FIX: Do not show automatic groups to normal users.

2016-12-20 14:26:15 +08:00 · 2016-12-20 14:26:15 +08:00 · 193f8301a4
parent ea9f7a41af
commit 193f8301a4
2 changed files with 35 additions and 8 deletions
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@ -14,10 +14,13 @@ class GroupsController < ApplicationController
    page_size = 30
    page = params[:page]&.to_i || 0

-    groups = Group.order(user_count: :desc, name: :asc)
-      .where(visible: true)
-      .offset(page * page_size)
-      .limit(page_size)
+    groups = Group.order(user_count: :desc, name: :asc).where(visible: true)
+
+    if !guardian.is_admin?
+      groups = groups.where(automatic: false)
+    end
+
+    groups = groups.offset(page * page_size).limit(page_size)

    render json: {
      groups: serialize_data(groups, BasicGroupSerializer),
--- a/spec/integration/groups_spec.rb
+++ b/spec/integration/groups_spec.rb
@ -5,10 +5,16 @@ describe "Groups" do
  let(:group) { Fabricate(:group, users: [user]) }

  describe 'viewing groups' do
-    it 'should return the right response' do
-      group.update_attributes!(visible: true)
-      other_group = Fabricate(:group, name: '0000', visible: true)
+    let(:other_group) do
+      Fabricate(:group, name: '0000', visible: true, automatic: false)
+    end

+    before do
+      other_group
+      group.update_attributes!(automatic: true, visible: true)
+    end
+
+    it 'should return the right response' do
      get "/groups.json"

      expect(response).to be_success
@ -17,9 +23,27 @@ describe "Groups" do

      group_ids = response_body["groups"].map { |g| g["id"] }

-      expect(group_ids).to include(group.id, other_group.id)
+      expect(group_ids).to include(other_group.id)
+      expect(group_ids).to_not include(group.id)
      expect(response_body["load_more_groups"]).to eq("/groups?page=1")
    end
+
+    context 'viewing as an admin' do
+      it 'should display automatic groups' do
+        sign_in(Fabricate(:admin))
+
+        get "/groups.json"
+
+        expect(response).to be_success
+
+        response_body = JSON.parse(response.body)
+
+        group_ids = response_body["groups"].map { |g| g["id"] }
+
+        expect(group_ids).to include(group.id, other_group.id)
+        expect(response_body["load_more_groups"]).to eq("/groups?page=1")
+      end
+    end
  end

  describe "checking if a group can be mentioned" do