discourse/spec/lib/category_guardian_spec.rb

# frozen_string_literal: true

RSpec.describe CategoryGuardian do
  fab!(:admin)
  fab!(:user)
  fab!(:can_create_user) { Fabricate(:user) }

  describe "can_post_in_category?" do
    fab!(:category)
    context "when not restricted category" do
      it "returns false for anonymous user" do
        expect(Guardian.new.can_post_in_category?(category)).to eq(false)
      end
      it "returns true for admin" do
        expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
      end

      it "returns true for regular user" do
        expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
      end
    end

    context "when restricted category" do
      fab!(:group)
      fab!(:category) do
        Fabricate(
          :private_category,
          group: group,
          permission_type: CategoryGroup.permission_types[:readonly],
        )
      end
      fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }

      it "returns false for anonymous user" do
        expect(Guardian.new.can_post_in_category?(category)).to eq(false)
      end

      it "returns false for member of group with readonly access" do
        expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)
      end

      it "returns false if everyone has readonly access" do
        everyone = Group.find(Group::AUTO_GROUPS[:everyone])
        everyone.add(user)
        category = Fabricate(:category)
        Fabricate(
          :category_group,
          category: category,
          group: everyone,
          permission_type: CategoryGroup.permission_types[:readonly],
        )
        expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)
      end

      it "returns true for admin" do
        expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
      end

      it "returns true for member of group with create_post access" do
        category =
          Fabricate(
            :private_category,
            group: group,
            permission_type: CategoryGroup.permission_types[:create_post],
          )
        expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
      end

      it "returns true for member of group with full access" do
        category =
          Fabricate(
            :private_category,
            group: group,
            permission_type: CategoryGroup.permission_types[:full],
          )
        expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
      end
    end
  end
end
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`# frozen_string_literal: true`

			`RSpec.describe CategoryGuardian do`
DEV: Allow fab! without block (#24314) The most common thing that we do with fab! is: fab!(:thing) { Fabricate(:thing) } This commit adds a shorthand for this which is just simply: fab!(:thing) i.e. If you omit the block, then, by default, you'll get a `Fabricate`d object using the fabricator of the same name. 2023-11-09 17:47:59 -05:00			`fab!(:admin)`
			`fab!(:user)`
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`fab!(:can_create_user) { Fabricate(:user) }`

			`describe "can_post_in_category?" do`
DEV: Allow fab! without block (#24314) The most common thing that we do with fab! is: fab!(:thing) { Fabricate(:thing) } This commit adds a shorthand for this which is just simply: fab!(:thing) i.e. If you omit the block, then, by default, you'll get a `Fabricate`d object using the fabricator of the same name. 2023-11-09 17:47:59 -05:00			`fab!(:category)`
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`context "when not restricted category" do`
			`it "returns false for anonymous user" do`
			`expect(Guardian.new.can_post_in_category?(category)).to eq(false)`
			`end`
			`it "returns true for admin" do`
			`expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)`
			`end`

			`it "returns true for regular user" do`
			`expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)`
			`end`
			`end`

			`context "when restricted category" do`
DEV: Allow fab! without block (#24314) The most common thing that we do with fab! is: fab!(:thing) { Fabricate(:thing) } This commit adds a shorthand for this which is just simply: fab!(:thing) i.e. If you omit the block, then, by default, you'll get a `Fabricate`d object using the fabricator of the same name. 2023-11-09 17:47:59 -05:00			`fab!(:group)`
DEV: permission type for private category fabricator (#19601) Allow to specify permission type for category fabricator to test `:readonly`, `:create_post` and `:full` rights. 2022-12-22 22:18:29 -05:00			`fab!(:category) do`
			`Fabricate(`
			`:private_category,`
			`group: group,`
			`permission_type: CategoryGroup.permission_types[:readonly],`
			`)`
DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 06:18:21 -05:00			`end`
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }`

			`it "returns false for anonymous user" do`
			`expect(Guardian.new.can_post_in_category?(category)).to eq(false)`
			`end`

			`it "returns false for member of group with readonly access" do`
			`expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)`
			`end`

FIX: Don't autojoin users when they have ready-only permissions (#20213) After this change, in order to join a chat channel, a user needs to be in a group with at least “Reply” permission for the category. If the user only has “See” permission, they are able to preview the channel, but not join it or send messages. The auto-join function also follows this new restriction. --------- Co-authored-by: Martin Brennan <martin@discourse.org> 2023-05-10 07:45:13 -04:00			`it "returns false if everyone has readonly access" do`
			`everyone = Group.find(Group::AUTO_GROUPS[:everyone])`
			`everyone.add(user)`
			`category = Fabricate(:category)`
			`Fabricate(`
			`:category_group,`
			`category: category,`
			`group: everyone,`
			`permission_type: CategoryGroup.permission_types[:readonly],`
			`)`
			`expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)`
			`end`

FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`it "returns true for admin" do`
			`expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)`
			`end`

			`it "returns true for member of group with create_post access" do`
DEV: permission type for private category fabricator (#19601) Allow to specify permission type for category fabricator to test `:readonly`, `:create_post` and `:full` rights. 2022-12-22 22:18:29 -05:00			`category =`
			`Fabricate(`
			`:private_category,`
			`group: group,`
			`permission_type: CategoryGroup.permission_types[:create_post],`
			`)`
			`expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)`
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`end`

			`it "returns true for member of group with full access" do`
DEV: permission type for private category fabricator (#19601) Allow to specify permission type for category fabricator to test `:readonly`, `:create_post` and `:full` rights. 2022-12-22 22:18:29 -05:00			`category =`
			`Fabricate(`
			`:private_category,`
			`group: group,`
			`permission_type: CategoryGroup.permission_types[:full],`
			`)`
			`expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)`
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel. 2022-12-18 19:35:28 -05:00			`end`
			`end`
			`end`
			`end`