FIX: hides votes from regular users when poll is staff only (#11342)
This commit is contained in:
parent
a6613d15f4
commit
ad1a10e6e9
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class PollOptionSerializer < ApplicationSerializer
|
class PollOptionSerializer < ApplicationSerializer
|
||||||
|
|
||||||
attributes :id, :html, :votes
|
attributes :id, :html, :votes
|
||||||
|
|
||||||
def id
|
def id
|
||||||
|
@ -13,4 +12,7 @@ class PollOptionSerializer < ApplicationSerializer
|
||||||
object.poll_votes.size + object.anonymous_votes.to_i
|
object.poll_votes.size + object.anonymous_votes.to_i
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def include_votes?
|
||||||
|
scope[:can_see_results]
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -42,7 +42,15 @@ class PollSerializer < ApplicationSerializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def options
|
def options
|
||||||
object.poll_options.map { |o| PollOptionSerializer.new(o, root: false).as_json }
|
can_see_results = object.can_see_results?(scope.user)
|
||||||
|
|
||||||
|
object.poll_options.map do |option|
|
||||||
|
PollOptionSerializer.new(
|
||||||
|
option,
|
||||||
|
root: false,
|
||||||
|
scope: { can_see_results: can_see_results }
|
||||||
|
).as_json
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def voters
|
def voters
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
def serialize_option(option, user)
|
||||||
|
PollOptionSerializer.new(
|
||||||
|
option,
|
||||||
|
root: false,
|
||||||
|
scope: { can_see_results: poll.can_see_results?(user) }
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
describe PollOptionSerializer do
|
||||||
|
let(:voter) { Fabricate(:user) }
|
||||||
|
let(:poll) { post.polls.first }
|
||||||
|
|
||||||
|
before do
|
||||||
|
poll.poll_votes.create!(poll_option_id: poll.poll_options.first.id, user_id: voter.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'poll results are public' do
|
||||||
|
let(:post) { Fabricate(:post, raw: "[poll]\n- A\n- B\n[/poll]") }
|
||||||
|
|
||||||
|
context 'user is not staff' do
|
||||||
|
let(:user) { Fabricate(:user) }
|
||||||
|
|
||||||
|
it 'include votes' do
|
||||||
|
serializer = serialize_option(poll.poll_options.first, user)
|
||||||
|
|
||||||
|
expect(serializer.include_votes?).to eq(true)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'poll results are staff only' do
|
||||||
|
let(:post) { Fabricate(:post, raw: "[poll results=staff_only]\n- A\n- B\n[/poll]") }
|
||||||
|
|
||||||
|
context 'user is not staff' do
|
||||||
|
let(:user) { Fabricate(:user) }
|
||||||
|
|
||||||
|
it 'doesn’t include votes' do
|
||||||
|
serializer = serialize_option(poll.poll_options.first, user)
|
||||||
|
|
||||||
|
expect(serializer.include_votes?).to eq(false)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'user staff' do
|
||||||
|
let(:admin) { Fabricate(:admin) }
|
||||||
|
|
||||||
|
it 'includes votes' do
|
||||||
|
serializer = serialize_option(poll.poll_options.first, admin)
|
||||||
|
|
||||||
|
expect(serializer.include_votes?).to eq(true)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue