Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Moderator(non-admin staff user) group visibility scope queries (#22109) 

Currently, groups owned by moderators are not visible to them on the
groups page. This happens because, the group visibility queries don't
account for non-admin staff user group ownership.

This change updates the group visibility scope queries to account for a
moderator(non-admin staff user) group ownership.
This commit is contained in:
Selase Krakani 2023-06-14 15:25:45 +00:00 committed by GitHub
parent 1865eb1de3
commit 2652354da3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
app/models/group.rb
View File

@ -165,7 +165,18 @@ class Group < ActiveRecord::Base
if user.blank? if user.blank?
sql = "groups.visibility_level = :public" sql = "groups.visibility_level = :public"
elsif is_staff elsif is_staff
sql = "groups.visibility_level IN (:public, :logged_on_users, :members, :staff)" sql = <<~SQL
groups.visibility_level IN (:public, :logged_on_users, :members, :staff)
OR
groups.id IN (
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id
AND gu.user_id = :user_id
AND gu.owner
WHERE g.visibility_level = :owners
)
SQL
else else
sql = <<~SQL sql = <<~SQL
groups.id IN ( groups.id IN (
@ -209,8 +220,18 @@ class Group < ActiveRecord::Base
if user.blank? if user.blank?
sql = "groups.members_visibility_level = :public" sql = "groups.members_visibility_level = :public"
elsif is_staff elsif is_staff
sql = sql = <<~SQL
"groups.members_visibility_level IN (:public, :logged_on_users, :members, :staff)" groups.members_visibility_level IN (:public, :logged_on_users, :members, :staff)
OR
groups.id IN (
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id
AND gu.user_id = :user_id
AND gu.owner
WHERE g.members_visibility_level = :owners
)
SQL
else else
sql = <<~SQL sql = <<~SQL
groups.id IN ( groups.id IN (

10
spec/models/group_spec.rb
View File

@ -766,6 +766,11 @@ RSpec.describe Group do
expect(can_view?(logged_on_user, group)).to eq(false) expect(can_view?(logged_on_user, group)).to eq(false)
expect(can_view?(nil, group)).to eq(false) expect(can_view?(nil, group)).to eq(false)
group.add_owner(moderator)
expect(can_view?(moderator, group)).to eq(true)
GroupUser.delete_by(group: group, user: moderator)
group.update_columns(visibility_level: Group.visibility_levels[:staff]) group.update_columns(visibility_level: Group.visibility_levels[:staff])
expect(can_view?(admin, group)).to eq(true) expect(can_view?(admin, group)).to eq(true)
@ -829,6 +834,11 @@ RSpec.describe Group do
expect(can_view?(logged_on_user, group)).to eq(false) expect(can_view?(logged_on_user, group)).to eq(false)
expect(can_view?(nil, group)).to eq(false) expect(can_view?(nil, group)).to eq(false)
group.add_owner(moderator)
expect(can_view?(moderator, group)).to eq(true)
GroupUser.delete_by(group: group, user: moderator)
group.update_columns(members_visibility_level: Group.visibility_levels[:staff]) group.update_columns(members_visibility_level: Group.visibility_levels[:staff])
expect(can_view?(admin, group)).to eq(true) expect(can_view?(admin, group)).to eq(true)