discourse/spec/lib/guardian/post_guardian_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

60 lines
2.3 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
RSpec.describe PostGuardian do
fab!(:groupless_user) { Fabricate(:user) }
fab!(:user) { Fabricate(:user) }
fab!(:anon) { Fabricate(:anonymous) }
fab!(:admin) { Fabricate(:admin) }
fab!(:moderator) { Fabricate(:moderator) }
fab!(:group) { Fabricate(:group) }
fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }
fab!(:category) { Fabricate(:category) }
fab!(:topic) { Fabricate(:topic, category: category) }
fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true) }
describe "#can_see_hidden_post?" do
context "when the hidden_post_visible_groups contains everyone" do
before { SiteSetting.hidden_post_visible_groups = "#{Group::AUTO_GROUPS[:everyone]}" }
it "returns true for everyone" do
expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(true)
expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
end
end
context "when the post is a created by the user" do
fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true, user: user) }
before { SiteSetting.hidden_post_visible_groups = "" }
it "returns true for the author" do
SiteSetting.hidden_post_visible_groups = ""
expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
end
end
context "when the post is a created by another user" do
before { SiteSetting.hidden_post_visible_groups = "14|#{group.id}" }
it "returns true for staff users" do
expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
end
it "returns false for anonymous users" do
expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(false)
end
it "returns true if the user is in hidden_post_visible_groups" do
expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
end
it "returns false if the user is not in hidden_post_visible_groups" do
expect(Guardian.new(groupless_user).can_see_hidden_post?(hidden_post)).to eq(false)
end
end
end
end