Add specs for post action guardian

This commit is contained in:
James Kiesel 2015-12-30 20:52:36 +01:00
parent a559754db3
commit 6ceb108946
4 changed files with 32 additions and 2 deletions

View File

@ -247,7 +247,7 @@ module Email
def create_post_action(email_log, type) def create_post_action(email_log, type)
PostActionCreator.new(email_log.user, email_log.post).perform(type) PostActionCreator.new(email_log.user, email_log.post).perform(type)
rescue PostAction::AlreadyActed => e rescue Discourse::InvalidAccess, PostAction::AlreadyActed => e
raise InvalidPostAction.new(e) raise InvalidPostAction.new(e)
end end

View File

@ -7,7 +7,7 @@ class PostActionCreator
end end
def perform(action) def perform(action)
guardian.ensure_post_can_act!(@post, action, taken_actions: PostAction.counts_for([@post], @user)[@post.id]) guardian.ensure_post_can_act!(@post, action, taken_actions: PostAction.counts_for([@post].compact, @user)[@post.try(:id)])
PostAction.act(@user, @post, action) PostAction.act(@user, @post, action)
end end

View File

@ -364,6 +364,14 @@ This is a link http://example.com"
expect(PostAction.count).to eq before_count expect(PostAction.count).to eq before_count
expect(replied_user_like).to be_present expect(replied_user_like).to be_present
end end
it "does not allow unauthorized happiness" do
post.trash!
before_count = PostAction.count
expect { receiver.process }.to raise_error(Email::Receiver::InvalidPostAction)
expect(PostAction.count).to eq before_count
expect(replied_user_like).to_not be_present
end
end end
describe "like.eml" do describe "like.eml" do

View File

@ -0,0 +1,22 @@
require 'rails_helper'
require 'post_action_creator'
describe PostCreator do
let(:user) { Fabricate(:user) }
let(:post) { Fabricate(:post) }
let(:group) { Fabricate(:group) }
let(:like_type_id) { PostActionType.types[:like] }
describe 'perform' do
it 'creates a post action' do
expect { PostActionCreator.new(user, post).perform(like_type_id) }.to change { PostAction.count }.by(1)
expect(PostAction.find_by(user: user, post: post, post_action_type_id: like_type_id)).to be_present
end
it 'does not create an invalid post action' do
expect { PostActionCreator.new(user, nil).perform(like_type_id) }.to raise_error(Discourse::InvalidAccess)
end
end
end