Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Allow staff to view pending/expired invites of other users (#14602) 

`/u/username/invited.json?filter=expired` and `/u/username/invited.json?filter=pending` APIs are already returning data to admins. However, the `can_see_invite_details?` boolean was false, which prevented the Ember frontend from showing the tabs correctly. This commit updates the guardian method to match reality.
This commit is contained in:
David Taylor 2021-10-14 15:57:01 +01:00 committed by GitHub
parent d76d418e5d
commit 567c470361
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/guardian.rb
View File

@ -353,7 +353,7 @@ class Guardian
end end
def can_see_invite_details?(user) def can_see_invite_details?(user)
is_me?(user) is_staff? || is_me?(user)
end end
def can_see_invite_emails?(user) def can_see_invite_emails?(user)

20
spec/requests/users_controller_spec.rb
View File

@ -1877,6 +1877,7 @@ describe UsersController do
invites = response.parsed_body['invites'] invites = response.parsed_body['invites']
expect(invites.size).to eq(1) expect(invites.size).to eq(1)
expect(invites.first).to include("email" => invite.email) expect(invites.first).to include("email" => invite.email)
expect(response.parsed_body['can_see_invite_details']).to eq(true)
end end
end end
@ -1896,8 +1897,8 @@ describe UsersController do
end end
context 'with permission to see invite links' do context 'with permission to see invite links' do
it 'returns invites' do it 'returns own invites' do
inviter = sign_in(Fabricate(:admin)) inviter = sign_in(Fabricate(:user, trust_level: 2))
invite = Fabricate(:invite, invited_by: inviter, email: nil, max_redemptions_allowed: 5, expires_at: 1.month.from_now, emailed_status: Invite.emailed_status_types[:not_required]) invite = Fabricate(:invite, invited_by: inviter, email: nil, max_redemptions_allowed: 5, expires_at: 1.month.from_now, emailed_status: Invite.emailed_status_types[:not_required])
get "/u/#{inviter.username}/invited/pending.json" get "/u/#{inviter.username}/invited/pending.json"
@ -1906,6 +1907,21 @@ describe UsersController do
invites = response.parsed_body['invites'] invites = response.parsed_body['invites']
expect(invites.size).to eq(1) expect(invites.size).to eq(1)
expect(invites.first).to include("id" => invite.id) expect(invites.first).to include("id" => invite.id)
expect(response.parsed_body['can_see_invite_details']).to eq(true)
end
it 'allows admin to see invites' do
inviter = Fabricate(:user, trust_level: 2)
admin = sign_in(Fabricate(:admin))
invite = Fabricate(:invite, invited_by: inviter, email: nil, max_redemptions_allowed: 5, expires_at: 1.month.from_now, emailed_status: Invite.emailed_status_types[:not_required])
get "/u/#{inviter.username}/invited/pending.json"
expect(response.status).to eq(200)
invites = response.parsed_body['invites']
expect(invites.size).to eq(1)
expect(invites.first).to include("id" => invite.id)
expect(response.parsed_body['can_see_invite_details']).to eq(true)
end end
end end