FIX: check for inviter group permissions at the time of redeeming invite
This commit is contained in:
Arpit Jalan
parent
402b80f306
commit
a94387c088
|
|
@ -128,10 +128,14 @@ InviteRedeemer = Struct.new(:invite, :email, :username, :name, :password, :user_
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_user_to_groups
|
def add_user_to_groups
|
||||||
|
guardian = Guardian.new(invite.invited_by)
|
||||||
new_group_ids = invite.groups.pluck(:id) - invited_user.group_users.pluck(:group_id)
|
new_group_ids = invite.groups.pluck(:id) - invited_user.group_users.pluck(:group_id)
|
||||||
new_group_ids.each do |id|
|
new_group_ids.each do |id|
|
||||||
invited_user.group_users.create!(group_id: id)
|
group = Group.find_by(id: id)
|
||||||
DiscourseEvent.trigger(:user_added_to_group, invited_user, Group.find_by(id: id), automatic: false)
|
if guardian.can_edit_group?(group)
|
||||||
|
invited_user.group_users.create!(group_id: group.id)
|
||||||
|
DiscourseEvent.trigger(:user_added_to_group, invited_user, group, automatic: false)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -144,9 +144,19 @@ describe InviteRedeemer do
|
||||||
expect(user.custom_fields["user_field_#{optional_field.id}"]).to eq('value2')
|
expect(user.custom_fields["user_field_#{optional_field.id}"]).to eq('value2')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "does not add user to group if inviter does not have permissions" do
|
||||||
|
group = Fabricate(:group, grant_trust_level: 2)
|
||||||
|
InvitedGroup.create(group_id: group.id, invite_id: invite.id)
|
||||||
|
user = InviteRedeemer.new(invite: invite, email: invite.email, username: username, name: name, password: password).redeem
|
||||||
|
|
||||||
|
expect(user.group_users.count).to eq(0)
|
||||||
|
end
|
||||||
|
|
||||||
it "adds user to group" do
|
it "adds user to group" do
|
||||||
group = Fabricate(:group, grant_trust_level: 2)
|
group = Fabricate(:group, grant_trust_level: 2)
|
||||||
InvitedGroup.create(group_id: group.id, invite_id: invite.id)
|
InvitedGroup.create(group_id: group.id, invite_id: invite.id)
|
||||||
|
group.add_owner(invite.invited_by)
|
||||||
|
|
||||||
user = InviteRedeemer.new(invite: invite, email: invite.email, username: username, name: name, password: password).redeem
|
user = InviteRedeemer.new(invite: invite, email: invite.email, username: username, name: name, password: password).redeem
|
||||||
|
|
||||||
expect(user.group_users.count).to eq(4)
|
expect(user.group_users.count).to eq(4)
|
||||||
|
|
|
||||||
|
|
@ -306,6 +306,7 @@ describe Invite do
|
||||||
context "when inviting to groups" do
|
context "when inviting to groups" do
|
||||||
it "add the user to the correct groups" do
|
it "add the user to the correct groups" do
|
||||||
group = Fabricate(:group)
|
group = Fabricate(:group)
|
||||||
|
group.add_owner(invite.invited_by)
|
||||||
invite.invited_groups.build(group_id: group.id)
|
invite.invited_groups.build(group_id: group.id)
|
||||||
invite.save
|
invite.save
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue