Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/lib/category_guardian_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

138 lines
4.6 KiB
Ruby
Raw Normal View History

FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
# frozen_string_literal: true
RSpec.describe CategoryGuardian do
fab!(:admin) { Fabricate(:admin) }
fab!(:user) { Fabricate(:user) }
fab!(:can_create_user) { Fabricate(:user) }
FIX: Allow category moderators to move topics to their categories (#20896)
2023-10-03 05:59:16 -04:00
fab!(:category) do
Fabricate(:category, category_setting_attributes: { require_topic_approval: false })
end
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
describe "can_post_in_category?" do
context "when not restricted category" do
it "returns false for anonymous user" do
expect(Guardian.new.can_post_in_category?(category)).to eq(false)
end
it "returns true for admin" do
expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
end
it "returns true for regular user" do
expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
end
end
context "when restricted category" do
fab!(:group) { Fabricate(:group) }
DEV: permission type for private category fabricator (#19601) Allow to specify permission type for category fabricator to test `:readonly`, `:create_post` and `:full` rights.
2022-12-22 22:18:29 -05:00
fab!(:category) do
Fabricate(
:private_category,
group: group,
permission_type: CategoryGroup.permission_types[:readonly],
)
DEV: Apply syntax_tree formatting to `spec/*`
2023-01-09 06:18:21 -05:00
end
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }
it "returns false for anonymous user" do
expect(Guardian.new.can_post_in_category?(category)).to eq(false)
end
it "returns false for member of group with readonly access" do
expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)
end
FIX: Don't autojoin users when they have ready-only permissions (#20213) After this change, in order to join a chat channel, a user needs to be in a group with at least “Reply” permission for the category. If the user only has “See” permission, they are able to preview the channel, but not join it or send messages. The auto-join function also follows this new restriction. --------- Co-authored-by: Martin Brennan <martin@discourse.org>
2023-05-10 07:45:13 -04:00
it "returns false if everyone has readonly access" do
everyone = Group.find(Group::AUTO_GROUPS[:everyone])
everyone.add(user)
category = Fabricate(:category)
Fabricate(
:category_group,
category: category,
group: everyone,
permission_type: CategoryGroup.permission_types[:readonly],
)
expect(Guardian.new(user).can_post_in_category?(category)).to eq(false)
end
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
it "returns true for admin" do
expect(Guardian.new(admin).can_post_in_category?(category)).to eq(true)
end
it "returns true for member of group with create_post access" do
DEV: permission type for private category fabricator (#19601) Allow to specify permission type for category fabricator to test `:readonly`, `:create_post` and `:full` rights.
2022-12-22 22:18:29 -05:00
category =
Fabricate(
:private_category,
group: group,
permission_type: CategoryGroup.permission_types[:create_post],
)
expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
end
it "returns true for member of group with full access" do
DEV: permission type for private category fabricator (#19601) Allow to specify permission type for category fabricator to test `:readonly`, `:create_post` and `:full` rights.
2022-12-22 22:18:29 -05:00
category =
Fabricate(
:private_category,
group: group,
permission_type: CategoryGroup.permission_types[:full],
)
expect(Guardian.new(user).can_post_in_category?(category)).to eq(true)
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
end
end
end
FIX: Allow category moderators to move topics to their categories (#20896)
2023-10-03 05:59:16 -04:00
describe "#topics_need_approval?" do
fab!(:reviewable_group) { Fabricate(:group) }
it "returns false when admin" do
expect(Guardian.new(admin).topics_need_approval?(category)).to eq(false)
end
it "returns the value of require_topic_approval when group moderation is off" do
SiteSetting.enable_category_group_moderation = false
category.require_topic_approval = false
category.save!
expect(Guardian.new(user).topics_need_approval?(category)).to eq(false)
category.require_topic_approval = true
category.save!
expect(Guardian.new(user).topics_need_approval?(category)).to eq(true)
end
it "returns the value of require_topic_approval when group moderation is on and there are no groups set" do
SiteSetting.enable_category_group_moderation = true
category.reviewable_by_group_id = nil
category.require_topic_approval = false
category.save!
expect(Guardian.new(user).topics_need_approval?(category)).to eq(false)
category.require_topic_approval = true
category.save!
expect(Guardian.new(user).topics_need_approval?(category)).to eq(true)
end
it "returns false when group moderation is on and the user is in the reviewable group" do
SiteSetting.enable_category_group_moderation = true
category.require_topic_approval = true
category.reviewable_by_group_id = reviewable_group.id
category.save!
Fabricate(:group_user, group: reviewable_group, user: user)
expect(Guardian.new(user).topics_need_approval?(category)).to eq(false)
end
it "returns true when group moderation is on and the user is not in the reviewable group" do
SiteSetting.enable_category_group_moderation = true
category.require_topic_approval = false
category.reviewable_by_group_id = Fabricate(:group).id
category.save!
expect(Guardian.new(user).topics_need_approval?(category)).to eq(true)
end
end
FIX: access to category chat only when user can create post (#19488) Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
2022-12-18 19:35:28 -05:00
end