Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/components/guardian_spec.rb

2967 lines
99 KiB
Ruby
Raw Normal View History

Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
require 'rails_helper';
Initial release of Discourse
2013-02-05 14:16:51 -05:00
require 'guardian'
PostDestroyer to replace callbacks for destroying
2013-03-18 17:52:29 -04:00
require_dependency 'post_destroyer'
FEATURE: Staff members can lock posts Locking a post prevents it from being edited. This is useful if the user has posted something which has been edited out, and the staff members don't want them to be able to edit it back in again.
2018-01-25 15:38:40 -05:00
require_dependency 'post_locker'
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe Guardian do
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
let(:user) { Fabricate(:user) }
let(:moderator) { Fabricate(:moderator) }
let(:admin) { Fabricate(:admin) }
FEATURE: allow users to wikify their own posts based on trust level
2016-01-11 10:26:00 -05:00
let(:trust_level_2) { build(:user, trust_level: 2) }
remove elder terminology in specs
2014-09-05 02:52:40 -04:00
let(:trust_level_3) { build(:user, trust_level: 3) }
let(:trust_level_4) { build(:user, trust_level: 4) }
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin.
2013-05-31 11:41:40 -04:00
let(:another_admin) { build(:admin) }
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
let(:coding_horror) { build(:coding_horror) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
let(:topic) { build(:topic, user: user) }
let(:post) { build(:post, topic: topic, user: topic.user) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'can be created without a user (not logged in)' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect { Guardian.new }.not_to raise_error
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Easier helper for filtering secured categories
2015-02-12 11:52:59 -05:00
it 'can be instantiated with a user instance' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect { Guardian.new(user) }.not_to raise_error
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: New site setting, whitelisted_link_domains If provided, users who normally couldn't post links (say, due to a low trust level), can post links to those specific hosts.
2018-06-13 14:57:32 -04:00
describe "link_posting_access" do
it "is none for anonymous users" do
expect(Guardian.new.link_posting_access).to eq('none')
end
it "is full for regular users" do
expect(Guardian.new(user).link_posting_access).to eq('full')
end
it "is none for a user of a low trust level" do
user.trust_level = 0
SiteSetting.min_trust_to_post_links = 1
expect(Guardian.new(user).link_posting_access).to eq('none')
end
it "is limited for a user of a low trust level with a whitelist" do
SiteSetting.whitelisted_link_domains = 'example.com'
user.trust_level = 0
SiteSetting.min_trust_to_post_links = 1
expect(Guardian.new(user).link_posting_access).to eq('limited')
end
end
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
describe "can_post_link?" do
FEATURE: New site setting, whitelisted_link_domains If provided, users who normally couldn't post links (say, due to a low trust level), can post links to those specific hosts.
2018-06-13 14:57:32 -04:00
let(:host) { "discourse.org" }
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
it "returns false for anonymous users" do
FEATURE: New site setting, whitelisted_link_domains If provided, users who normally couldn't post links (say, due to a low trust level), can post links to those specific hosts.
2018-06-13 14:57:32 -04:00
expect(Guardian.new.can_post_link?(host: host)).to eq(false)
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
end
it "returns true for a regular user" do
FEATURE: New site setting, whitelisted_link_domains If provided, users who normally couldn't post links (say, due to a low trust level), can post links to those specific hosts.
2018-06-13 14:57:32 -04:00
expect(Guardian.new(user).can_post_link?(host: host)).to eq(true)
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
end
it "supports customization by site setting" do
user.trust_level = 0
SiteSetting.min_trust_to_post_links = 0
FEATURE: New site setting, whitelisted_link_domains If provided, users who normally couldn't post links (say, due to a low trust level), can post links to those specific hosts.
2018-06-13 14:57:32 -04:00
expect(Guardian.new(user).can_post_link?(host: host)).to eq(true)
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
SiteSetting.min_trust_to_post_links = 1
FEATURE: New site setting, whitelisted_link_domains If provided, users who normally couldn't post links (say, due to a low trust level), can post links to those specific hosts.
2018-06-13 14:57:32 -04:00
expect(Guardian.new(user).can_post_link?(host: host)).to eq(false)
end
describe "whitelisted host" do
before do
SiteSetting.whitelisted_link_domains = host
end
it "allows a new user to post the link to the host" do
user.trust_level = 0
SiteSetting.min_trust_to_post_links = 1
expect(Guardian.new(user).can_post_link?(host: host)).to eq(true)
expect(Guardian.new(user).can_post_link?(host: 'another-host.com')).to eq(false)
end
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
end
end
FIX: Don't allow other flag actions after `notify_moderator` has happened. https://meta.discourse.org/t/receiving-sorry-an-error-has-occurred-during-flagging-step-of-discobot-tutorial/77233/5
2018-02-27 22:22:51 -05:00
describe '#post_can_act?' do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
let(:post) { build(:post) }
let(:user) { build(:user) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false when the user is nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).post_can_act?(post, :like)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false when the post is nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(nil, :like)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false when the topic is archived" do
post.topic.archived = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: use PostDestroyer when deleting/recovering a topic
2014-08-07 13:12:35 -04:00
it "returns false when the post is deleted" do
post.deleted_at = Time.now
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
FIX: use PostDestroyer when deleting/recovering a topic
2014-08-07 13:12:35 -04:00
end
FIX: Allow silenced users to like / bookmark, just not flag.
2018-08-17 11:06:01 -04:00
it "works as expected for silenced users" do
FIX: Silenced users shouldn't be able to act on posts
2018-08-14 11:43:39 -04:00
UserSilencer.silence(user, admin)
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_falsey
FIX: Allow silenced users to like / bookmark, just not flag.
2018-08-17 11:06:01 -04:00
expect(Guardian.new(user).post_can_act?(post, :like)).to be_truthy
expect(Guardian.new(user).post_can_act?(post, :bookmark)).to be_truthy
FIX: Silenced users shouldn't be able to act on posts
2018-08-14 11:43:39 -04:00
end
FEATURE: New site setting, `allow staff flags`, false by default For some large communities, it makes sense to disable flagging of staff posts.
2018-02-12 14:56:21 -05:00
it "allows flagging archived posts" do
refactor guardian class for clarity & correctness introduce NullUser to avoid type-checking DRY up code reduce number of multiple returns remove some redundant/impossible logic branches add pending test for possible bug add test & fix for ability to flag archived posts add #secure_category? method to topic class Fix bug that prevented flagging of archived topics Rename NullUser to AnonymousUser DRY up can_<action>? methods Fix some ownership logic, and a test, for Guardian
2013-05-20 02:04:53 -04:00
post.topic.archived = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
refactor guardian class for clarity & correctness introduce NullUser to avoid type-checking DRY up code reduce number of multiple returns remove some redundant/impossible logic branches add pending test for possible bug add test & fix for ability to flag archived posts add #secure_category? method to topic class Fix bug that prevented flagging of archived topics Rename NullUser to AnonymousUser DRY up can_<action>? methods Fix some ownership logic, and a test, for Guardian
2013-05-20 02:04:53 -04:00
end
Rename `allow staff flags` to `allow flagging staff`
2018-02-12 15:27:05 -05:00
it "allows flagging of staff posts when allow_flagging_staff is true" do
SiteSetting.allow_flagging_staff = true
FEATURE: New site setting, `allow staff flags`, false by default For some large communities, it makes sense to disable flagging of staff posts.
2018-02-12 14:56:21 -05:00
staff_post = Fabricate(:post, user: Fabricate(:moderator))
expect(Guardian.new(user).post_can_act?(staff_post, :spam)).to be_truthy
end
FIX: `Guardian#post_can_act?` shouldn't raise an error if user of post has been deleted.
2018-08-17 03:10:07 -04:00
describe 'when allow_flagging_staff is false' do
let(:staff_post) { Fabricate(:post, user: Fabricate(:moderator)) }
FEATURE: New site setting, `allow staff flags`, false by default For some large communities, it makes sense to disable flagging of staff posts.
2018-02-12 14:56:21 -05:00
FIX: `Guardian#post_can_act?` shouldn't raise an error if user of post has been deleted.
2018-08-17 03:10:07 -04:00
before do
SiteSetting.allow_flagging_staff = false
end
it "doesn't allow flagging of staff posts" do
expect(Guardian.new(user).post_can_act?(staff_post, :spam)).to eq(false)
end
it "allows flagging of staff posts when staff has been deleted" do
staff_post.user.destroy!
staff_post.reload
expect(Guardian.new(user).post_can_act?(staff_post, :spam)).to eq(true)
end
it "allows liking of staff" do
expect(Guardian.new(user).post_can_act?(staff_post, :like)).to eq(true)
end
FIX: Couldn't like staff when `allow_flagging_staff` was set
2018-02-14 15:46:04 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false when liking yourself" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).post_can_act?(post, :like)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false when you've already done it" do
PERF: Avoid calling expensive `PostGuardian#can_see_post?` multiple times. Before ``` Your Results: (note for timings- percentile is first, duration is second in millisecs) --- topic_admin: 50: 19 75: 19 90: 21 99: 27 topic: 50: 56 75: 62 90: 64 99: 99 timings: load_rails: 1262 ruby-version: 2.4.1-p111 rss_kb: 198432 pss_kb: 136612 virtual: physical architecture: amd64 operatingsystem: Ubuntu memorysize: 15.59 GB kernelversion: 4.10.0 physicalprocessorcount: 1 processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz rss_kb_9877: 327892 pss_kb_9877: 263671 rss_kb_9946: 325468 pss_kb_9946: 261671 rss_kb_10153: 326456 pss_kb_10153: 262657 ``` After ``` Your Results: (note for timings- percentile is first, duration is second in millisecs) --- topic_admin: 50: 18 75: 18 90: 20 99: 28 topic: 50: 41 75: 42 90: 46 99: 49 timings: load_rails: 1201 ruby-version: 2.4.1-p111 rss_kb: 187936 pss_kb: 123596 virtual: physical architecture: amd64 operatingsystem: Ubuntu memorysize: 15.59 GB kernelversion: 4.10.0 physicalprocessorcount: 1 processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz rss_kb_26478: 342360 pss_kb_26478: 276696 rss_kb_26547: 340368 pss_kb_26547: 275930 rss_kb_26747: 338964 pss_kb_26747: 274466 ```
2017-09-08 01:07:22 -04:00
expect(Guardian.new(user).post_can_act?(post, :like, opts: {
taken_actions: { PostActionType.types[:like] => 1 }
})).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
it "returns false when you already flagged a post" do
FIX: Don't allow other flag actions after `notify_moderator` has happened. https://meta.discourse.org/t/receiving-sorry-an-error-has-occurred-during-flagging-step-of-discobot-tutorial/77233/5
2018-02-27 22:22:51 -05:00
PostActionType.notify_flag_types.each do |type, _id|
expect(Guardian.new(user).post_can_act?(post, :off_topic, opts: {
taken_actions: { PostActionType.types[type] => 1 }
})).to be_falsey
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: when private messages are disabled in settings, flag modal shouldn't show private message options
2014-12-19 16:47:39 -05:00
it "returns false for notify_user if private messages are disabled" do
rename 'enable_private_messages' to 'enable_personal_messages'
2018-01-31 01:03:12 -05:00
SiteSetting.enable_personal_messages = false
FIX: when private messages are disabled in settings, flag modal shouldn't show private message options
2014-12-19 16:47:39 -05:00
user.trust_level = TrustLevel[2]
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey
expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_falsey
FIX: when private messages are disabled in settings, flag modal shouldn't show private message options
2014-12-19 16:47:39 -05:00
end
FIX: don't offer the "Something Else" flag reason to TL0 users since they don't have permission to send private messages
2017-10-24 11:47:41 -04:00
it "returns false for notify_user and notify_moderators if private messages are enabled but threshold not met" do
rename 'enable_private_messages' to 'enable_personal_messages'
2018-01-31 01:03:12 -05:00
SiteSetting.enable_personal_messages = true
FEATURE: make trust level for message sending configurable - add min_trust_to_send_messages site setting (default 1) to allow admins to configure when messages can be sent between members
2015-10-11 20:15:38 -04:00
SiteSetting.min_trust_to_send_messages = 2
user.trust_level = TrustLevel[1]
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey
FIX: don't offer the "Something Else" flag reason to TL0 users since they don't have permission to send private messages
2017-10-24 11:47:41 -04:00
expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_falsey
FEATURE: make trust level for message sending configurable - add min_trust_to_send_messages site setting (default 1) to allow admins to configure when messages can be sent between members
2015-10-11 20:15:38 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe "trust levels" do
it "returns true for a new user liking something" do
Internal renaming of elder,leader,regular,basic to numbers Changed internals so trust levels are referred to with TrustLevel[1], TrustLevel[2] etc. This gives us much better flexibility naming trust levels, these names are meant to be controlled by various communities.
2014-09-05 01:20:39 -04:00
user.trust_level = TrustLevel[0]
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :like)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: a setting to customize the minimum TL to flag a post
2018-02-06 17:12:27 -05:00
it "returns false for a new user flagging as spam" do
Internal renaming of elder,leader,regular,basic to numbers Changed internals so trust levels are referred to with TrustLevel[1], TrustLevel[2] etc. This gives us much better flexibility naming trust levels, these names are meant to be controlled by various communities.
2014-09-05 01:20:39 -04:00
user.trust_level = TrustLevel[0]
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: a setting to customize the minimum TL to flag a post
2018-02-06 17:12:27 -05:00
it "returns true for a new user flagging as spam if enabled" do
SiteSetting.min_trust_to_flag_posts = 0
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
end
FIX: all PMs should be flaggable
2015-01-08 10:06:43 -05:00
it "returns true for a new user flagging a private message as spam" do
SECURITY: Users can only bookmark posts which they can see.
2016-12-20 23:01:26 -05:00
post = Fabricate(:private_message_post, user: Fabricate(:admin))
FIX: all PMs should be flaggable
2015-01-08 10:06:43 -05:00
user.trust_level = TrustLevel[0]
SECURITY: Users can only bookmark posts which they can see.
2016-12-20 23:01:26 -05:00
post.topic.allowed_users << user
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
FIX: all PMs should be flaggable
2015-01-08 10:06:43 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false for a new user flagging something as off topic" do
Internal renaming of elder,leader,regular,basic to numbers Changed internals so trust levels are referred to with TrustLevel[1], TrustLevel[2] etc. This gives us much better flexibility naming trust levels, these names are meant to be controlled by various communities.
2014-09-05 01:20:39 -04:00
user.trust_level = TrustLevel[0]
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :off_topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: don't show option to flag with notify_user to trust level 0 users. they can't send private messages.
2014-03-10 11:48:27 -04:00
it "returns false for a new user flagging with notify_user" do
Internal renaming of elder,leader,regular,basic to numbers Changed internals so trust levels are referred to with TrustLevel[1], TrustLevel[2] etc. This gives us much better flexibility naming trust levels, these names are meant to be controlled by various communities.
2014-09-05 01:20:39 -04:00
user.trust_level = TrustLevel[0]
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey # because new users can't send private messages
FIX: don't show option to flag with notify_user to trust level 0 users. they can't send private messages.
2014-03-10 11:48:27 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:46:54 -04:00
describe "can_enable_safe_mode" do
let(:user) { Fabricate.build(:user) }
let(:moderator) { Fabricate.build(:moderator) }
context "when enabled" do
before do
SiteSetting.enable_safe_mode = true
end
it "can be performed" do
expect(Guardian.new.can_enable_safe_mode?).to eq(true)
expect(Guardian.new(user).can_enable_safe_mode?).to eq(true)
expect(Guardian.new(moderator).can_enable_safe_mode?).to eq(true)
end
end
context "when disabled" do
before do
SiteSetting.enable_safe_mode = false
end
it "can be performed" do
expect(Guardian.new.can_enable_safe_mode?).to eq(false)
expect(Guardian.new(user).can_enable_safe_mode?).to eq(false)
expect(Guardian.new(moderator).can_enable_safe_mode?).to eq(true)
end
end
end
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
describe "can_defer_flags" do
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:04:14 -05:00
let(:post) { Fabricate(:post) }
let(:user) { post.user }
let(:moderator) { Fabricate(:moderator) }
it "returns false when the user is nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_defer_flags?(post)).to be_falsey
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:04:14 -05:00
end
it "returns false when the post is nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_defer_flags?(nil)).to be_falsey
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:04:14 -05:00
end
it "returns false when the user is not a moderator" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_defer_flags?(post)).to be_falsey
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:04:14 -05:00
end
it "returns true when the user is a moderator" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_defer_flags?(post)).to be_truthy
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:04:14 -05:00
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe 'can_send_private_message' do
let(:user) { Fabricate(:user) }
let(:another_user) { Fabricate(:user) }
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:19 -04:00
let(:suspended_user) { Fabricate(:user, suspended_till: 1.week.from_now, suspended_at: 1.day.ago) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false when the user is nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_send_private_message?(user)).to be_falsey
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false when the target user is nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_send_private_message?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-03 21:36:43 -04:00
it "returns true when the target is the same as the user" do
# this is now allowed so yay
expect(Guardian.new(user).can_send_private_message?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Revert "FIX: TL0 users' messages to moderators were not being posted when flagging private messages"
2017-10-23 17:19:30 -04:00
it "returns false when you are untrusted" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns true to another user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
FEATURE: make trust level for message sending configurable - add min_trust_to_send_messages site setting (default 1) to allow admins to configure when messages can be sent between members
2015-10-11 20:15:38 -04:00
it "disallows pms to other users if trust level is not met" do
SiteSetting.min_trust_to_send_messages = TrustLevel[2]
user.trust_level = TrustLevel[1]
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
end
rename 'enable_private_messages' to 'enable_personal_messages'
2018-01-31 01:03:12 -05:00
context "enable_personal_messages is false" do
before { SiteSetting.enable_personal_messages = false }
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 01:02:09 -05:00
it "returns false if user is not staff member" do
expect(Guardian.new(trust_level_4).can_send_private_message?(another_user)).to be_falsey
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
end
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 01:02:09 -05:00
it "returns true for staff member" do
expect(Guardian.new(moderator).can_send_private_message?(another_user)).to be_truthy
expect(Guardian.new(admin).can_send_private_message?(another_user)).to be_truthy
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
end
end
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:19 -04:00
context "target user is suspended" do
it "returns true for staff" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_send_private_message?(suspended_user)).to be_truthy
expect(Guardian.new(moderator).can_send_private_message?(suspended_user)).to be_truthy
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:19 -04:00
end
it "returns false for regular users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_send_private_message?(suspended_user)).to be_falsey
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:19 -04:00
end
end
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
Rename "Blocked" to "Silenced"
2017-11-10 12:18:08 -05:00
context "author is silenced" do
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
before do
FEATURE: Support an end date for user silencing
2017-11-13 13:41:36 -05:00
user.silenced_till = 1.year.from_now
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
user.save
end
it "returns true if target is staff" do
expect(Guardian.new(user).can_send_private_message?(admin)).to be_truthy
expect(Guardian.new(user).can_send_private_message?(moderator)).to be_truthy
end
it "returns false if target is not staff" do
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
end
FIX: error when sending a private message to a group in some cases
2016-03-23 16:20:24 -04:00
it "returns true if target is a staff group" do
Group::STAFF_GROUPS.each do |name|
g = Group[name]
SECURITY: Any group can be invited into a PM.
2017-12-13 21:53:21 -05:00
g.update!(messageable_level: Group::ALIAS_LEVELS[:everyone])
FIX: error when sending a private message to a group in some cases
2016-03-23 16:20:24 -04:00
expect(Guardian.new(user).can_send_private_message?(g)).to be_truthy
end
end
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
end
FEATURE: Allow users to disable new PMs. https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-06 03:56:58 -04:00
SECURITY: Any group can be invited into a PM.
2017-12-13 21:53:21 -05:00
it "respects the group's messageable_level" do
group = Fabricate(:group)
Group::ALIAS_LEVELS.each do |level, _|
group.update!(messageable_level: Group::ALIAS_LEVELS[level])
output = level == :everyone ? true : false
expect(Guardian.new(user).can_send_private_message?(group)).to eq(output)
end
admin = Fabricate(:admin)
Group::ALIAS_LEVELS.each do |level, _|
group.update!(messageable_level: Group::ALIAS_LEVELS[level])
expect(Guardian.new(admin).can_send_private_message?(group)).to eq(true)
end
end
FEATURE: Allow users to disable new PMs. https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-06 03:56:58 -04:00
context 'target user has private message disabled' do
before do
another_user.user_option.update!(allow_private_messages: false)
end
context 'for a normal user' do
it 'should return false' do
expect(Guardian.new(user).can_send_private_message?(another_user)).to eq(false)
end
end
context 'for a staff user' do
it 'should return true' do
[admin, moderator].each do |staff_user|
expect(Guardian.new(staff_user).can_send_private_message?(another_user))
.to eq(true)
end
end
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
describe 'can_reply_as_new_topic' do
let(:user) { Fabricate(:user) }
let(:topic) { Fabricate(:topic) }
FEATURE: reply as new message to the same recipients
2016-11-29 12:59:42 -05:00
let(:private_message) { Fabricate(:private_message_topic) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false for a non logged in user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_reply_as_new_topic?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false for a nil topic" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_reply_as_new_topic?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false for an untrusted user" do
Internal renaming of elder,leader,regular,basic to numbers Changed internals so trust levels are referred to with TrustLevel[1], TrustLevel[2] etc. This gives us much better flexibility naming trust levels, these names are meant to be controlled by various communities.
2014-09-05 01:20:39 -04:00
user.trust_level = TrustLevel[0]
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_reply_as_new_topic?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns true for a trusted user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_reply_as_new_topic?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: reply as new message to the same recipients
2016-11-29 12:59:42 -05:00
it "returns true for a private message" do
expect(Guardian.new(user).can_reply_as_new_topic?(private_message)).to be_truthy
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
describe 'can_see_post_actors?' do
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
let(:topic) { Fabricate(:topic, user: coding_horror) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
it 'displays visibility correctly' do
guardian = Guardian.new(user)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(guardian.can_see_post_actors?(nil, PostActionType.types[:like])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:like])).to be_truthy
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:bookmark])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:off_topic])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:spam])).to be_falsey
FIX: should not be allowed to see users list of people who started a PM
2016-10-19 02:36:35 -04:00
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:notify_user])).to be_falsey
expect(Guardian.new(moderator).can_see_post_actors?(topic, PostActionType.types[:notify_user])).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
describe 'can_impersonate?' do
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
it 'allows impersonation correctly' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_impersonate?(nil)).to be_falsey
expect(Guardian.new.can_impersonate?(user)).to be_falsey
expect(Guardian.new(coding_horror).can_impersonate?(user)).to be_falsey
expect(Guardian.new(admin).can_impersonate?(admin)).to be_falsey
expect(Guardian.new(admin).can_impersonate?(another_admin)).to be_falsey
expect(Guardian.new(admin).can_impersonate?(user)).to be_truthy
expect(Guardian.new(admin).can_impersonate?(moderator)).to be_truthy
give god rights of impersonation to developers, must be edited into the production.rb config file
2013-09-04 20:27:34 -04:00
Rails.configuration.stubs(:developer_emails).returns([admin.email])
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_impersonate?(another_admin)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
FEATURE: add a button on admin user page that links to action log
2017-02-21 07:45:30 -05:00
describe "can_view_action_logs?" do
it 'is false for non-staff acting user' do
expect(Guardian.new(user).can_view_action_logs?(moderator)).to be_falsey
end
it 'is false without a target user' do
expect(Guardian.new(moderator).can_view_action_logs?(nil)).to be_falsey
end
FIX: show all staff events related to the target user
2017-02-22 03:01:40 -05:00
it 'is true when target user is present' do
expect(Guardian.new(moderator).can_view_action_logs?(user)).to be_truthy
FEATURE: add a button on admin user page that links to action log
2017-02-21 07:45:30 -05:00
end
end
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:26 -05:00
describe 'can_invite_to_forum?' do
let(:user) { Fabricate.build(:user) }
let(:moderator) { Fabricate.build(:moderator) }
it "doesn't allow anonymous users to invite" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_invite_to_forum?).to be_falsey
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:26 -05:00
end
it 'returns true when the site requires approving users and is mod' do
FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 02:12:24 -04:00
SiteSetting.must_approve_users = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_invite_to_forum?).to be_truthy
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:26 -05:00
end
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 02:51:21 -04:00
it 'returns false when max_invites_per_day is 0' do
# let's also break it while here
SiteSetting.max_invites_per_day = "a"
FIX: staff should be immune to max_invites_per_day setting
2015-06-05 00:52:41 -04:00
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
# staff should be immune to max_invites_per_day setting
expect(Guardian.new(moderator).can_invite_to_forum?).to be_truthy
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 02:51:21 -04:00
end
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:26 -05:00
it 'returns false when the site requires approving users and is regular' do
SiteSetting.expects(:must_approve_users?).returns(true)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:26 -05:00
end
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:04 -04:00
it 'returns false when the local logins are disabled' do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_local_logins = false
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
expect(Guardian.new(moderator).can_invite_to_forum?).to be_falsey
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:04 -04:00
end
FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 02:12:24 -04:00
context 'with groups' do
let(:group) { Fabricate(:group) }
let(:another_group) { Fabricate(:group) }
let(:groups) { [group, another_group] }
before do
user.update!(trust_level: TrustLevel[2])
group.add_owner(user)
end
it 'returns false when user is not allowed to edit a group' do
expect(Guardian.new(user).can_invite_to_forum?(groups)).to eq(false)
expect(Guardian.new(Fabricate(:admin)).can_invite_to_forum?(groups))
.to eq(true)
end
it 'returns true when user is allowed to edit groups' do
another_group.add_owner(user)
expect(Guardian.new(user).can_invite_to_forum?(groups)).to eq(true)
end
end
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:26 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe 'can_invite_to?' do
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
describe "regular topics" do
let(:group) { Fabricate(:group) }
let(:category) { Fabricate(:category, read_restricted: true) }
let(:topic) { Fabricate(:topic) }
let(:private_topic) { Fabricate(:topic, category: category) }
let(:user) { topic.user }
let(:moderator) { Fabricate(:moderator) }
let(:admin) { Fabricate(:admin) }
let(:private_category) { Fabricate(:private_category, group: group) }
let(:group_private_topic) { Fabricate(:topic, category: private_category) }
let(:group_owner) { group_private_topic.user.tap { |u| group.add_owner(u) } }
let(:pm) { Fabricate(:topic) }
it 'handles invitation correctly' do
expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
SiteSetting.max_invites_per_day = 0
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
# staff should be immune to max_invites_per_day setting
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
end
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 02:51:21 -04:00
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
it 'returns false for normal user on private topic' do
expect(Guardian.new(user).can_invite_to?(private_topic)).to be_falsey
end
FIX: staff should be immune to max_invites_per_day setting
2015-06-05 00:52:41 -04:00
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
it 'returns true for admin on private topic' do
expect(Guardian.new(admin).can_invite_to?(private_topic)).to be_truthy
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
it 'returns true for a group owner' do
expect(Guardian.new(group_owner).can_invite_to?(group_private_topic)).to be_truthy
end
FIX: user should not be able to invite to PM if trust level requirment not met FIX: when personal messages are disabled let user invite to a public topic
2018-03-07 15:04:17 -05:00
it 'returns true for normal user when inviting to topic and PM disabled' do
SiteSetting.enable_personal_messages = false
expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy
end
REFACTOR: move all conditions to guardian
2014-07-04 13:34:19 -04:00
end
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
describe "private messages" do
let(:user) { Fabricate(:user, trust_level: TrustLevel[2]) }
let!(:pm) { Fabricate(:private_message_topic, user: user) }
let(:admin) { Fabricate(:admin) }
FIX: don't allow inviting more than `max_allowed_message_recipients` * FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows * add specs for guardian * user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit) Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences * groups take only 1 slot in PM * just return if topic is a PM
2018-08-23 00:36:49 -04:00
let(:moderator) { Fabricate(:moderator) }
REFACTOR: move all conditions to guardian
2014-07-04 13:34:19 -04:00
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
context "when private messages are disabled" do
it "allows an admin to invite to the pm" do
expect(Guardian.new(admin).can_invite_to?(pm)).to be_truthy
expect(Guardian.new(user).can_invite_to?(pm)).to be_truthy
end
end
context "when private messages are disabled" do
before do
rename 'enable_private_messages' to 'enable_personal_messages'
2018-01-31 01:03:12 -05:00
SiteSetting.enable_personal_messages = false
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:55:26 -04:00
end
it "doesn't allow a regular user to invite" do
expect(Guardian.new(admin).can_invite_to?(pm)).to be_truthy
expect(Guardian.new(user).can_invite_to?(pm)).to be_falsey
end
end
FIX: don't allow inviting more than `max_allowed_message_recipients` * FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows * add specs for guardian * user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit) Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences * groups take only 1 slot in PM * just return if topic is a PM
2018-08-23 00:36:49 -04:00
context "when PM has receached the maximum number of recipients" do
before do
SiteSetting.max_allowed_message_recipients = 2
end
it "doesn't allow a regular user to invite" do
expect(Guardian.new(user).can_invite_to?(pm)).to be_falsey
end
it "allows staff to invite" do
expect(Guardian.new(admin).can_invite_to?(pm)).to be_truthy
pm.grant_permission_to_user(moderator.email)
expect(Guardian.new(moderator).can_invite_to?(pm)).to be_truthy
end
end
group manager can invite members into the group from any restricted topic
2015-03-02 14:25:25 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-02 12:38:25 -05:00
describe 'can_invite_via_email?' do
it 'returns true for all (tl2 and above) users when sso is disabled, local logins are enabled, user approval is not required' do
expect(Guardian.new(trust_level_2).can_invite_via_email?(topic)).to be_truthy
expect(Guardian.new(moderator).can_invite_via_email?(topic)).to be_truthy
expect(Guardian.new(admin).can_invite_via_email?(topic)).to be_truthy
end
it 'returns false for all users when sso is enabled' do
fix the build
2017-12-23 03:46:48 -05:00
SiteSetting.sso_url = "https://www.example.com/sso"
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-02 12:38:25 -05:00
SiteSetting.enable_sso = true
expect(Guardian.new(trust_level_2).can_invite_via_email?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_via_email?(topic)).to be_falsey
expect(Guardian.new(admin).can_invite_via_email?(topic)).to be_falsey
end
it 'returns false for all users when local logins are disabled' do
SiteSetting.enable_local_logins = false
expect(Guardian.new(trust_level_2).can_invite_via_email?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_via_email?(topic)).to be_falsey
expect(Guardian.new(admin).can_invite_via_email?(topic)).to be_falsey
end
it 'returns correct valuse when user approval is required' do
SiteSetting.must_approve_users = true
expect(Guardian.new(trust_level_2).can_invite_via_email?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_via_email?(topic)).to be_truthy
expect(Guardian.new(admin).can_invite_via_email?(topic)).to be_truthy
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe 'can_see?' do
it 'returns false with a nil object' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_see?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: staged user doesn't get notified for replies in topics they created in secured categories
2016-02-24 05:30:17 -05:00
describe 'a Category' do
it 'allows public categories' do
public_category = build(:category, read_restricted: false)
expect(Guardian.new.can_see?(public_category)).to be_truthy
end
it 'correctly handles secure categories' do
normal_user = build(:user)
staged_user = build(:user, staged: true)
admin_user = build(:user, admin: true)
secure_category = build(:category, read_restricted: true)
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
secure_category = build(:category, read_restricted: true, email_in: "foo@bar.com")
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
secure_category = build(:category, read_restricted: true, email_in_allow_strangers: true)
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
secure_category = build(:category, read_restricted: true, email_in: "foo@bar.com", email_in_allow_strangers: true)
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_truthy
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
end
it 'allows members of an authorized group' do
user = Fabricate(:user)
group = Fabricate(:group)
secure_category = Fabricate(:category)
secure_category.set_permissions(group => :readonly)
secure_category.save
expect(Guardian.new(user).can_see?(secure_category)).to be_falsey
group.add(user)
group.save
expect(Guardian.new(user).can_see?(secure_category)).to be_truthy
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe 'a Topic' do
it 'allows non logged in users to view topics' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_see?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
it 'correctly handles groups' do
group = Fabricate(:group)
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-13 21:24:16 -04:00
category = Fabricate(:category, read_restricted: true)
category.set_permissions(group => :full)
category.save
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
topic = Fabricate(:topic, category: category)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see?(topic)).to be_falsey
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
group.add(user)
group.save
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see?(topic)).to be_truthy
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
end
FIX: moderators can't see private topics that they aren't invited to see.
2014-05-12 15:26:36 -04:00
FEATURE: Hide deleted posts by default for staff
2014-07-15 17:02:43 -04:00
it "restricts deleted topics" do
topic = Fabricate(:topic)
topic.trash!(moderator)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_see?(topic)).to be_falsey
expect(Guardian.new(moderator).can_see?(topic)).to be_truthy
expect(Guardian.new(admin).can_see?(topic)).to be_truthy
FEATURE: Hide deleted posts by default for staff
2014-07-15 17:02:43 -04:00
end
FIX: moderators can't see private topics that they aren't invited to see.
2014-05-12 15:26:36 -04:00
it "restricts private topics" do
user.save!
private_topic = Fabricate(:private_message_topic, user: user)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(private_topic.user).can_see?(private_topic)).to be_truthy
expect(Guardian.new(build(:user)).can_see?(private_topic)).to be_falsey
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
expect(Guardian.new(admin).can_see?(private_topic)).to be_truthy
FIX: moderators can't see private topics that they aren't invited to see.
2014-05-12 15:26:36 -04:00
end
FEATURE: Hide deleted posts by default for staff
2014-07-15 17:02:43 -04:00
it "restricts private deleted topics" do
user.save!
private_topic = Fabricate(:private_message_topic, user: user)
private_topic.trash!(admin)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(private_topic.user).can_see?(private_topic)).to be_falsey
expect(Guardian.new(build(:user)).can_see?(private_topic)).to be_falsey
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
expect(Guardian.new(admin).can_see?(private_topic)).to be_truthy
FEATURE: Hide deleted posts by default for staff
2014-07-15 17:02:43 -04:00
end
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
it "restricts static doc topics" do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.tos_topic_id = tos_topic.id
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_edit?(tos_topic)).to be_falsey
expect(Guardian.new(moderator).can_edit?(tos_topic)).to be_falsey
expect(Guardian.new(admin).can_edit?(tos_topic)).to be_truthy
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
end
FEATURE: allow moderators to see flagged private messages
2015-02-16 07:03:04 -05:00
it "allows moderators to see a flagged private message" do
moderator.save!
user.save!
private_topic = Fabricate(:private_message_topic, user: user)
first_post = Fabricate(:post, topic: private_topic, user: user)
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
PostAction.act(user, first_post, PostActionType.types[:off_topic])
expect(Guardian.new(moderator).can_see?(private_topic)).to be_truthy
end
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
end
describe 'a Post' do
Add `deleted_by` to `Trashable` tables
2013-07-09 15:20:18 -04:00
let(:another_admin) { Fabricate(:admin) }
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
it 'correctly handles post visibility' do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
post = Fabricate(:post)
topic = post.topic
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see?(post)).to be_truthy
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
Add `deleted_by` to `Trashable` tables
2013-07-09 15:20:18 -04:00
post.trash!(another_admin)
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
post.reload
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see?(post)).to be_falsey
expect(Guardian.new(admin).can_see?(post)).to be_truthy
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed makes upgrading to rails 4 possible
2013-05-07 00:39:01 -04:00
post.recover!
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
post.reload
Add `deleted_by` to `Trashable` tables
2013-07-09 15:20:18 -04:00
topic.trash!(another_admin)
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
topic.reload
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see?(post)).to be_falsey
expect(Guardian.new(admin).can_see?(post)).to be_truthy
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
end
FEATURE: Whisper posts
2015-09-10 16:01:23 -04:00
it 'respects whispers' do
regular_post = Fabricate.build(:post)
whisper_post = Fabricate.build(:post, post_type: Post.types[:whisper])
anon_guardian = Guardian.new
expect(anon_guardian.can_see?(regular_post)).to eq(true)
expect(anon_guardian.can_see?(whisper_post)).to eq(false)
regular_user = Fabricate.build(:user)
regular_guardian = Guardian.new(regular_user)
expect(regular_guardian.can_see?(regular_post)).to eq(true)
expect(regular_guardian.can_see?(whisper_post)).to eq(false)
# can see your own whispers
regular_whisper = Fabricate.build(:post, post_type: Post.types[:whisper], user: regular_user)
expect(regular_guardian.can_see?(regular_whisper)).to eq(true)
mod_guardian = Guardian.new(Fabricate.build(:moderator))
expect(mod_guardian.can_see?(regular_post)).to eq(true)
expect(mod_guardian.can_see?(whisper_post)).to eq(true)
admin_guardian = Guardian.new(Fabricate.build(:admin))
expect(admin_guardian.can_see?(regular_post)).to eq(true)
expect(admin_guardian.can_see?(whisper_post)).to eq(true)
end
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
describe 'a PostRevision' do
let(:post_revision) { Fabricate(:post_revision) }
context 'edit_history_visible_to_public is true' do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
before { SiteSetting.edit_history_visible_to_public = true }
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
it 'is false for nil' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_see?(nil)).to be_falsey
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
it 'is true if not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_see?(post_revision)).to be_truthy
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
it 'is true when logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(Fabricate(:user)).can_see?(post_revision)).to be_truthy
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
end
backend for secure categories mostly done (todo pm groups)
2013-04-29 02:33:24 -04:00
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
context 'edit_history_visible_to_public is false' do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
before { SiteSetting.edit_history_visible_to_public = false }
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
it 'is true for staff' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(Fabricate(:admin)).can_see?(post_revision)).to be_truthy
expect(Guardian.new(Fabricate(:moderator)).can_see?(post_revision)).to be_truthy
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
it 'is true for trust level 4' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_4).can_see?(post_revision)).to be_truthy
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
it 'is false for trust level lower than 4' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_3).can_see?(post_revision)).to be_falsey
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
describe 'can_create?' do
describe 'a Category' do
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_create?(Category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false when a regular user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_create?(Category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
SECURITY: reduce moderator rights You can now hide particular categories from certain moderators
2014-02-06 22:11:52 -05:00
it 'returns false when a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_create?(Category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_create?(Category)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
describe 'a Topic' do
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
it 'does not allow moderators to create topics in readonly categories' do
category = Fabricate(:category)
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
category.set_permissions(everyone: :read)
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
category.save
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(moderator).can_create?(Topic, category)).to be_falsey
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
end
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
it 'should check for full permissions' do
category = Fabricate(:category)
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
category.set_permissions(everyone: :create_post)
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
category.save
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(user).can_create?(Topic, category)).to be_falsey
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
end
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
it "is true for new users by default" do
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(user).can_create?(Topic, Fabricate(:category))).to be_truthy
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
end
it "is false if user has not met minimum trust level" do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.min_trust_to_create_topic = 1
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(build(:user, trust_level: 0)).can_create?(Topic, Fabricate(:category))).to be_falsey
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
end
it "is true if user has met or exceeded the minimum trust level" do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.min_trust_to_create_topic = 1
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(build(:user, trust_level: 1)).can_create?(Topic, Fabricate(:category))).to be_truthy
expect(Guardian.new(build(:user, trust_level: 2)).can_create?(Topic, Fabricate(:category))).to be_truthy
expect(Guardian.new(build(:admin, trust_level: 0)).can_create?(Topic, Fabricate(:category))).to be_truthy
expect(Guardian.new(build(:moderator, trust_level: 0)).can_create?(Topic, Fabricate(:category))).to be_truthy
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
end
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe 'a Post' do
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
it "is false on readonly categories" do
category = Fabricate(:category)
topic.category = category
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
category.set_permissions(everyone: :readonly)
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
category.save
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_falsey
Finalize read only and post only categories, finished off UI work
2013-07-16 01:44:07 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "is false when not logged in" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_create?(Post, topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'is true for a regular user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "is false when you can't see the topic" do
Guardian.any_instance.expects(:can_see?).with(topic).returns(false)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'closed topic' do
before do
topic.closed = true
end
it "doesn't allow new posts from regular users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'allows editing of posts' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(topic.user).can_edit?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows new posts from moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows new posts from admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_create?(Post, topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
remove elder terminology in specs
2014-09-05 02:52:40 -04:00
it "allows new posts from trust_level_4s" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_4).can_create?(Post, topic)).to be_truthy
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'archived topic' do
before do
topic.archived = true
end
context 'regular users' do
it "doesn't allow new posts from regular users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_create?(Post, topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:44:58 -04:00
it 'does not allow editing of posts' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "allows new posts from moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows new posts from admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_create?(Post, topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
Staff can enter and view deleted topics
2013-07-11 16:38:46 -04:00
context "trashed topic" do
before do
topic.deleted_at = Time.now
end
it "doesn't allow new posts from regular users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_create?(Post, topic)).to be_falsey
Staff can enter and view deleted topics
2013-07-11 16:38:46 -04:00
end
it "doesn't allow new posts from moderators users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_falsey
Staff can enter and view deleted topics
2013-07-11 16:38:46 -04:00
end
it "doesn't allow new posts from admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_create?(Post, topic)).to be_falsey
Staff can enter and view deleted topics
2013-07-11 16:38:46 -04:00
end
end
FIX: UX improvements for system messages when PMs are disabled
2018-01-23 13:11:39 -05:00
context "system message" do
let(:private_message) {
Fabricate(
:topic,
archetype: Archetype.private_message,
subtype: 'system_message',
category_id: nil
)
}
before { user.save! }
it "allows the user to reply to system messages" do
expect(Guardian.new(user).can_create_post?(private_message)).to eq(true)
SiteSetting.enable_system_message_replies = false
expect(Guardian.new(user).can_create_post?(private_message)).to eq(false)
end
end
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
context "private message" do
let(:private_message) { Fabricate(:topic, archetype: Archetype.private_message, category_id: nil) }
Staff can enter and view deleted topics
2013-07-11 16:38:46 -04:00
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
before { user.save! }
it "allows new posts by people included in the pm" do
private_message.topic_allowed_users.create!(user_id: user.id)
expect(Guardian.new(user).can_create?(Post, private_message)).to be_truthy
end
it "doesn't allow new posts by people not invited to the pm" do
expect(Guardian.new(user).can_create?(Post, private_message)).to be_falsey
end
Rename "Blocked" to "Silenced"
2017-11-10 12:18:08 -05:00
it "allows new posts from silenced users included in the pm" do
FEATURE: Support an end date for user silencing
2017-11-13 13:41:36 -05:00
user.update_attribute(:silenced_till, 1.year.from_now)
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
private_message.topic_allowed_users.create!(user_id: user.id)
expect(Guardian.new(user).can_create?(Post, private_message)).to be_truthy
end
Rename "Blocked" to "Silenced"
2017-11-10 12:18:08 -05:00
it "doesn't allow new posts from silenced users not invited to the pm" do
FEATURE: Support an end date for user silencing
2017-11-13 13:41:36 -05:00
user.update_attribute(:silenced_till, 1.year.from_now)
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:18 -05:00
expect(Guardian.new(user).can_create?(Post, private_message)).to be_falsey
end
end
end # can_create? a Post
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
describe 'post_can_act?' do
it "isn't allowed on nil" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).post_can_act?(nil, nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
describe 'a Post' do
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
let (:guardian) do
Initial release of Discourse
2013-02-05 14:16:51 -05:00
Guardian.new(user)
end
it "isn't allowed when not logged in" do
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(nil).post_can_act?(post, :vote)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "is allowed as a regular user" do
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(guardian.post_can_act?(post, :vote)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "isn't allowed on archived topics" do
topic.archived = true
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
end
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:08:23 -04:00
describe "can_recover_topic?" do
it "returns false for a nil user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_recover_topic?(topic)).to be_falsey
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:08:23 -04:00
end
it "returns false for a nil object" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_recover_topic?(nil)).to be_falsey
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:08:23 -04:00
end
it "returns false for a regular user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_recover_topic?(topic)).to be_falsey
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:08:23 -04:00
end
FIX: Can't recover a post when its user has been deleted. https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 00:17:57 -05:00
context 'as a moderator' do
before do
topic.save!
post.save!
end
describe 'when post has been deleted' do
it "should return the right value" do
expect(Guardian.new(moderator).can_recover_topic?(topic)).to be_falsey
PostDestroyer.new(moderator, topic.first_post).destroy
expect(Guardian.new(moderator).can_recover_topic?(topic.reload)).to be_truthy
end
end
describe "when post's user has been deleted" do
it 'should return the right value' do
PostDestroyer.new(moderator, topic.first_post).destroy
topic.first_post.user.destroy!
expect(Guardian.new(moderator).can_recover_topic?(topic.reload)).to be_falsey
end
end
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:08:23 -04:00
end
end
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
describe "can_recover_post?" do
it "returns false for a nil user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_recover_post?(post)).to be_falsey
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
end
it "returns false for a nil object" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_recover_post?(nil)).to be_falsey
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
end
it "returns false for a regular user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_recover_post?(post)).to be_falsey
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
end
FIX: Can't recover a post when its user has been deleted. https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 00:17:57 -05:00
context 'as a moderator' do
let(:other_post) { Fabricate(:post, topic: topic, user: topic.user) }
before do
topic.save!
post.save!
end
describe 'when post has been deleted' do
it "should return the right value" do
expect(Guardian.new(moderator).can_recover_post?(post)).to be_falsey
PostDestroyer.new(moderator, post).destroy
expect(Guardian.new(moderator).can_recover_post?(post.reload)).to be_truthy
end
describe "when post's user has been deleted" do
it 'should return the right value' do
PostDestroyer.new(moderator, post).destroy
post.user.destroy!
expect(Guardian.new(moderator).can_recover_post?(post.reload)).to be_falsey
end
end
end
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
end
end
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-01 07:48:43 -04:00
context 'can_convert_topic?' do
it 'returns false with a nil object' do
expect(Guardian.new(user).can_convert_topic?(nil)).to be_falsey
end
it 'returns false when not logged in' do
expect(Guardian.new.can_convert_topic?(topic)).to be_falsey
end
FEATURE: allow moderators to convert a private message to public topic or vice versa
2016-05-04 12:29:56 -04:00
it 'returns false when not staff' do
expect(Guardian.new(trust_level_4).can_convert_topic?(topic)).to be_falsey
Don't allow category definition topics to be converted to PMs (#5216)
2017-10-02 04:04:58 -04:00
end
it 'returns false for category definition topics' do
c = Fabricate(:category)
topic = Topic.find_by(id: c.topic_id)
expect(Guardian.new(admin).can_convert_topic?(topic)).to be_falsey
FEATURE: allow moderators to convert a private message to public topic or vice versa
2016-05-04 12:29:56 -04:00
end
it 'returns true when a moderator' do
expect(Guardian.new(moderator).can_convert_topic?(topic)).to be_truthy
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-01 07:48:43 -04:00
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_convert_topic?(topic)).to be_truthy
end
FIX: Disable "Make Personal Message" if they are disabled
2018-03-02 20:28:39 -05:00
it 'returns false when personal messages are disabled' do
SiteSetting.enable_personal_messages = false
expect(Guardian.new(admin).can_convert_topic?(topic)).to be_falsey
end
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-01 07:48:43 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe 'can_edit?' do
it 'returns false with a nil object' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
describe 'a Post' do
FEATURE: silenced users should not be allowed to edit posts
2018-08-15 00:29:36 -04:00
it 'returns false for silenced users' do
post.user.silenced_till = 1.day.from_now
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_edit?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Wiki Post
2014-05-13 08:53:11 -04:00
it 'returns false when not logged in also for wiki post' do
post.wiki = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_edit?(post)).to be_falsey
Wiki Post
2014-05-13 08:53:11 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns true if you want to edit your own post' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: Staff members can lock posts Locking a post prevents it from being edited. This is useful if the user has posted something which has been edited out, and the staff members don't want them to be able to edit it back in again.
2018-01-25 15:38:40 -05:00
it 'returns false if you try to edit a locked post' do
post.locked_by_id = moderator.id
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
end
Disable editing of hidden posts within a timeframe from when the post was initially hidden.
2014-06-20 15:38:03 -04:00
it "returns false if the post is hidden due to flagging and it's too soon" do
post.hidden = true
post.hidden_at = Time.now
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
Disable editing of hidden posts within a timeframe from when the post was initially hidden.
2014-06-20 15:38:03 -04:00
end
it "returns true if the post is hidden due to flagging and it been enough time" do
post.hidden = true
post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
FIX: If a post has been hidden due to flagging, don't use the absolute edit window for edit prevention.
2014-09-16 11:20:31 -04:00
end
it "returns true if the post is hidden, it's been enough time and the edit window has expired" do
post.hidden = true
post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
post.created_at = (SiteSetting.post_edit_time_limit + 1).minutes.ago
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
Disable editing of hidden posts within a timeframe from when the post was initially hidden.
2014-06-20 15:38:03 -04:00
end
it "returns true if the post is hidden due to flagging and it's got a nil `hidden_at`" do
post.hidden = true
post.hidden_at = nil
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
Disable editing of hidden posts within a timeframe from when the post was initially hidden.
2014-06-20 15:38:03 -04:00
end
allow end user to recover a post they delete automatically delete stubs after 1 day
2013-07-22 03:48:24 -04:00
it 'returns false if you are trying to edit a post you soft deleted' do
post.user_deleted = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
allow end user to recover a post they delete automatically delete stubs after 1 day
2013-07-22 03:48:24 -04:00
end
Wiki Post
2014-05-13 08:53:11 -04:00
it 'returns false if another regular user tries to edit a soft deleted wiki post' do
post.wiki = true
post.user_deleted = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
Wiki Post
2014-05-13 08:53:11 -04:00
end
allow end user to recover a post they delete automatically delete stubs after 1 day
2013-07-22 03:48:24 -04:00
it 'returns false if you are trying to edit a deleted post' do
post.deleted_at = 1.day.ago
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
allow end user to recover a post they delete automatically delete stubs after 1 day
2013-07-22 03:48:24 -04:00
end
Wiki Post
2014-05-13 08:53:11 -04:00
it 'returns false if another regular user tries to edit a deleted wiki post' do
post.wiki = true
post.deleted_at = 1.day.ago
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
Wiki Post
2014-05-13 08:53:11 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns false if another regular user tries to edit your post' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Wiki Post
2014-05-13 08:53:11 -04:00
it 'returns true if another regular user tries to edit wiki post' do
post.wiki = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
Wiki Post
2014-05-13 08:53:11 -04:00
end
FIX: Don't let users edit wiki posts unless they can reply
2017-05-08 16:23:11 -04:00
it "returns false if a wiki but the user can't create a post" do
c = Fabricate(:category)
Add rubocop to our build. (#5004)
2017-07-27 21:20:09 -04:00
c.set_permissions(everyone: :readonly)
FIX: Don't let users edit wiki posts unless they can reply
2017-05-08 16:23:11 -04:00
c.save
topic = Fabricate(:topic, category: c)
post = Fabricate(:post, topic: topic)
post.wiki = true
user = Fabricate(:user)
expect(Guardian.new(user).can_edit?(post)).to eq(false)
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns true as a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: Staff members can lock posts Locking a post prevents it from being edited. This is useful if the user has posted something which has been edited out, and the staff members don't want them to be able to edit it back in again.
2018-01-25 15:38:40 -05:00
it 'returns true as a moderator, even if locked' do
post.locked_by_id = admin.id
expect(Guardian.new(moderator).can_edit?(post)).to be_truthy
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns true as an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
it 'returns true as a trust level 4 user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_4).can_edit?(post)).to be_truthy
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:37 -04:00
end
New site setting `trusted_users_can_edit_others` The default is true to keep with previous discourse behavior. If disabled, high trust level users cannot edit the topics or posts of other users.
2018-02-22 20:39:24 -05:00
it 'returns false as a TL4 user if trusted_users_can_edit_others is true' do
SiteSetting.trusted_users_can_edit_others = false
expect(Guardian.new(trust_level_4).can_edit?(post)).to eq(false)
end
FEATURE: add min_trust_level_to_edit_post add minimum trust level to edit post (default 0)
2016-09-30 12:12:27 -04:00
it 'returns false when trying to edit a post with no trust' do
SiteSetting.min_trust_to_edit_post = 2
post.user.trust_level = 1
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
end
it 'returns true when trying to edit a post with trust' do
SiteSetting.min_trust_to_edit_post = 1
post.user.trust_level = 1
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
it 'returns false when another user has too low trust level to edit wiki post' do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.min_trust_to_edit_wiki_post = 2
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
post.wiki = true
coding_horror.trust_level = 1
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
end
it 'returns true when another user has adequate trust level to edit wiki post' do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.min_trust_to_edit_wiki_post = 2
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
post.wiki = true
coding_horror.trust_level = 2
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
end
it 'returns true for post author even when he has too low trust level to edit wiki post' do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.min_trust_to_edit_wiki_post = 2
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
post.wiki = true
post.user.trust_level = 1
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
context 'post is older than post_edit_time_limit' do
let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 6.minutes.ago) }
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.post_edit_time_limit = 5
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
end
it 'returns false to the author of the post' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(old_post.user).can_edit?(old_post)).to be_falsey
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
end
it 'returns true as a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit?(old_post)).to eq(true)
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
end
it 'returns true as an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit?(old_post)).to eq(true)
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
end
it 'returns false for another regular user trying to edit your post' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_falsey
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
end
Wiki Post
2014-05-13 08:53:11 -04:00
it 'returns true for another regular user trying to edit a wiki post' do
old_post.wiki = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_truthy
Wiki Post
2014-05-13 08:53:11 -04:00
end
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
end
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
context "first post of a static page doc" do
let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
before { SiteSetting.tos_topic_id = tos_topic.id }
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
it "restricts static doc posts" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_edit?(tos_first_post)).to be_falsey
expect(Guardian.new(moderator).can_edit?(tos_first_post)).to be_falsey
expect(Guardian.new(admin).can_edit?(tos_first_post)).to be_truthy
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
describe 'a Topic' do
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_edit?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true for editing your own post' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(topic.user).can_edit?(topic)).to eq(true)
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false as a regular user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Don't allow editing of title and category of an archived topic
2013-07-09 16:48:26 -04:00
context 'not archived' do
it 'returns true as a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
Don't allow editing of title and category of an archived topic
2013-07-09 16:48:26 -04:00
end
it 'returns true as an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
Trust level 3 users can edit topic titles and change category
2014-01-16 11:59:26 -05:00
end
it 'returns true at trust level 3' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true)
Don't allow editing of title and category of an archived topic
2013-07-09 16:48:26 -04:00
end
FIX: Permission issues when editing topics If a user can't create a topic in a category, they should'be be able to edit topics.
2015-04-30 17:03:51 -04:00
New site setting `trusted_users_can_edit_others` The default is true to keep with previous discourse behavior. If disabled, high trust level users cannot edit the topics or posts of other users.
2018-02-22 20:39:24 -05:00
it 'is false at TL3, if `trusted_users_can_edit_others` is false' do
SiteSetting.trusted_users_can_edit_others = false
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
end
FIX: Permission issues when editing topics If a user can't create a topic in a category, they should'be be able to edit topics.
2015-04-30 17:03:51 -04:00
it "returns false when the category is read only" do
topic.category.set_permissions(everyone: :readonly)
topic.category.save
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
expect(Guardian.new(moderator).can_edit?(post)).to eq(false)
expect(Guardian.new(moderator).can_edit?(topic)).to eq(false)
FIX: Permission issues when editing topics If a user can't create a topic in a category, they should'be be able to edit topics.
2015-04-30 17:03:51 -04:00
end
FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so
2016-06-01 15:41:56 -04:00
it "returns false for trust level 3 if category is secured" do
topic.category.set_permissions(everyone: :create_post, staff: :full)
topic.category.save
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: PM should never be allowed to have a category FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 03:39:20 -04:00
context 'private message' do
it 'returns false at trust level 3' do
topic.archetype = 'private_message'
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
FIX: PM should never be allowed to have a category FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 03:39:20 -04:00
end
FIX: TL3 users should not be able to edit title of archived topics
2016-01-28 14:05:56 -05:00
it 'returns false at trust level 4' do
topic.archetype = 'private_message'
expect(Guardian.new(trust_level_4).can_edit?(topic)).to eq(false)
end
FIX: PM should never be allowed to have a category FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 03:39:20 -04:00
end
Don't allow editing of title and category of an archived topic
2013-07-09 16:48:26 -04:00
context 'archived' do
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
let(:archived_topic) { build(:topic, user: user, archived: true) }
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(archived_topic)).to be_truthy
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(archived_topic)).to be_truthy
end
FIX: TL3 users should not be able to edit title of archived topics
2016-01-28 14:05:56 -05:00
it 'returns true at trust level 4' do
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy
end
New site setting `trusted_users_can_edit_others` The default is true to keep with previous discourse behavior. If disabled, high trust level users cannot edit the topics or posts of other users.
2018-02-22 20:39:24 -05:00
it 'is false at TL4, if `trusted_users_can_edit_others` is false' do
SiteSetting.trusted_users_can_edit_others = false
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to eq(false)
end
FIX: TL3 users should not be able to edit title of archived topics
2016-01-28 14:05:56 -05:00
it 'returns false at trust level 3' do
expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
end
it 'returns false as a topic creator' do
expect(Guardian.new(user).can_edit?(archived_topic)).to be_falsey
end
end
context 'very old' do
let(:old_topic) { build(:topic, user: user, created_at: 6.minutes.ago) }
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
before { SiteSetting.post_edit_time_limit = 5 }
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:44:58 -04:00
it 'returns true as a moderator' do
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
expect(Guardian.new(moderator).can_edit?(old_topic)).to be_truthy
Don't allow editing of title and category of an archived topic
2013-07-09 16:48:26 -04:00
end
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:44:58 -04:00
it 'returns true as an admin' do
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
expect(Guardian.new(admin).can_edit?(old_topic)).to be_truthy
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:44:58 -04:00
end
it 'returns true at trust level 3' do
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
expect(Guardian.new(trust_level_3).can_edit?(old_topic)).to be_truthy
Trust level 3 users can edit topic titles and change category
2014-01-16 11:59:26 -05:00
end
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:44:58 -04:00
it 'returns false as a topic creator' do
FIX: use the 'post edit time limit' for topics too
2015-02-25 14:53:21 -05:00
expect(Guardian.new(user).can_edit?(old_topic)).to be_falsey
Don't allow editing of title and category of an archived topic
2013-07-09 16:48:26 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
describe 'a Category' do
let(:category) { Fabricate(:category) }
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_edit?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false as a regular user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(category.user).can_edit?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
SECURITY: reduce moderator rights You can now hide particular categories from certain moderators
2014-02-06 22:11:52 -05:00
it 'returns false as a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true as an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit?(category)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
describe 'a User' do
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_edit?(user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false as a different user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_edit?(user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when trying to edit yourself' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit?(user)).to be_truthy
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5 allow pms to be targetted at groups
2013-05-02 01:15:17 -04:00
it 'returns true as a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true as an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
end
context 'can_moderate?' do
it 'returns false with a nil object' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_moderate?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Rename "Blocked" to "Silenced"
2017-11-10 12:18:08 -05:00
context 'when user is silenced' do
FIX: A blocked user should not be able to moderate anything.
2016-06-20 03:41:17 -04:00
it 'returns false' do
FEATURE: Support an end date for user silencing
2017-11-13 13:41:36 -05:00
user.update_column(:silenced_till, 1.year.from_now)
FIX: A blocked user should not be able to moderate anything.
2016-06-20 03:41:17 -04:00
expect(Guardian.new(user).can_moderate?(post)).to be(false)
expect(Guardian.new(user).can_moderate?(topic)).to be(false)
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
context 'a Topic' do
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_moderate?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false when not a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_moderate?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_moderate?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_moderate?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
it 'returns true when trust level 4' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(trust_level_4).can_moderate?(topic)).to be_truthy
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
end
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'can_see_flags?' do
it "returns false when there is no post" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_see_flags?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false when there is no user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_see_flags?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
custom avatar support
2013-08-13 16:08:29 -04:00
it "allow regular users to see flags" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see_flags?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows moderators to see flags" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_see_flags?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows moderators to see flags" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_see_flags?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
context 'can_move_posts?' do
it 'returns false with a nil object' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_move_posts?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'a Topic' do
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_move_posts?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false when not a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_move_posts?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_move_posts?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_move_posts?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
remove trailing whitespaces :heart:
2013-02-25 11:42:20 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'can_delete?' do
it 'returns false with a nil object' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'a Topic' do
change it so all topics MUST include a category, we store a special uncategorized category to compensate this cleans up a bunch of internals and removes some settings
2013-10-23 19:05:51 -04:00
before do
# pretend we have a real topic
topic.id = 9999999
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_delete?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false when not a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(topic)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_delete?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(topic)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Prevent deleting the static page doc topics
2014-08-13 17:02:44 -04:00
it 'returns false for static doc topics' do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.tos_topic_id = tos_topic.id
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(tos_topic)).to be_falsey
Prevent deleting the static page doc topics
2014-08-13 17:02:44 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'a Post' do
before do
post.post_number = 2
end
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_delete?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
it "returns false when trying to delete your own post that has already been deleted" do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
post = Fabricate(:post)
PostDestroyer to replace callbacks for destroying
2013-03-18 17:52:29 -04:00
PostDestroyer.new(user, post).destroy
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
post.reload
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
it 'returns true when trying to delete your own post' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(post)).to be_truthy
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
end
it "returns false when trying to delete another user's own post" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(Fabricate(:user)).can_delete?(post)).to be_falsey
Give regular users a delete button. If they click it, their post will be revised to say it was deleted.
2013-02-07 15:12:55 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "returns false when it's the OP, even as a moderator" do
post.update_attribute :post_number, 1
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_delete?(post)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_delete?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(post)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-07 10:32:09 -05:00
Prevent deleting the static page doc topics
2014-08-13 17:02:44 -04:00
it 'returns false when post is first in a static doc topic' do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.tos_topic_id = tos_topic.id
Prevent deleting the static page doc topics
2014-08-13 17:02:44 -04:00
post.update_attribute :post_number, 1
post.update_attribute :topic_id, tos_topic.id
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(post)).to be_falsey
Prevent deleting the static page doc topics
2014-08-13 17:02:44 -04:00
end
Non-staff users may not delete their posts in archived topics.
2014-01-17 17:42:12 -05:00
context 'the topic is archived' do
before do
post.topic.archived = true
end
it "allows a staff member to delete it" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_delete?(post)).to be_truthy
Non-staff users may not delete their posts in archived topics.
2014-01-17 17:42:12 -05:00
end
it "doesn't allow a regular user to delete it" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(post.user).can_delete?(post)).to be_falsey
Non-staff users may not delete their posts in archived topics.
2014-01-17 17:42:12 -05:00
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'a Category' do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
let(:category) { build(:category, user: moderator) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_delete?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false when a regular user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
SECURITY: reduce moderator rights You can now hide particular categories from certain moderators
2014-02-06 22:11:52 -05:00
it 'returns false when a moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_delete?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(category)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "can't be deleted if it has a forum topic" do
category.topic_count = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_delete?(category)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Fixed typo in test name
2014-02-12 15:24:44 -05:00
it "can't be deleted if it is the Uncategorized Category" do
Prevent deleting 'uncategorized' category
2013-12-17 15:36:15 -05:00
uncategorized_cat_id = SiteSetting.uncategorized_category_id
uncategorized_category = Category.find(uncategorized_cat_id)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(uncategorized_category)).to be_falsey
Prevent deleting 'uncategorized' category
2013-12-17 15:36:15 -05:00
end
FIX: Don't allow parent categories to be deleted. Also, remove duplicated logic and rely on the server response for `can_delete` status.
2014-02-12 17:24:25 -05:00
it "can't be deleted if it has children" do
category.expects(:has_children?).returns(true)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete?(category)).to be_falsey
FIX: Don't allow parent categories to be deleted. Also, remove duplicated logic and rely on the server response for `can_delete` status.
2014-02-12 17:24:25 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Used the term suspended instead of banned.
2013-11-07 13:53:32 -05:00
context 'can_suspend?' do
it 'returns false when a user tries to suspend another user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_suspend?(coding_horror)).to be_falsey
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
end
Used the term suspended instead of banned.
2013-11-07 13:53:32 -05:00
it 'returns true when an admin tries to suspend another user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_suspend?(coding_horror)).to be_truthy
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
end
Used the term suspended instead of banned.
2013-11-07 13:53:32 -05:00
it 'returns true when a moderator tries to suspend another user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_suspend?(coding_horror)).to be_truthy
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
end
Used the term suspended instead of banned.
2013-11-07 13:53:32 -05:00
it 'returns false when staff tries to suspend staff' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_suspend?(moderator)).to be_falsey
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
context 'a PostAction' do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
let(:post_action) {
user.id = 1
post.id = 1
refactor guardian class for clarity & correctness introduce NullUser to avoid type-checking DRY up code reduce number of multiple returns remove some redundant/impossible logic branches add pending test for possible bug add test & fix for ability to flag archived posts add #secure_category? method to topic class Fix bug that prevented flagging of archived topics Rename NullUser to AnonymousUser DRY up can_<action>? methods Fix some ownership logic, and a test, for Guardian
2013-05-20 02:04:53 -04:00
a = PostAction.new(user: user, post: post, post_action_type_id: 1)
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
a.created_at = 1.minute.ago
a
}
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_delete?(post_action)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'returns false when not the user who created it' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_delete?(post_action)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false if the window has expired" do
post_action.created_at = 20.minutes.ago
SiteSetting.expects(:post_undo_action_window_mins).returns(10)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(post_action)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns true if it's yours" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete?(post_action)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
end
context 'can_approve?' do
it "wont allow a non-logged in user to approve" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_approve?(user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "wont allow a non-admin to approve a user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(coding_horror).can_approve?(user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "returns false when the user is already approved" do
user.approved = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_approve?(user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: Don't allow staff to approve users with unverified emails
2017-09-04 12:55:23 -04:00
it "returns false when the user is not active" do
user.active = false
expect(Guardian.new(admin).can_approve?(user)).to be_falsey
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it "allows an admin to approve a user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_approve?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows a moderator to approve a user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_approve?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
end
context 'can_grant_admin?' do
it "wont allow a non logged in user to grant an admin's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_grant_admin?(another_admin)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "wont allow a regular user to revoke an admin's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_grant_admin?(another_admin)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'wont allow an admin to grant their own access' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_admin?(admin)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows an admin to grant a regular user access" do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
admin.id = 1
user.id = 2
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_admin?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
it 'should not allow an admin to grant admin access to a non real user' do
Fix randomly failing spec.
2017-01-06 02:25:49 -05:00
begin
Discourse.system_user.update!(admin: false)
expect(Guardian.new(admin).can_grant_admin?(Discourse.system_user)).to be(false)
ensure
Discourse.system_user.update!(admin: true)
end
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
context 'can_revoke_admin?' do
it "wont allow a non logged in user to revoke an admin's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_revoke_admin?(another_admin)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "wont allow a regular user to revoke an admin's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_revoke_admin?(another_admin)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'wont allow an admin to revoke their own access' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_revoke_admin?(admin)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it "allows an admin to revoke another admin's access" do
update message bus to support per client filtering start work on user_tracking_state fix can_ban? in guardian expose protected scopes on topic_query we need move guardian spec to use build as opposed to creating topics / posts / users start work on user tracking spec
2013-05-21 02:39:51 -04:00
admin.id = 1
another_admin.id = 2
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_revoke_admin?(another_admin)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
it "should not allow an admin to revoke a no real user's admin access" do
expect(Guardian.new(admin).can_revoke_admin?(Discourse.system_user)).to be(false)
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
context 'can_grant_moderation?' do
+x on files makes no sense unless they really are executable rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 03:35:15 -04:00
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
it "wont allow a non logged in user to grant an moderator's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_grant_moderation?(user)).to be_falsey
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
refactor guardian class for clarity & correctness introduce NullUser to avoid type-checking DRY up code reduce number of multiple returns remove some redundant/impossible logic branches add pending test for possible bug add test & fix for ability to flag archived posts add #secure_category? method to topic class Fix bug that prevented flagging of archived topics Rename NullUser to AnonymousUser DRY up can_<action>? methods Fix some ownership logic, and a test, for Guardian
2013-05-20 02:04:53 -04:00
it "wont allow a regular user to revoke an moderator's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_grant_moderation?(moderator)).to be_falsey
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
+x on files makes no sense unless they really are executable rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 03:35:15 -04:00
it 'will allow an admin to grant their own moderator access' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_moderation?(admin)).to be_truthy
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
it 'wont allow an admin to grant it to an already moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_moderation?(moderator)).to be_falsey
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
it "allows an admin to grant a regular user access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_moderation?(user)).to be_truthy
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
it "should not allow an admin to grant moderation to a non real user" do
Fix randomly failing spec.
2017-01-06 02:25:49 -05:00
begin
Discourse.system_user.update!(moderator: false)
expect(Guardian.new(admin).can_grant_moderation?(Discourse.system_user)).to be(false)
ensure
Discourse.system_user.update!(moderator: true)
end
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
end
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
context 'can_revoke_moderation?' do
it "wont allow a non logged in user to revoke an moderator's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new.can_revoke_moderation?(moderator)).to be_falsey
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
it "wont allow a regular user to revoke an moderator's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_revoke_moderation?(moderator)).to be_falsey
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
+x on files makes no sense unless they really are executable rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 03:35:15 -04:00
it 'wont allow a moderator to revoke their own moderator' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_revoke_moderation?(moderator)).to be_falsey
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
it "allows an admin to revoke a moderator's access" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_revoke_moderation?(moderator)).to be_truthy
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
+x on files makes no sense unless they really are executable rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 03:35:15 -04:00
it "allows an admin to revoke a moderator's access from self" do
admin.moderator = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_revoke_moderation?(admin)).to be_truthy
+x on files makes no sense unless they really are executable rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 03:35:15 -04:00
end
it "does not allow revoke from non moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_revoke_moderation?(admin)).to be_falsey
+x on files makes no sense unless they really are executable rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 03:35:15 -04:00
end
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-28 22:11:33 -05:00
it "should not allow an admin to revoke moderation from a non real user" do
expect(Guardian.new(admin).can_revoke_moderation?(Discourse.system_user)).to be(false)
end
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-12 17:58:08 -05:00
end
Let's not show tons of extra information about invites unless you're the person who invited them.
2014-03-21 14:13:04 -04:00
context "can_see_invite_details?" do
Initial release of Discourse
2013-02-05 14:16:51 -05:00
it 'is false without a logged in user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_see_invite_details?(user)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'is false without a user to look at' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see_invite_details?(nil)).to be_falsey
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
it 'is true when looking at your own invites' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_see_invite_details?(user)).to be_truthy
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
context "can_access_forum?" do
let(:unapproved_user) { Fabricate.build(:user) }
context "when must_approve_users is false" do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.must_approve_users = false
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
it "returns true for a nil user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_access_forum?).to be_truthy
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
it "returns true for an unapproved user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
end
context 'when must_approve_users is true' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.must_approve_users = true
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
it "returns false for a nil user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_access_forum?).to be_falsey
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
it "returns false for an unapproved user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(unapproved_user).can_access_forum?).to be_falsey
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
it "returns true for an admin user" do
unapproved_user.admin = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
it "returns true for an approved user" do
unapproved_user.approved = true
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
describe "can_delete_user?" do
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
it "is false without a logged in user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_delete_user?(user)).to be_falsey
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
it "is false without a user to look at" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete_user?(nil)).to be_falsey
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
it "is false for regular users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete_user?(coding_horror)).to be_falsey
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 11:42:35 -05:00
end
context "delete myself" do
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
let(:myself) { Fabricate(:user, created_at: 6.months.ago) }
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 11:42:35 -05:00
subject { Guardian.new(myself).can_delete_user?(myself) }
it "is true to delete myself and I have never made a post" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(subject).to be_truthy
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 11:42:35 -05:00
end
it "is true to delete myself and I have only made 1 post" do
myself.stubs(:post_count).returns(1)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(subject).to be_truthy
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 11:42:35 -05:00
end
it "is false to delete myself and I have made 2 posts" do
myself.stubs(:post_count).returns(2)
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(subject).to be_falsey
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 11:42:35 -05:00
end
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
shared_examples "can_delete_user examples" do
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
it "is true if user is not an admin and has never posted" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_user?(Fabricate.build(:user, created_at: 100.days.ago))).to be_truthy
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
end
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
it "is true if user is not an admin and first post is not too old" do
user = Fabricate.build(:user, created_at: 100.days.ago)
allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age
2018-03-04 23:32:23 -05:00
user.stubs(:post_count).returns(10)
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
user.stubs(:first_post_created_at).returns(9.days.ago)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_user_max_post_age = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_user?(user)).to be_truthy
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
it "is false if user is an admin" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_user?(another_admin)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
it "is false if user's first post is too old" do
user = Fabricate.build(:user, created_at: 100.days.ago)
allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age
2018-03-04 23:32:23 -05:00
user.stubs(:post_count).returns(10)
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
user.stubs(:first_post_created_at).returns(11.days.ago)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_user_max_post_age = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_user?(user)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
end
allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age
2018-03-04 23:32:23 -05:00
shared_examples "can_delete_user staff examples" do
it "is true if posts are less than or equal to 5" do
user = Fabricate.build(:user, created_at: 100.days.ago)
user.stubs(:post_count).returns(4)
user.stubs(:first_post_created_at).returns(11.days.ago)
SiteSetting.delete_user_max_post_age = 10
expect(Guardian.new(actor).can_delete_user?(user)).to be_truthy
end
end
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
context "for moderators" do
let(:actor) { moderator }
include_examples "can_delete_user examples"
allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age
2018-03-04 23:32:23 -05:00
include_examples "can_delete_user staff examples"
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
context "for admins" do
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
let(:actor) { admin }
include_examples "can_delete_user examples"
allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age
2018-03-04 23:32:23 -05:00
include_examples "can_delete_user staff examples"
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
end
describe "can_delete_all_posts?" do
it "is false without a logged in user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_delete_all_posts?(user)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
it "is false without a user to look at" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_delete_all_posts?(nil)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
it "is false for regular users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_delete_all_posts?(coding_horror)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
shared_examples "can_delete_all_posts examples" do
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
it "is true if user has no posts" do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_user_max_post_age = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_all_posts?(Fabricate(:user, created_at: 100.days.ago))).to be_truthy
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
end
it "is true if user's first post is newer than delete_user_max_post_age days old" do
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
user = Fabricate(:user, created_at: 100.days.ago)
user.stubs(:first_post_created_at).returns(9.days.ago)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_user_max_post_age = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_all_posts?(user)).to be_truthy
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
it "is false if user's first post is older than delete_user_max_post_age days old" do
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
user = Fabricate(:user, created_at: 100.days.ago)
user.stubs(:first_post_created_at).returns(11.days.ago)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_user_max_post_age = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_all_posts?(user)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
it "is false if user is an admin" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_all_posts?(admin)).to be_falsey
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
it "is true if number of posts is small" do
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
u = Fabricate(:user, created_at: 1.day.ago)
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
u.stubs(:post_count).returns(1)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_all_posts_max = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_all_posts?(u)).to be_truthy
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
it "is false if number of posts is not small" do
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
u = Fabricate(:user, created_at: 1.day.ago)
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
u.stubs(:post_count).returns(11)
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.delete_all_posts_max = 10
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(actor).can_delete_all_posts?(u)).to be_falsey
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too
2013-07-26 15:40:08 -04:00
end
end
context "for moderators" do
let(:actor) { moderator }
include_examples "can_delete_all_posts examples"
end
context "for admins" do
let(:actor) { admin }
include_examples "can_delete_all_posts examples"
Add ability to destroy a user with 0 posts
2013-04-11 16:04:20 -04:00
end
end
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-06 16:44:54 -05:00
describe "can_anonymize_user?" do
it "is false without a logged in user" do
expect(Guardian.new(nil).can_anonymize_user?(user)).to be_falsey
end
it "is false without a user to look at" do
expect(Guardian.new(admin).can_anonymize_user?(nil)).to be_falsey
end
it "is false for a regular user" do
expect(Guardian.new(user).can_anonymize_user?(coding_horror)).to be_falsey
end
it "is false for myself" do
expect(Guardian.new(user).can_anonymize_user?(user)).to be_falsey
end
it "is true for admin anonymizing a regular user" do
Convert specs to RSpec 2.99.2 syntax with Transpec This conversion is done by Transpec 3.1.0 with the following command: transpec * 424 conversions from: obj.should to: expect(obj).to * 325 conversions from: == expected to: eq(expected) * 38 conversions from: obj.should_not to: expect(obj).not_to * 15 conversions from: =~ /pattern/ to: match(/pattern/) * 9 conversions from: it { should ... } to: it { is_expected.to ... } * 5 conversions from: lambda { }.should_not to: expect { }.not_to * 4 conversions from: lambda { }.should to: expect { }.to * 2 conversions from: -> { }.should to: expect { }.to * 2 conversions from: -> { }.should_not to: expect { }.not_to * 1 conversion from: === expected to: be === expected * 1 conversion from: =~ [1, 2] to: match_array([1, 2]) For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
expect(Guardian.new(admin).can_anonymize_user?(user)).to eq(true)
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-06 16:44:54 -05:00
end
it "is true for moderator anonymizing a regular user" do
Convert specs to RSpec 2.99.2 syntax with Transpec This conversion is done by Transpec 3.1.0 with the following command: transpec * 424 conversions from: obj.should to: expect(obj).to * 325 conversions from: == expected to: eq(expected) * 38 conversions from: obj.should_not to: expect(obj).not_to * 15 conversions from: =~ /pattern/ to: match(/pattern/) * 9 conversions from: it { should ... } to: it { is_expected.to ... } * 5 conversions from: lambda { }.should_not to: expect { }.not_to * 4 conversions from: lambda { }.should to: expect { }.to * 2 conversions from: -> { }.should to: expect { }.to * 2 conversions from: -> { }.should_not to: expect { }.not_to * 1 conversion from: === expected to: be === expected * 1 conversion from: =~ [1, 2] to: match_array([1, 2]) For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
expect(Guardian.new(moderator).can_anonymize_user?(user)).to eq(true)
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-06 16:44:54 -05:00
end
it "is false for admin anonymizing an admin" do
expect(Guardian.new(admin).can_anonymize_user?(Fabricate(:admin))).to be_falsey
end
it "is false for admin anonymizing a moderator" do
expect(Guardian.new(admin).can_anonymize_user?(Fabricate(:moderator))).to be_falsey
end
it "is false for moderator anonymizing an admin" do
expect(Guardian.new(moderator).can_anonymize_user?(admin)).to be_falsey
end
it "is false for moderator anonymizing a moderator" do
expect(Guardian.new(moderator).can_anonymize_user?(Fabricate(:moderator))).to be_falsey
end
end
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
describe 'can_grant_title?' do
it 'is false without a logged in user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_grant_title?(user)).to be_falsey
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
end
it 'is false for regular users' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_grant_title?(user)).to be_falsey
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
end
it 'is true for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_grant_title?(user)).to be_truthy
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
end
it 'is true for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_title?(user)).to be_truthy
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
end
it 'is false without a user to look at' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_grant_title?(nil)).to be_falsey
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
end
UX: user preferences allows users to choose which title to use from their badges and groups
2018-04-06 14:29:27 -04:00
context 'with title argument' do
let(:title_badge) { Fabricate(:badge, name: 'Helper', allow_title: true) }
let(:no_title_badge) { Fabricate(:badge, name: 'Writer', allow_title: false) }
let(:group) { Fabricate(:group, title: 'Groupie') }
it 'returns true if title belongs to a badge that user has' do
BadgeGranter.grant(title_badge, user)
expect(Guardian.new(user).can_grant_title?(user, title_badge.name)).to eq(true)
end
it "returns false if title belongs to a badge that user doesn't have" do
expect(Guardian.new(user).can_grant_title?(user, title_badge.name)).to eq(false)
end
it "returns false if title belongs to a badge that user has but can't be used as a title" do
BadgeGranter.grant(no_title_badge, user)
expect(Guardian.new(user).can_grant_title?(user, no_title_badge.name)).to eq(false)
end
it 'returns true if title is from a group the user belongs to' do
group.add(user)
expect(Guardian.new(user).can_grant_title?(user, group.title)).to eq(true)
end
it "returns false if title is from a group the user doesn't belong to" do
expect(Guardian.new(user).can_grant_title?(user, group.title)).to eq(false)
end
FIX: Allow a user to remove their title Somewhere there was a regression and a user couldn't remove their own title. If they selected '(none)' in the UI it would say it was saved, but it would not actually be updated in the db.
2018-05-31 19:10:52 -04:00
it "returns true if the title is set to an empty string" do
expect(Guardian.new(user).can_grant_title?(user, '')).to eq(true)
end
UX: user preferences allows users to choose which title to use from their badges and groups
2018-04-06 14:29:27 -04:00
end
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
end
staff can change trust levels
2013-07-22 19:13:48 -04:00
describe 'can_change_trust_level?' do
it 'is false without a logged in user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_change_trust_level?(user)).to be_falsey
staff can change trust levels
2013-07-22 19:13:48 -04:00
end
it 'is false for regular users' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_change_trust_level?(user)).to be_falsey
staff can change trust levels
2013-07-22 19:13:48 -04:00
end
it 'is true for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_change_trust_level?(user)).to be_truthy
staff can change trust levels
2013-07-22 19:13:48 -04:00
end
it 'is true for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_change_trust_level?(user)).to be_truthy
staff can change trust levels
2013-07-22 19:13:48 -04:00
end
end
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
describe "can_edit_username?" do
it "is false without a logged in user" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_edit_username?(build(:user, created_at: 1.minute.ago))).to be_falsey
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
it "is false for regular users to edit another user's username" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_edit_username?(build(:user, created_at: 1.minute.ago))).to be_falsey
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
shared_examples "staff can always change usernames" do
it "is true for moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_username?(user)).to be_truthy
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
it "is true for admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_username?(user)).to be_truthy
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
end
context 'for a new user' do
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
let(:target_user) { Fabricate(:user, created_at: 1.minute.ago) }
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
include_examples "staff can always change usernames"
fixing gender sensitive pronouns
2013-12-02 23:49:54 -05:00
it "is true for the user to change their own username" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_truthy
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
end
context 'for an old user' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.username_change_period = 3
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
FEATURE: flag dispositions normalization All flags should end up in one of the three dispositions - Agree - Disagree - Defer In the administration area, the *active* flags section displays 4 buttons - Agree (hide post + send PM) - Disagree - Defer - Delete Clicking "Delete" will open a modal that offer to - Delete Post & Defer Flags - Delete Post & Agree with Flags - Delete Spammer (if available) When the flag has a list associated, the list will now display 1 response and 1 reply and a "show more..." link if there are more in the conversation. Replying to the conversation will NOT give a disposition. Moderators must click the buttons that does that. If someone clicks one buttons, this will add a default moderator message from that moderator saying what happened. The *old* flags section now displays the proper dispositions and is super duper fast (no more N+9999 queries). FIX: the old list includes deleted topics FIX: the lists now properly display the topic states (deleted, closed, archived, hidden, PM) FIX: flagging a topic that you've already flagged the first post
2014-07-28 13:17:37 -04:00
let(:target_user) { Fabricate(:user, created_at: 4.days.ago) }
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
context 'with no posts' do
include_examples "staff can always change usernames"
fixing gender sensitive pronouns
2013-12-02 23:49:54 -05:00
it "is true for the user to change their own username" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_truthy
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
end
end
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
context 'with posts' do
before { target_user.stubs(:post_count).returns(1) }
include_examples "staff can always change usernames"
fixing gender sensitive pronouns
2013-12-02 23:49:54 -05:00
it "is false for the user to change their own username" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_falsey
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
end
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
end
end
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
context 'when editing is disabled in preferences' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.username_change_period = 0
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
include_examples "staff can always change usernames"
fixing gender sensitive pronouns
2013-12-02 23:49:54 -05:00
it "is false for the user to change their own username" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_username?(user)).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
end
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
context 'when SSO username override is active' do
before do
fix the build
2017-12-23 03:46:48 -05:00
SiteSetting.sso_url = "https://www.example.com/sso"
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_sso = true
SiteSetting.sso_overrides_username = true
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
it "is false for admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_username?(admin)).to be_falsey
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
it "is false for moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_username?(moderator)).to be_falsey
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
it "is false for users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_username?(user)).to be_falsey
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
end
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
describe "can_edit_email?" do
context 'when allowed in settings' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.email_editable = true
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
it "is false when not logged in" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
it "is false for regular users to edit another user's email" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
fixing gender sensitive pronouns
2013-12-02 23:49:54 -05:00
it "is true for a regular user to edit their own email" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_email?(user)).to be_truthy
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
it "is true for moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_email?(user)).to be_truthy
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
it "is true for admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_email?(user)).to be_truthy
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
end
context 'when not allowed in settings' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.email_editable = false
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
it "is false when not logged in" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
it "is false for regular users to edit another user's email" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
fixing gender sensitive pronouns
2013-12-02 23:49:54 -05:00
it "is false for a regular user to edit their own email" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_email?(user)).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
fix spec, I don't agree with allowing mods and staff to edit this
2014-08-14 22:56:03 -04:00
it "is false for admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_email?(user)).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
fix spec, I don't agree with allowing mods and staff to edit this
2014-08-14 22:56:03 -04:00
it "is false for moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_email?(user)).to be_falsey
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-07 22:42:41 -04:00
end
end
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:54:52 -04:00
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
context 'when SSO email override is active' do
before do
Fix the build.
2017-07-09 22:12:21 -04:00
SiteSetting.email_editable = false
fix the build
2017-12-23 03:46:48 -05:00
SiteSetting.sso_url = "https://www.example.com/sso"
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_sso = true
SiteSetting.sso_overrides_email = true
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
it "is false for admins" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_email?(admin)).to be_falsey
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
it "is false for moderators" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_email?(moderator)).to be_falsey
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
it "is false for users" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_email?(user)).to be_falsey
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
end
end
end
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
describe 'can_edit_name?' do
it 'is false without a logged in user' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(nil).can_edit_name?(build(:user, created_at: 1.minute.ago))).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it "is false for regular users to edit another user's name" do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(build(:user)).can_edit_name?(build(:user, created_at: 1.minute.ago))).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
context 'for a new user' do
let(:target_user) { build(:user, created_at: 1.minute.ago) }
it 'is true for the user to change their own name' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(target_user).can_edit_name?(target_user)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_name?(user)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_name?(user)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
end
context 'when name is disabled in preferences' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_names = false
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is false for the user to change their own name' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_name?(user)).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is false for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_name?(user)).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is false for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_name?(user)).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
end
context 'when name is enabled in preferences' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_names = true
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
context 'when SSO is disabled' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_sso = false
SiteSetting.sso_overrides_name = false
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_name?(admin)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for users' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_name?(user)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
end
context 'when SSO is enabled' do
before do
fix the build
2017-12-23 03:46:48 -05:00
SiteSetting.sso_url = "https://www.example.com/sso"
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.enable_sso = true
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
context 'when SSO name override is active' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.sso_overrides_name = true
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is false for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_name?(admin)).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is false for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is false for users' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_name?(user)).to be_falsey
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
end
context 'when SSO name override is not active' do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.sso_overrides_name = false
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for admins' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(admin).can_edit_name?(admin)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for moderators' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
it 'is true for users' do
few components with rspec3 syntax
2015-01-09 11:34:37 -05:00
expect(Guardian.new(user).can_edit_name?(user)).to be_truthy
Adding name to the list of uneditable items in preferences UI * If enable_names, enable_sso, and sso_overrides_name settings are true. * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 16:26:40 -04:00
end
end
end
end
end
Wiki Post
2014-05-13 08:53:11 -04:00
FEATURE: do not allow moderators to export user list (#6418)
2018-09-20 21:07:13 -04:00
describe '#can_export_entity?' do
let(:user_guardian) { Guardian.new(user) }
let(:moderator_guardian) { Guardian.new(moderator) }
let(:admin_guardian) { Guardian.new(admin) }
it 'only allows admins to export user_list' do
expect(user_guardian.can_export_entity?('user_list')).to be_falsey
expect(moderator_guardian.can_export_entity?('user_list')).to be_falsey
expect(admin_guardian.can_export_entity?('user_list')).to be_truthy
end
it 'allow moderators to export other admin entities' do
expect(user_guardian.can_export_entity?('staff_action')).to be_falsey
expect(moderator_guardian.can_export_entity?('staff_action')).to be_truthy
expect(admin_guardian.can_export_entity?('staff_action')).to be_truthy
end
end
FEATURE: backend support for user-selectable components * FEATURE: backend support for user-selectable components * fix problems with previewing default theme * rename preview_key => preview_theme_id * omit default theme from child themes dropdown and try a different fix * cache & freeze stylesheets arrays
2018-08-08 00:46:34 -04:00
describe "#allow_themes?" do
let(:theme) { Fabricate(:theme) }
let(:theme2) { Fabricate(:theme) }
it "allows staff to use any themes" do
FIX: check admin theme cookie against user selectable previously admin got a free pass and could set theme via cookie to anything including themes that are not selectable this refactor ensures that only "preview" gets a free pass, all the rest goes through the same pipeline
2018-09-06 20:44:57 -04:00
expect(Guardian.new(moderator).allow_themes?([theme.id, theme2.id])).to eq(false)
expect(Guardian.new(admin).allow_themes?([theme.id, theme2.id])).to eq(false)
expect(Guardian.new(moderator).allow_themes?([theme.id, theme2.id], include_preview: true)).to eq(true)
expect(Guardian.new(admin).allow_themes?([theme.id, theme2.id], include_preview: true)).to eq(true)
FEATURE: backend support for user-selectable components * FEATURE: backend support for user-selectable components * fix problems with previewing default theme * rename preview_key => preview_theme_id * omit default theme from child themes dropdown and try a different fix * cache & freeze stylesheets arrays
2018-08-08 00:46:34 -04:00
end
it "only allows normal users to use user-selectable themes or default theme" do
user_guardian = Guardian.new(user)
expect(user_guardian.allow_themes?([theme.id, theme2.id])).to eq(false)
expect(user_guardian.allow_themes?([theme.id])).to eq(false)
expect(user_guardian.allow_themes?([theme2.id])).to eq(false)
theme.set_default!
expect(user_guardian.allow_themes?([theme.id])).to eq(true)
expect(user_guardian.allow_themes?([theme2.id])).to eq(false)
expect(user_guardian.allow_themes?([theme.id, theme2.id])).to eq(false)
theme2.update!(user_selectable: true)
expect(user_guardian.allow_themes?([theme2.id])).to eq(true)
expect(user_guardian.allow_themes?([theme2.id, theme.id])).to eq(false)
end
it "allows child themes to be only used with their parent" do
user_guardian = Guardian.new(user)
theme.update!(user_selectable: true)
theme2.update!(user_selectable: true)
expect(user_guardian.allow_themes?([theme.id, theme2.id])).to eq(false)
FEATURE: themes and components split * FEATURE: themes and components split * two seperate methods to switch theme type * use strict equality operator
2018-08-23 21:30:00 -04:00
theme2.update!(user_selectable: false, component: true)
FEATURE: backend support for user-selectable components * FEATURE: backend support for user-selectable components * fix problems with previewing default theme * rename preview_key => preview_theme_id * omit default theme from child themes dropdown and try a different fix * cache & freeze stylesheets arrays
2018-08-08 00:46:34 -04:00
theme.add_child_theme!(theme2)
expect(user_guardian.allow_themes?([theme.id, theme2.id])).to eq(true)
expect(user_guardian.allow_themes?([theme2.id])).to eq(false)
end
end
Wiki Post
2014-05-13 08:53:11 -04:00
describe 'can_wiki?' do
FIX: do not allow normal users to wiki edit-expired posts
2016-03-15 05:13:52 -04:00
let(:post) { build(:post, created_at: 1.minute.ago) }
FEATURE: allow users to wikify their own posts based on trust level
2016-01-11 10:26:00 -05:00
Wiki Post
2014-05-13 08:53:11 -04:00
it 'returns false for regular user' do
FEATURE: allow users to wikify their own posts based on trust level
2016-01-11 10:26:00 -05:00
expect(Guardian.new(coding_horror).can_wiki?(post)).to be_falsey
end
it "returns false when user does not satisfy trust level but owns the post" do
own_post = Fabricate(:post, user: trust_level_2)
expect(Guardian.new(trust_level_2).can_wiki?(own_post)).to be_falsey
end
it "returns false when user satisfies trust level but tries to wiki someone else's post" do
SiteSetting.min_trust_to_allow_self_wiki = 2
expect(Guardian.new(trust_level_2).can_wiki?(post)).to be_falsey
end
it 'returns true when user satisfies trust level and owns the post' do
SiteSetting.min_trust_to_allow_self_wiki = 2
own_post = Fabricate(:post, user: trust_level_2)
expect(Guardian.new(trust_level_2).can_wiki?(own_post)).to be_truthy
Wiki Post
2014-05-13 08:53:11 -04:00
end
it 'returns true for admin user' do
FEATURE: allow users to wikify their own posts based on trust level
2016-01-11 10:26:00 -05:00
expect(Guardian.new(admin).can_wiki?(post)).to be_truthy
Wiki Post
2014-05-13 08:53:11 -04:00
end
remove elder terminology in specs
2014-09-05 02:52:40 -04:00
it 'returns true for trust_level_4 user' do
FEATURE: allow users to wikify their own posts based on trust level
2016-01-11 10:26:00 -05:00
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
Wiki Post
2014-05-13 08:53:11 -04:00
end
FIX: do not allow normal users to wiki edit-expired posts
2016-03-15 05:13:52 -04:00
context 'post is older than post_edit_time_limit' do
let(:old_post) { build(:post, user: trust_level_2, created_at: 6.minutes.ago) }
before do
SiteSetting.min_trust_to_allow_self_wiki = 2
SiteSetting.post_edit_time_limit = 5
end
it 'returns false when user satisfies trust level and owns the post' do
expect(Guardian.new(trust_level_2).can_wiki?(old_post)).to be_falsey
end
it 'returns true for admin user' do
expect(Guardian.new(admin).can_wiki?(old_post)).to be_truthy
end
it 'returns true for trust_level_4 user' do
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
end
end
Wiki Post
2014-05-13 08:53:11 -04:00
end
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
describe "Tags" do
context "tagging disabled" do
before do
SiteSetting.tagging_enabled = false
end
it "can_create_tag returns false" do
expect(Guardian.new(admin).can_create_tag?).to be_falsey
end
it "can_admin_tags returns false" do
expect(Guardian.new(admin).can_admin_tags?).to be_falsey
end
it "can_admin_tag_groups returns false" do
expect(Guardian.new(admin).can_admin_tag_groups?).to be_falsey
end
end
context "tagging is enabled" do
before do
SiteSetting.tagging_enabled = true
SiteSetting.min_trust_level_to_tag_topics = 1
end
add specs for min_trust_to_create_tag set to staff and admin
2018-07-05 11:39:32 -04:00
context 'min_trust_to_create_tag is 3' do
before do
SiteSetting.min_trust_to_create_tag = 3
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
end
add specs for min_trust_to_create_tag set to staff and admin
2018-07-05 11:39:32 -04:00
describe "can_create_tag" do
it "returns false if trust level is too low" do
expect(Guardian.new(trust_level_2).can_create_tag?).to be_falsey
end
it "returns true if trust level is high enough" do
expect(Guardian.new(trust_level_3).can_create_tag?).to be_truthy
end
it "returns true for staff" do
expect(Guardian.new(admin).can_create_tag?).to be_truthy
expect(Guardian.new(moderator).can_create_tag?).to be_truthy
end
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
end
add specs for min_trust_to_create_tag set to staff and admin
2018-07-05 11:39:32 -04:00
describe "can_tag_topics" do
it "returns false if trust level is too low" do
expect(Guardian.new(Fabricate(:user, trust_level: 0)).can_tag_topics?).to be_falsey
end
it "returns true if trust level is high enough" do
expect(Guardian.new(Fabricate(:user, trust_level: 1)).can_tag_topics?).to be_truthy
end
it "returns true for staff" do
expect(Guardian.new(admin).can_tag_topics?).to be_truthy
expect(Guardian.new(moderator).can_tag_topics?).to be_truthy
end
end
end
context 'min_trust_to_create_tag is "staff"' do
before do
SiteSetting.min_trust_to_create_tag = 'staff'
end
it "returns false if not staff" do
expect(Guardian.new(trust_level_4).can_create_tag?).to eq(false)
end
it "returns true if staff" do
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
expect(Guardian.new(admin).can_create_tag?).to be_truthy
expect(Guardian.new(moderator).can_create_tag?).to be_truthy
end
end
add specs for min_trust_to_create_tag set to staff and admin
2018-07-05 11:39:32 -04:00
context 'min_trust_to_create_tag is "admin"' do
before do
SiteSetting.min_trust_to_create_tag = 'admin'
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
end
add specs for min_trust_to_create_tag set to staff and admin
2018-07-05 11:39:32 -04:00
it "returns false if not admin" do
expect(Guardian.new(trust_level_4).can_create_tag?).to eq(false)
expect(Guardian.new(moderator).can_create_tag?).to eq(false)
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
end
add specs for min_trust_to_create_tag set to staff and admin
2018-07-05 11:39:32 -04:00
it "returns true if admin" do
expect(Guardian.new(admin).can_create_tag?).to be_truthy
FEATURE: tag groups
2016-06-06 14:18:15 -04:00
end
end
end
end
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
FEATURE: add support for group visibility level There are 4 visibility levels - public (default) - members only - staff - owners Note, admins and group owners ALWAYS have visibility to groups Migration treated old "non public" as "members only"
2017-07-03 15:26:46 -04:00
describe(:can_see_group) do
it 'Correctly handles owner visibile groups' do
group = Group.new(name: 'group', visibility_level: Group.visibility_levels[:owners])
member = Fabricate(:user)
group.add(member)
group.save!
owner = Fabricate(:user)
group.add_owner(owner)
group.reload
expect(Guardian.new(admin).can_see_group?(group)).to eq(true)
expect(Guardian.new(moderator).can_see_group?(group)).to eq(false)
expect(Guardian.new(member).can_see_group?(group)).to eq(false)
expect(Guardian.new.can_see_group?(group)).to eq(false)
expect(Guardian.new(owner).can_see_group?(group)).to eq(true)
end
it 'Correctly handles staff visibile groups' do
group = Group.new(name: 'group', visibility_level: Group.visibility_levels[:staff])
member = Fabricate(:user)
group.add(member)
group.save!
owner = Fabricate(:user)
group.add_owner(owner)
group.reload
expect(Guardian.new(member).can_see_group?(group)).to eq(false)
expect(Guardian.new(admin).can_see_group?(group)).to eq(true)
expect(Guardian.new(moderator).can_see_group?(group)).to eq(true)
expect(Guardian.new(owner).can_see_group?(group)).to eq(true)
expect(Guardian.new.can_see_group?(group)).to eq(false)
end
it 'Correctly handles member visibile groups' do
group = Group.new(name: 'group', visibility_level: Group.visibility_levels[:members])
member = Fabricate(:user)
group.add(member)
group.save!
owner = Fabricate(:user)
group.add_owner(owner)
group.reload
expect(Guardian.new(moderator).can_see_group?(group)).to eq(false)
expect(Guardian.new.can_see_group?(group)).to eq(false)
expect(Guardian.new(admin).can_see_group?(group)).to eq(true)
expect(Guardian.new(member).can_see_group?(group)).to eq(true)
expect(Guardian.new(owner).can_see_group?(group)).to eq(true)
end
it 'Correctly handles public groups' do
group = Group.new(name: 'group', visibility_level: Group.visibility_levels[:public])
expect(Guardian.new.can_see_group?(group)).to eq(true)
end
end
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
context 'topic featured link category restriction' do
before { SiteSetting.topic_featured_link_enabled = true }
let(:guardian) { Guardian.new }
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
let(:uncategorized) { Category.find(SiteSetting.uncategorized_category_id) }
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-15 17:46:43 -05:00
context "uncategorized" do
let!(:link_category) { Fabricate(:link_category) }
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
it "allows featured links if uncategorized allows it" do
uncategorized.topic_featured_link_allowed = true
uncategorized.save!
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-15 17:46:43 -05:00
expect(guardian.can_edit_featured_link?(nil)).to eq(true)
end
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
it "forbids featured links if uncategorized forbids it" do
uncategorized.topic_featured_link_allowed = false
uncategorized.save!
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-15 17:46:43 -05:00
expect(guardian.can_edit_featured_link?(nil)).to eq(false)
end
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
end
context 'when exist' do
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-15 17:46:43 -05:00
let!(:category) { Fabricate(:category, topic_featured_link_allowed: false) }
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
let!(:link_category) { Fabricate(:link_category) }
it 'returns true if the category is listed' do
expect(guardian.can_edit_featured_link?(link_category.id)).to eq(true)
end
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-15 17:46:43 -05:00
it 'returns false if the category does not allow it' do
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
expect(guardian.can_edit_featured_link?(category.id)).to eq(false)
end
end
end
FEATURE: Site Setting to hide suspension reason on the public profile
2017-09-12 16:06:01 -04:00
context "suspension reasons" do
let(:user) { Fabricate(:user) }
it "will be shown by default" do
expect(Guardian.new.can_see_suspension_reason?(user)).to eq(true)
end
context "with hide suspension reason enabled" do
let(:moderator) { Fabricate(:moderator) }
before do
SiteSetting.hide_suspension_reasons = true
end
it "will not be shown to anonymous users" do
expect(Guardian.new.can_see_suspension_reason?(user)).to eq(false)
end
it "users can see their own suspensions" do
expect(Guardian.new(user).can_see_suspension_reason?(user)).to eq(true)
end
it "staff can see suspensions" do
expect(Guardian.new(moderator).can_see_suspension_reason?(user)).to eq(true)
end
end
end
FEATURE: Allow user to leave a PM.
2017-10-10 04:26:56 -04:00
describe '#can_remove_allowed_users?' do
context 'staff users' do
it 'should be true' do
expect(Guardian.new(moderator).can_remove_allowed_users?(topic))
.to eq(true)
end
end
context 'normal user' do
let(:topic) { Fabricate(:topic, user: Fabricate(:user)) }
let(:another_user) { Fabricate(:user) }
before do
topic.allowed_users << user
topic.allowed_users << another_user
end
it 'should be false' do
expect(Guardian.new(user).can_remove_allowed_users?(topic))
.to eq(false)
end
describe 'target_user is the user' do
describe 'when user is in a pm with another user' do
it 'should return true' do
expect(Guardian.new(user).can_remove_allowed_users?(topic, user))
.to eq(true)
end
end
describe 'when user is the creator of the topic' do
it 'should return false' do
expect(Guardian.new(topic.user).can_remove_allowed_users?(topic, topic.user))
.to eq(false)
end
end
describe 'when user is the only user in the topic' do
it 'should return false' do
topic.remove_allowed_user(Discourse.system_user, another_user.username)
expect(Guardian.new(user).can_remove_allowed_users?(topic, user))
.to eq(false)
end
end
end
describe 'target_user is not the user' do
it 'should return false' do
expect(Guardian.new(user).can_remove_allowed_users?(topic, moderator))
.to eq(false)
end
end
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end