FIX: Don't include secret membership groups when serializing other users (#29799)

As part of a previous fix we changed which groups are serialized for a user, in order to fix a bug in the default group selector under user preferences.

However, we should only change this when serializing the current user. This change combines the old code-path and the new based on who is serializing.
This commit is contained in:
Ted Johansson 2024-11-18 19:25:42 +08:00 committed by GitHub
parent 388b9dd38d
commit 235c6434c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 6 deletions

View File

@ -90,7 +90,11 @@ class UserSerializer < UserCardSerializer
end end
def groups def groups
if scope.user == object
object.groups.order(:id).visible_groups(scope.user) object.groups.order(:id).visible_groups(scope.user)
else
object.groups.order(:id).visible_groups(scope.user).members_visible_groups(scope.user)
end
end end
def group_users def group_users

View File

@ -511,17 +511,29 @@ RSpec.describe UserSerializer do
members_visibility_level: Group.visibility_levels[:owners], members_visibility_level: Group.visibility_levels[:owners],
) )
end end
let(:serializer) { UserSerializer.new(user, scope: Guardian.new, root: false) } let(:serializer) { UserSerializer.new(user, scope: guardian, root: false) }
before do before do
group.add(user) group.add(user)
group.save! group.save!
end end
it "should show group even when members list is not visible" do context "when serializing user's own groups" do
let(:guardian) { Guardian.new(user) }
it "includes secret membership group" do
json = serializer.as_json json = serializer.as_json
expect(json[:groups].length).to eq(1) expect(json[:groups].map { |g| g[:id] }).to include(group.id)
expect(json[:groups].first[:id]).to eq(group.id) end
end
context "when serializing other users' groups" do
let(:guardian) { Guardian.new }
it "does not include secret membership group" do
json = serializer.as_json
expect(json[:groups]).to be_empty
end
end end
end end
end end