From 95be7f494012e47c8281be969693e88919d933f9 Mon Sep 17 00:00:00 2001 From: Amanda Alves Branquinho <amanda@discourse.org> Date: Thu, 11 Jul 2024 22:16:15 -0300 Subject: [PATCH] Backport changes from PR #27811 (#27874) --- config/routes.rb | 2 +- spec/requests/posts_controller_spec.rb | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/config/routes.rb b/config/routes.rb index 51ee33f4428..c176e7df81e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1094,7 +1094,7 @@ Discourse::Application.routes.draw do delete "admin/groups/:id/members" => "groups#remove_member", :constraints => AdminConstraint.new put "admin/groups/:id/members" => "groups#add_members", :constraints => AdminConstraint.new - resources :posts, only: %i[show update create destroy] do + resources :posts, only: %i[show update create destroy], defaults: { format: "json" } do delete "bookmark", to: "posts#destroy_bookmark" put "wiki" put "post_type" diff --git a/spec/requests/posts_controller_spec.rb b/spec/requests/posts_controller_spec.rb index 1c228be1360..4baa793ec30 100644 --- a/spec/requests/posts_controller_spec.rb +++ b/spec/requests/posts_controller_spec.rb @@ -643,6 +643,24 @@ RSpec.describe PostsController do expect(post.topic.reload.category_id).not_to eq(category.id) end + describe "trying to add a link without permission" do + it "returns an error message if links are added to posts when not allowed" do + post = create_post + sign_in(post.user) + SiteSetting.post_links_allowed_groups = Group::AUTO_GROUPS[:admins] + + put "/posts/#{post.id}", + params: { + post: { + raw: "I'm editing this post to add www.linkhere.com", + }, + } + + expect(response.status).to eq(422) + expect(response.body).to include("Sorry, you can't include links in your posts.") + end + end + describe "with Post.plugin_permitted_update_params" do before do plugin = Plugin::Instance.new