From 83e46cc3027e6d20abdc5553f49a90a3b7a1ff4c Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Fri, 17 Jun 2016 14:14:52 -0400 Subject: [PATCH] FIX: Restrict changing ownership to one topic --- app/services/post_owner_changer.rb | 3 ++- spec/services/post_owner_changer_spec.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/app/services/post_owner_changer.rb b/app/services/post_owner_changer.rb index c7aa0b7511f..bc5649a21d5 100644 --- a/app/services/post_owner_changer.rb +++ b/app/services/post_owner_changer.rb @@ -12,7 +12,8 @@ class PostOwnerChanger def change_owner! ActiveRecord::Base.transaction do @post_ids.each do |post_id| - post = Post.with_deleted.find(post_id) + post = Post.with_deleted.where(id: post_id, topic_id: @topic.id).first + next if post.blank? @topic.user = @new_owner if post.is_first_post? if post.user == nil diff --git a/spec/services/post_owner_changer_spec.rb b/spec/services/post_owner_changer_spec.rb index 290e224a754..9cb09f6af1e 100644 --- a/spec/services/post_owner_changer_spec.rb +++ b/spec/services/post_owner_changer_spec.rb @@ -7,6 +7,7 @@ describe PostOwnerChanger do let(:user_a) { Fabricate(:user) } let(:p1) { Fabricate(:post, topic_id: topic.id) } let(:p2) { Fabricate(:post, topic_id: topic.id) } + let(:p3) { Fabricate(:post) } it "raises an error with a parameter missing" do expect { @@ -41,6 +42,15 @@ describe PostOwnerChanger do expect(p1.user).to eq(p2.user) end + it "ignores posts in other topics" do + described_class.new(post_ids: [p1.id, p3.id], topic_id: topic.id, new_owner: user_a, acting_user: editor).change_owner! + p1.reload; p3.reload + expect(p1.user).to eq(user_a) + + expect(p3.topic_id).not_to eq(p1.topic_id) + expect(p2.user).not_to eq(user_a) + end + context "integration tests" do let(:p1user) { p1.user } let(:p2user) { p2.user }