discourse/spec/models/site_spec.rb

require 'rails_helper'
require_dependency 'site'

describe Site do

  def expect_correct_themes(guardian)
    json = Site.json_for(guardian)
    parsed = JSON.parse(json)

    expected = Theme.where('id = :default OR user_selectable',
                    default: SiteSetting.default_theme_id)
      .order(:name)
      .pluck(:id, :name)
      .map { |id, n| { "theme_id" => id, "name" => n, "default" => id == SiteSetting.default_theme_id } }

    expect(parsed["user_themes"]).to eq(expected)
  end

  it "includes user themes and expires them as needed" do
    default_theme = Fabricate(:theme)
    SiteSetting.default_theme_id = default_theme.id
    user_theme = Fabricate(:theme, user_selectable: true)

    anon_guardian = Guardian.new
    user_guardian = Guardian.new(Fabricate(:user))

    expect_correct_themes(anon_guardian)
    expect_correct_themes(user_guardian)

    Theme.clear_default!

    expect_correct_themes(anon_guardian)
    expect_correct_themes(user_guardian)

    user_theme.user_selectable = false
    user_theme.save!

    expect_correct_themes(anon_guardian)
    expect_correct_themes(user_guardian)

  end

  it "omits categories users can not write to from the category list" do
    category = Fabricate(:category)
    user = Fabricate(:user)

    expect(Site.new(Guardian.new(user)).categories.count).to eq(2)

    category.set_permissions(everyone: :create_post)
    category.save

    guardian = Guardian.new(user)

    expect(Site.new(guardian)
        .categories
        .keep_if { |c| c.name == category.name }
        .first
        .permission)
      .not_to eq(CategoryGroup.permission_types[:full])

    # If a parent category is not visible, the child categories should not be returned
    category.set_permissions(staff: :full)
    category.save

    sub_category = Fabricate(:category, parent_category_id: category.id)
    expect(Site.new(guardian).categories).not_to include(sub_category)
  end

  it "omits groups user can not see" do
    user = Fabricate(:user)
    site = Site.new(Guardian.new(user))

    staff_group = Fabricate(:group, visibility_level: Group.visibility_levels[:staff])
    expect(site.groups.pluck(:name)).not_to include(staff_group.name)

    public_group = Fabricate(:group)
    expect(site.groups.pluck(:name)).to include(public_group.name)

    admin = Fabricate(:admin)
    site = Site.new(Guardian.new(admin))
    expect(site.groups.pluck(:name)).to include(staff_group.name, public_group.name, "everyone")
  end

  it "includes all enabled authentication providers" do
    SiteSetting.enable_twitter_logins = true
    SiteSetting.enable_facebook_logins = true
    data = JSON.parse(Site.json_for(Guardian.new))
    expect(data["auth_providers"].map { |a| a["name"] }).to contain_exactly('facebook', 'twitter')
  end

  it "includes all enabled authentication providers for anon when login_required" do
    SiteSetting.login_required = true
    SiteSetting.enable_twitter_logins = true
    SiteSetting.enable_facebook_logins = true
    data = JSON.parse(Site.json_for(Guardian.new))
    expect(data["auth_providers"].map { |a| a["name"] }).to contain_exactly('facebook', 'twitter')
  end

end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require 'rails_helper'`
work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-13 21:24:16 -04:00			`require_dependency 'site'`

			`describe Site do`
FEATURE: Native theme support This feature introduces the concept of themes. Themes are an evolution of site customizations. Themes introduce two very big conceptual changes: - A theme may include other "child themes", children can include grand children and so on. - A theme may specify a color scheme The change does away with the idea of "enabled" color schemes. It also adds a bunch of big niceties like - You can source a theme from a git repo - History for themes is much improved - You can only have a single enabled theme. Themes can be selected by users, if you opt for it. On a technical level this change comes with a whole bunch of goodies - All CSS is now compiled using a custom pipeline that uses libsass see /lib/stylesheet - There is a single pipeline for css compilation (in the past we used one for customizations and another one for the rest of the app - The stylesheet pipeline is now divorced of sprockets, there is no reliance on sprockets for CSS bundling - CSS is generated with source maps everywhere (including themes) this makes debugging much easier - Our "live reloader" is smarter and avoid a flash of unstyled content we run a file watcher in "puma" in dev so you no longer need to run rake autospec to watch for CSS changes 2017-04-12 10:52:52 -04:00
			`def expect_correct_themes(guardian)`
			`json = Site.json_for(guardian)`
			`parsed = JSON.parse(json)`

FEATURE: Groundwork for user-selectable theme components * Phase 0 for user-selectable theme components - Drops `key` column from the `themes` table - Drops `theme_key` column from the `user_options` table - Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column. - Removes the `default_theme_key` site setting and adds `default_theme_id` instead. - Replaces `theme_key` cookie with a new one called `theme_ids` - no longer need Theme.settings_for_client 2018-07-12 00:18:21 -04:00			`expected = Theme.where('id = :default OR user_selectable',`
			`default: SiteSetting.default_theme_id)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.order(:name)`
FEATURE: Groundwork for user-selectable theme components * Phase 0 for user-selectable theme components - Drops `key` column from the `themes` table - Drops `theme_key` column from the `user_options` table - Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column. - Removes the `default_theme_key` site setting and adds `default_theme_id` instead. - Replaces `theme_key` cookie with a new one called `theme_ids` - no longer need Theme.settings_for_client 2018-07-12 00:18:21 -04:00			`.pluck(:id, :name)`
			`.map { \|id, n\| { "theme_id" => id, "name" => n, "default" => id == SiteSetting.default_theme_id } }`
FEATURE: Native theme support This feature introduces the concept of themes. Themes are an evolution of site customizations. Themes introduce two very big conceptual changes: - A theme may include other "child themes", children can include grand children and so on. - A theme may specify a color scheme The change does away with the idea of "enabled" color schemes. It also adds a bunch of big niceties like - You can source a theme from a git repo - History for themes is much improved - You can only have a single enabled theme. Themes can be selected by users, if you opt for it. On a technical level this change comes with a whole bunch of goodies - All CSS is now compiled using a custom pipeline that uses libsass see /lib/stylesheet - There is a single pipeline for css compilation (in the past we used one for customizations and another one for the rest of the app - The stylesheet pipeline is now divorced of sprockets, there is no reliance on sprockets for CSS bundling - CSS is generated with source maps everywhere (including themes) this makes debugging much easier - Our "live reloader" is smarter and avoid a flash of unstyled content we run a file watcher in "puma" in dev so you no longer need to run rake autospec to watch for CSS changes 2017-04-12 10:52:52 -04:00
			`expect(parsed["user_themes"]).to eq(expected)`
			`end`

			`it "includes user themes and expires them as needed" do`
FEATURE: backend support for user-selectable components * FEATURE: backend support for user-selectable components * fix problems with previewing default theme * rename preview_key => preview_theme_id * omit default theme from child themes dropdown and try a different fix * cache & freeze stylesheets arrays 2018-08-08 00:46:34 -04:00			`default_theme = Fabricate(:theme)`
FEATURE: Groundwork for user-selectable theme components * Phase 0 for user-selectable theme components - Drops `key` column from the `themes` table - Drops `theme_key` column from the `user_options` table - Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column. - Removes the `default_theme_key` site setting and adds `default_theme_id` instead. - Replaces `theme_key` cookie with a new one called `theme_ids` - no longer need Theme.settings_for_client 2018-07-12 00:18:21 -04:00			`SiteSetting.default_theme_id = default_theme.id`
FEATURE: backend support for user-selectable components * FEATURE: backend support for user-selectable components * fix problems with previewing default theme * rename preview_key => preview_theme_id * omit default theme from child themes dropdown and try a different fix * cache & freeze stylesheets arrays 2018-08-08 00:46:34 -04:00			`user_theme = Fabricate(:theme, user_selectable: true)`
FEATURE: Native theme support This feature introduces the concept of themes. Themes are an evolution of site customizations. Themes introduce two very big conceptual changes: - A theme may include other "child themes", children can include grand children and so on. - A theme may specify a color scheme The change does away with the idea of "enabled" color schemes. It also adds a bunch of big niceties like - You can source a theme from a git repo - History for themes is much improved - You can only have a single enabled theme. Themes can be selected by users, if you opt for it. On a technical level this change comes with a whole bunch of goodies - All CSS is now compiled using a custom pipeline that uses libsass see /lib/stylesheet - There is a single pipeline for css compilation (in the past we used one for customizations and another one for the rest of the app - The stylesheet pipeline is now divorced of sprockets, there is no reliance on sprockets for CSS bundling - CSS is generated with source maps everywhere (including themes) this makes debugging much easier - Our "live reloader" is smarter and avoid a flash of unstyled content we run a file watcher in "puma" in dev so you no longer need to run rake autospec to watch for CSS changes 2017-04-12 10:52:52 -04:00
			`anon_guardian = Guardian.new`
			`user_guardian = Guardian.new(Fabricate(:user))`

			`expect_correct_themes(anon_guardian)`
			`expect_correct_themes(user_guardian)`

			`Theme.clear_default!`

			`expect_correct_themes(anon_guardian)`
			`expect_correct_themes(user_guardian)`

			`user_theme.user_selectable = false`
			`user_theme.save!`

			`expect_correct_themes(anon_guardian)`
			`expect_correct_themes(user_guardian)`

			`end`

work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-13 21:24:16 -04:00			`it "omits categories users can not write to from the category list" do`
			`category = Fabricate(:category)`
			`user = Fabricate(:user)`

models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(Site.new(Guardian.new(user)).categories.count).to eq(2)`
work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-13 21:24:16 -04:00
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`category.set_permissions(everyone: :create_post)`
work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-13 21:24:16 -04:00			`category.save`

BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 14:52:21 -05:00			`guardian = Guardian.new(user)`

models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(Site.new(guardian)`
change it so all topics MUST include a category, we store a special uncategorized category to compensate this cleans up a bunch of internals and removes some settings 2013-10-23 19:05:51 -04:00			`.categories`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.keep_if { \|c\| c.name == category.name }`
change it so all topics MUST include a category, we store a special uncategorized category to compensate this cleans up a bunch of internals and removes some settings 2013-10-23 19:05:51 -04:00			`.first`
models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`.permission)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.not_to eq(CategoryGroup.permission_types[:full])`
BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 14:52:21 -05:00
			`# If a parent category is not visible, the child categories should not be returned`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`category.set_permissions(staff: :full)`
BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 14:52:21 -05:00			`category.save`

			`sub_category = Fabricate(:category, parent_category_id: category.id)`
models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(Site.new(guardian).categories).not_to include(sub_category)`
work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-13 21:24:16 -04:00			`end`
BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 14:52:21 -05:00
SECURITY: Do not leak private group names. (#7008) 2019-02-14 09:35:58 -05:00			`it "omits groups user can not see" do`
			`user = Fabricate(:user)`
			`site = Site.new(Guardian.new(user))`

FIX: unable to create new categories Previous attempt at 70adb940 missed the critical "everyone" group from staff, leading to a case where staff was no longer able to create categories 2019-02-14 18:24:29 -05:00			`staff_group = Fabricate(:group, visibility_level: Group.visibility_levels[:staff])`
			`expect(site.groups.pluck(:name)).not_to include(staff_group.name)`
SECURITY: Do not leak private group names. (#7008) 2019-02-14 09:35:58 -05:00
FIX: unable to create new categories Previous attempt at 70adb940 missed the critical "everyone" group from staff, leading to a case where staff was no longer able to create categories 2019-02-14 18:24:29 -05:00			`public_group = Fabricate(:group)`
			`expect(site.groups.pluck(:name)).to include(public_group.name)`
SECURITY: Do not leak private group names. (#7008) 2019-02-14 09:35:58 -05:00
			`admin = Fabricate(:admin)`
			`site = Site.new(Guardian.new(admin))`
FIX: unable to create new categories Previous attempt at 70adb940 missed the critical "everyone" group from staff, leading to a case where staff was no longer able to create categories 2019-02-14 18:24:29 -05:00			`expect(site.groups.pluck(:name)).to include(staff_group.name, public_group.name, "everyone")`
SECURITY: Do not leak private group names. (#7008) 2019-02-14 09:35:58 -05:00			`end`

REFACTOR: Serve auth provider information in the site serializer. At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client. 2018-07-31 11:18:50 -04:00			`it "includes all enabled authentication providers" do`
			`SiteSetting.enable_twitter_logins = true`
			`SiteSetting.enable_facebook_logins = true`
FIX: Include auth_providers for anonymous users when login_required 2018-08-07 04:20:09 -04:00			`data = JSON.parse(Site.json_for(Guardian.new))`
			`expect(data["auth_providers"].map { \|a\| a["name"] }).to contain_exactly('facebook', 'twitter')`
			`end`

			`it "includes all enabled authentication providers for anon when login_required" do`
			`SiteSetting.login_required = true`
			`SiteSetting.enable_twitter_logins = true`
			`SiteSetting.enable_facebook_logins = true`
			`data = JSON.parse(Site.json_for(Guardian.new))`
			`expect(data["auth_providers"].map { \|a\| a["name"] }).to contain_exactly('facebook', 'twitter')`
REFACTOR: Serve auth provider information in the site serializer. At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client. 2018-07-31 11:18:50 -04:00			`end`

work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-13 21:24:16 -04:00			`end`