do
|
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: user.username
|
|
|
|
}
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
2020-09-02 09:24:01 -04:00
|
|
|
topic = Topic.find_by(
|
|
|
|
title: I18n.t("system_messages.user_added_to_group_as_owner.subject_template", group_name: group.name),
|
|
|
|
archetype: "private_message"
|
|
|
|
)
|
2020-08-04 11:02:01 -04:00
|
|
|
expect(topic.nil?).to eq(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'notifies users when the param is present' do
|
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: user.username,
|
|
|
|
notify_users: true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
2020-09-02 09:24:01 -04:00
|
|
|
topic = Topic.find_by(
|
|
|
|
title: I18n.t("system_messages.user_added_to_group_as_owner.subject_template", group_name: group.name),
|
|
|
|
archetype: "private_message"
|
|
|
|
)
|
2020-08-04 11:02:01 -04:00
|
|
|
expect(topic.nil?).to eq(false)
|
|
|
|
expect(topic.topic_users.map(&:user_id)).to include(-1, user.id)
|
|
|
|
end
|
2017-08-02 07:58:35 -04:00
|
|
|
end
|
2018-04-06 05:11:00 -04:00
|
|
|
|
2018-05-07 01:56:27 -04:00
|
|
|
describe '#remove_owner' do
|
2021-02-03 09:11:08 -05:00
|
|
|
let(:user2) { Fabricate(:user) }
|
|
|
|
let(:user3) { Fabricate(:user) }
|
|
|
|
|
2018-05-07 01:56:27 -04:00
|
|
|
it 'should work' do
|
|
|
|
group.add_owner(user)
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
user_id: user.id
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(group.group_users.where(owner: true)).to eq([])
|
|
|
|
end
|
2020-04-20 21:50:20 -04:00
|
|
|
|
2021-02-03 09:11:08 -05:00
|
|
|
it 'should work with multiple users' do
|
|
|
|
group.add_owner(user)
|
|
|
|
group.add_owner(user3)
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: "#{user.username},#{user2.username},#{user3.username}"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(group.group_users.where(owner: true)).to eq([])
|
|
|
|
end
|
|
|
|
|
2020-04-20 21:50:20 -04:00
|
|
|
it 'returns not-found error when there is no group' do
|
|
|
|
group.destroy!
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
user_id: user.id
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not allow removing owners from an automatic group' do
|
|
|
|
group.update!(automatic: true)
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
user_id: user.id
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response.parsed_body["errors"]).to eq(["You cannot modify an automatic group"])
|
|
|
|
end
|
2018-05-07 01:56:27 -04:00
|
|
|
end
|
|
|
|
|
2021-02-03 09:11:08 -05:00
|
|
|
describe "#set_primary" do
|
|
|
|
let(:user2) { Fabricate(:user) }
|
|
|
|
let(:user3) { Fabricate(:user) }
|
|
|
|
|
|
|
|
it 'sets with multiple users' do
|
|
|
|
user2.update!(primary_group_id: group.id)
|
|
|
|
|
|
|
|
put "/admin/groups/#{group.id}/primary.json", params: {
|
|
|
|
group: { usernames: "#{user.username},#{user2.username},#{user3.username}" },
|
|
|
|
primary: "true"
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(User.where(primary_group_id: group.id).size).to eq(3)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'unsets with multiple users' do
|
|
|
|
user.update!(primary_group_id: group.id)
|
|
|
|
user3.update!(primary_group_id: group.id)
|
|
|
|
|
|
|
|
put "/admin/groups/#{group.id}/primary.json", params: {
|
|
|
|
group: { usernames: "#{user.username},#{user2.username},#{user3.username}" },
|
|
|
|
primary: "false"
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(User.where(primary_group_id: group.id).size).to eq(0)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-04-06 05:11:00 -04:00
|
|
|
context "#destroy" do
|
|
|
|
it 'should return the right response for an invalid group_id' do
|
2019-05-20 22:57:14 -04:00
|
|
|
max_id = Group.maximum(:id).to_i
|
|
|
|
delete "/admin/groups/#{max_id + 1}.json"
|
2018-04-06 05:11:00 -04:00
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
2021-01-13 13:53:18 -05:00
|
|
|
it 'logs when a group is destroyed' do
|
|
|
|
delete "/admin/groups/#{group.id}.json"
|
|
|
|
|
|
|
|
history = UserHistory.where(acting_user: admin).last
|
|
|
|
|
|
|
|
expect(history).to be_present
|
|
|
|
expect(history.details).to include("name: #{group.name}")
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'logs the grant_trust_level attribute' do
|
|
|
|
trust_level = TrustLevel[4]
|
|
|
|
group.update!(grant_trust_level: trust_level)
|
|
|
|
delete "/admin/groups/#{group.id}.json"
|
|
|
|
|
|
|
|
history = UserHistory.where(acting_user: admin).last
|
|
|
|
|
|
|
|
expect(history).to be_present
|
|
|
|
expect(history.details).to include("grant_trust_level: #{trust_level}")
|
|
|
|
expect(history.details).to include("name: #{group.name}")
|
|
|
|
end
|
|
|
|
|
2018-04-06 05:11:00 -04:00
|
|
|
describe 'when group is automatic' do
|
|
|
|
it "returns the right response" do
|
|
|
|
group.update!(automatic: true)
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}.json"
|
|
|
|
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(Group.find(group.id)).to eq(group)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'for a non automatic group' do
|
|
|
|
it "returns the right response" do
|
|
|
|
delete "/admin/groups/#{group.id}.json"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(Group.find_by(id: group.id)).to eq(nil)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2020-05-26 01:40:09 -04:00
|
|
|
|
|
|
|
describe '#automatic_membership_count' do
|
|
|
|
it 'returns count of users whose emails match the domain' do
|
|
|
|
Fabricate(:user, email: 'user1@somedomain.org')
|
|
|
|
Fabricate(:user, email: 'user1@somedomain.com')
|
|
|
|
Fabricate(:user, email: 'user1@notsomedomain.com')
|
|
|
|
group = Fabricate(:group)
|
|
|
|
|
|
|
|
put "/admin/groups/automatic_membership_count.json", params: {
|
|
|
|
automatic_membership_email_domains: 'somedomain.org|somedomain.com',
|
|
|
|
id: group.id
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.parsed_body["user_count"]).to eq(2)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't responde with 500 if domain is invalid" do
|
|
|
|
group = Fabricate(:group)
|
|
|
|
|
|
|
|
put "/admin/groups/automatic_membership_count.json", params: {
|
|
|
|
automatic_membership_email_domains: '@somedomain.org|@somedomain.com',
|
|
|
|
id: group.id
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.parsed_body["user_count"]).to eq(0)
|
|
|
|
end
|
|
|
|
end
|
2020-10-19 16:30:21 -04:00
|
|
|
|
|
|
|
context "when moderators_manage_categories_and_groups is enabled" do
|
|
|
|
let(:group_params) do
|
|
|
|
{
|
|
|
|
group: {
|
|
|
|
name: 'testing-as-moderator',
|
|
|
|
usernames: [admin.username, user.username].join(","),
|
|
|
|
owner_usernames: [user.username].join(","),
|
|
|
|
allow_membership_requests: true,
|
|
|
|
membership_request_template: 'Testing',
|
|
|
|
members_visibility_level: Group.visibility_levels[:staff]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.moderators_manage_categories_and_groups = true
|
|
|
|
end
|
|
|
|
|
|
|
|
context "the user is a moderator" do
|
|
|
|
before do
|
|
|
|
user.update!(moderator: true)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should allow groups to be created' do
|
|
|
|
post "/admin/groups.json", params: group_params
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
|
|
|
group = Group.last
|
|
|
|
|
|
|
|
expect(group.name).to eq('testing-as-moderator')
|
|
|
|
expect(group.users).to contain_exactly(admin, user)
|
|
|
|
expect(group.allow_membership_requests).to eq(true)
|
|
|
|
expect(group.membership_request_template).to eq('Testing')
|
|
|
|
expect(group.members_visibility_level).to eq(Group.visibility_levels[:staff])
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should allow group owners to be added' do
|
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: [user.username, admin.username].join(",")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
|
|
|
response_body = response.parsed_body
|
|
|
|
|
|
|
|
expect(response_body["usernames"]).to contain_exactly(user.username, admin.username)
|
|
|
|
|
|
|
|
expect(group.group_users.where(owner: true).map(&:user))
|
|
|
|
.to contain_exactly(user, admin)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should allow groups owners to be removed' do
|
|
|
|
group.add_owner(user)
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
user_id: user.id
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(group.group_users.where(owner: true)).to eq([])
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "the user is not a moderator or admin" do
|
|
|
|
before do
|
|
|
|
user.update!(moderator: false, admin: false)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should not allow groups to be created' do
|
|
|
|
post "/admin/groups.json", params: group_params
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should not allow group owners to be added' do
|
|
|
|
put "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
group: {
|
|
|
|
usernames: [user.username, admin.username].join(",")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should not allow groups owners to be removed' do
|
|
|
|
group.add_owner(user)
|
|
|
|
|
|
|
|
delete "/admin/groups/#{group.id}/owners.json", params: {
|
|
|
|
user_id: user.id
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2017-07-27 02:39:47 -04:00
|
|
|
end
|