FIX: Ensure `username` param is valid in `NotificationsController`.
This commit is contained in:
parent
fad04aad6c
commit
9663a74445
|
@ -5,8 +5,14 @@ class NotificationsController < ApplicationController
|
|||
before_filter :ensure_logged_in
|
||||
|
||||
def index
|
||||
user = current_user
|
||||
user = User.find_by_username(params[:username].to_s) if params[:username]
|
||||
user =
|
||||
if params[:username] && !params[:recent]
|
||||
user_record = User.find_by(username: params[:username].to_s)
|
||||
raise Discourse::InvalidParameters.new(:username) if !user_record
|
||||
user_record
|
||||
else
|
||||
current_user
|
||||
end
|
||||
|
||||
guardian.ensure_can_see_notifications!(user)
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ describe NotificationsController do
|
|||
context 'when logged in' do
|
||||
let!(:user) { log_in }
|
||||
|
||||
describe '#index' do
|
||||
it 'should succeed for recent' do
|
||||
xhr :get, :index, recent: true
|
||||
expect(response).to be_success
|
||||
|
@ -15,11 +16,6 @@ describe NotificationsController do
|
|||
expect(response).to be_success
|
||||
end
|
||||
|
||||
it 'should succeed' do
|
||||
xhr :put, :mark_read
|
||||
expect(response).to be_success
|
||||
end
|
||||
|
||||
it 'should mark notifications as viewed' do
|
||||
notification = Fabricate(:notification, user: user)
|
||||
expect(user.reload.unread_notifications).to eq(1)
|
||||
|
@ -38,6 +34,19 @@ describe NotificationsController do
|
|||
expect(user.reload.total_unread_notifications).to eq(1)
|
||||
end
|
||||
|
||||
context 'when username params is not valid' do
|
||||
it 'should raise the right error' do
|
||||
expect { xhr :get, :index, username: 'somedude' }
|
||||
.to raise_error(Discourse::InvalidParameters)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'should succeed' do
|
||||
xhr :put, :mark_read
|
||||
expect(response).to be_success
|
||||
end
|
||||
|
||||
it "can update a single notification" do
|
||||
notification = Fabricate(:notification, user: user)
|
||||
notification2 = Fabricate(:notification, user: user)
|
||||
|
|
Loading…
Reference in New Issue