DEV: handles presence channel configured with everyone group (#20741)
This commit will allow any connected user to access a presence channel configured with the automatic group "everyone"
This commit is contained in:
parent
4782c34dce
commit
133ea4cfec
|
@ -104,6 +104,7 @@ class PresenceChannel
|
||||||
return true if user_id && config.allowed_user_ids&.include?(user_id)
|
return true if user_id && config.allowed_user_ids&.include?(user_id)
|
||||||
|
|
||||||
if user_id && config.allowed_group_ids.present?
|
if user_id && config.allowed_group_ids.present?
|
||||||
|
return true if config.allowed_group_ids.include?(Group::AUTO_GROUPS[:everyone])
|
||||||
group_ids ||= GroupUser.where(user_id: user_id).pluck("group_id")
|
group_ids ||= GroupUser.where(user_id: user_id).pluck("group_id")
|
||||||
return true if (group_ids & config.allowed_group_ids).present?
|
return true if (group_ids & config.allowed_group_ids).present?
|
||||||
end
|
end
|
||||||
|
|
|
@ -24,6 +24,8 @@ RSpec.describe PresenceChannel do
|
||||||
PresenceChannel::Config.new(allowed_user_ids: [user.id])
|
PresenceChannel::Config.new(allowed_user_ids: [user.id])
|
||||||
when "/test/allowedgroup"
|
when "/test/allowedgroup"
|
||||||
PresenceChannel::Config.new(allowed_group_ids: [group.id])
|
PresenceChannel::Config.new(allowed_group_ids: [group.id])
|
||||||
|
when "/test/everyonegroup"
|
||||||
|
PresenceChannel::Config.new(allowed_group_ids: [Group::AUTO_GROUPS[:everyone]])
|
||||||
when "/test/noaccess"
|
when "/test/noaccess"
|
||||||
PresenceChannel::Config.new
|
PresenceChannel::Config.new
|
||||||
when "/test/countonly"
|
when "/test/countonly"
|
||||||
|
@ -204,11 +206,13 @@ RSpec.describe PresenceChannel do
|
||||||
expect(PresenceChannel.new("/test/secureuser").can_enter?(user_id: nil)).to eq(false)
|
expect(PresenceChannel.new("/test/secureuser").can_enter?(user_id: nil)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/securegroup").can_enter?(user_id: nil)).to eq(false)
|
expect(PresenceChannel.new("/test/securegroup").can_enter?(user_id: nil)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/noaccess").can_enter?(user_id: nil)).to eq(false)
|
expect(PresenceChannel.new("/test/noaccess").can_enter?(user_id: nil)).to eq(false)
|
||||||
|
expect(PresenceChannel.new("/test/everyonegroup").can_enter?(user_id: nil)).to eq(false)
|
||||||
|
|
||||||
expect(PresenceChannel.new("/test/public1").can_view?(user_id: nil)).to eq(true)
|
expect(PresenceChannel.new("/test/public1").can_view?(user_id: nil)).to eq(true)
|
||||||
expect(PresenceChannel.new("/test/secureuser").can_view?(user_id: nil)).to eq(false)
|
expect(PresenceChannel.new("/test/secureuser").can_view?(user_id: nil)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/securegroup").can_view?(user_id: nil)).to eq(false)
|
expect(PresenceChannel.new("/test/securegroup").can_view?(user_id: nil)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/noaccess").can_view?(user_id: nil)).to eq(false)
|
expect(PresenceChannel.new("/test/noaccess").can_view?(user_id: nil)).to eq(false)
|
||||||
|
expect(PresenceChannel.new("/test/everyonegroup").can_view?(user_id: nil)).to eq(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "handles security correctly for a user" do
|
it "handles security correctly for a user" do
|
||||||
|
@ -216,12 +220,14 @@ RSpec.describe PresenceChannel do
|
||||||
expect(PresenceChannel.new("/test/securegroup").can_enter?(user_id: user.id)).to eq(false)
|
expect(PresenceChannel.new("/test/securegroup").can_enter?(user_id: user.id)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/alloweduser").can_enter?(user_id: user.id)).to eq(true)
|
expect(PresenceChannel.new("/test/alloweduser").can_enter?(user_id: user.id)).to eq(true)
|
||||||
expect(PresenceChannel.new("/test/allowedgroup").can_enter?(user_id: user.id)).to eq(true)
|
expect(PresenceChannel.new("/test/allowedgroup").can_enter?(user_id: user.id)).to eq(true)
|
||||||
|
expect(PresenceChannel.new("/test/everyonegroup").can_enter?(user_id: user.id)).to eq(true)
|
||||||
expect(PresenceChannel.new("/test/noaccess").can_enter?(user_id: user.id)).to eq(false)
|
expect(PresenceChannel.new("/test/noaccess").can_enter?(user_id: user.id)).to eq(false)
|
||||||
|
|
||||||
expect(PresenceChannel.new("/test/secureuser").can_view?(user_id: user.id)).to eq(false)
|
expect(PresenceChannel.new("/test/secureuser").can_view?(user_id: user.id)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/securegroup").can_view?(user_id: user.id)).to eq(false)
|
expect(PresenceChannel.new("/test/securegroup").can_view?(user_id: user.id)).to eq(false)
|
||||||
expect(PresenceChannel.new("/test/alloweduser").can_view?(user_id: user.id)).to eq(true)
|
expect(PresenceChannel.new("/test/alloweduser").can_view?(user_id: user.id)).to eq(true)
|
||||||
expect(PresenceChannel.new("/test/allowedgroup").can_view?(user_id: user.id)).to eq(true)
|
expect(PresenceChannel.new("/test/allowedgroup").can_view?(user_id: user.id)).to eq(true)
|
||||||
|
expect(PresenceChannel.new("/test/everyonegroup").can_view?(user_id: user.id)).to eq(true)
|
||||||
expect(PresenceChannel.new("/test/noaccess").can_view?(user_id: user.id)).to eq(false)
|
expect(PresenceChannel.new("/test/noaccess").can_view?(user_id: user.id)).to eq(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue