FIX: Disable poll options if user groups do not allow them (#8987)

2020-02-18 12:13:19 +02:00 · 2020-02-18 12:13:19 +02:00 · 59db2811b0
parent 5122826bde
commit 59db2811b0
2 changed files with 157 additions and 13 deletions
--- a/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6
+++ b/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6
@ -39,6 +39,20 @@ function _fetchVoters(data) {
  });
 }

+function checkUserGroups(user, poll) {
+  const pollGroups =
+    poll && poll.groups && poll.groups.split(",").map(g => g.toLowerCase());
+
+  if (!pollGroups) {
+    return true;
+  }
+
+  const userGroups =
+    user && user.groups && user.groups.map(g => g.name.toLowerCase());
+
+  return userGroups && pollGroups.some(g => userGroups.includes(g));
+}
+
 createWidget("discourse-poll-option", {
  tagName: "li",

@ -335,19 +349,7 @@ createWidget("discourse-poll-container", {
    } else if (options) {
      const contents = [];

-      const pollGroups =
-        poll.groups && poll.groups.split(",").map(g => g.toLowerCase());
-
-      const userGroups =
-        this.currentUser &&
-        this.currentUser.groups &&
-        this.currentUser.groups.map(g => g.name.toLowerCase());
-
-      if (
-        pollGroups &&
-        userGroups &&
-        !pollGroups.some(g => userGroups.includes(g))
-      ) {
+      if (!checkUserGroups(this.currentUser, poll)) {
        contents.push(
          h(
            "div.alert.alert-danger",
@ -1012,6 +1014,7 @@ export default createWidget("discourse-poll", {

    if (this.isClosed()) return;
    if (!this.currentUser) return this.showLogin();
+    if (!checkUserGroups(this.currentUser, this.attrs.poll)) return;

    const { vote } = attrs;
    if (!this.isMultiple()) {
--- a/plugins/poll/test/javascripts/widgets/discourse-poll-test.js.es6
+++ b/plugins/poll/test/javascripts/widgets/discourse-poll-test.js.es6
@ -0,0 +1,141 @@
+import EmberObject from "@ember/object";
+import { moduleForWidget, widgetTest } from "helpers/widget-test";
+
+moduleForWidget("discourse-poll");
+
+const template = `{{mount-widget
+                    widget="discourse-poll"
+                    args=(hash id=id
+                               post=post
+                               poll=poll
+                               vote=vote
+                               groupableUserFields=groupableUserFields)}}`;
+
+widgetTest("can vote", {
+  template,
+
+  beforeEach() {
+    this.setProperties({
+      post: EmberObject.create({
+        id: 42,
+        topic: {
+          archived: false
+        }
+      }),
+      poll: EmberObject.create({
+        name: "poll",
+        type: "regular",
+        status: "open",
+        results: "always",
+        options: [
+          { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 0 },
+          { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 }
+        ],
+        voters: 0,
+        chart_type: "bar"
+      }),
+      vote: [],
+      groupableUserFields: []
+    });
+  },
+
+  async test(assert) {
+    let requests = 0;
+
+    /* global server */
+    server.put("/polls/vote", () => {
+      ++requests;
+      return [
+        200,
+        { "Content-Type": "application/json" },
+        {
+          poll: {
+            name: "poll",
+            type: "regular",
+            status: "open",
+            results: "always",
+            options: [
+              { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 1 },
+              { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 }
+            ],
+            voters: 1,
+            chart_type: "bar"
+          },
+          vote: ["1f972d1df351de3ce35a787c89faad29"]
+        }
+      ];
+    });
+
+    await click("li[data-poll-option-id='1f972d1df351de3ce35a787c89faad29']");
+    assert.equal(requests, 1);
+    assert.equal(find(".chosen").length, 1);
+    assert.equal(find(".chosen").text(), "100%yes");
+  }
+});
+
+widgetTest("cannot vote if not member of the right group", {
+  template,
+
+  beforeEach() {
+    this.setProperties({
+      post: EmberObject.create({
+        id: 42,
+        topic: {
+          archived: false
+        }
+      }),
+      poll: EmberObject.create({
+        name: "poll",
+        type: "regular",
+        status: "open",
+        results: "always",
+        options: [
+          { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 0 },
+          { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 }
+        ],
+        voters: 0,
+        chart_type: "bar",
+        groups: "foo"
+      }),
+      vote: [],
+      groupableUserFields: []
+    });
+  },
+
+  async test(assert) {
+    let requests = 0;
+
+    /* global server */
+    server.put("/polls/vote", () => {
+      ++requests;
+      return [
+        200,
+        { "Content-Type": "application/json" },
+        {
+          poll: {
+            name: "poll",
+            type: "regular",
+            status: "open",
+            results: "always",
+            options: [
+              { id: "1f972d1df351de3ce35a787c89faad29", html: "yes", votes: 1 },
+              { id: "d7ebc3a9beea2e680815a1e4f57d6db6", html: "no", votes: 0 }
+            ],
+            voters: 1,
+            chart_type: "bar",
+            groups: "foo"
+          },
+          vote: ["1f972d1df351de3ce35a787c89faad29"]
+        }
+      ];
+    });
+
+    await click("li[data-poll-option-id='1f972d1df351de3ce35a787c89faad29']");
+    assert.equal(
+      find(".poll-container .alert").text(),
+      I18n.t("poll.results.groups.title", { groups: "foo" })
+    );
+    assert.equal(requests, 0);
+    assert.equal(find(".chosen").length, 0);
+  }
+});