Merge pull request #5923 from techAPJ/group-messageable

FIX: do not verify group visibility when checking for mentionable/messageable
This commit is contained in:
Arpit Jalan 2018-06-06 06:45:22 +05:30 committed by GitHub
commit ccbaa719ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 7 deletions

View File

@ -282,7 +282,7 @@ class GroupsController < ApplicationController
end
def mentionable
group = find_group(:name)
group = find_group(:name, ensure_can_see: false)
if group
render json: { mentionable: Group.mentionable(current_user).where(id: group.id).present? }
@ -292,7 +292,7 @@ class GroupsController < ApplicationController
end
def messageable
group = find_group(:name)
group = find_group(:name, ensure_can_see: false)
if group
render json: { messageable: Group.messageable(current_user).where(id: group.id).present? }
@ -468,12 +468,11 @@ class GroupsController < ApplicationController
params.require(:group).permit(*permitted_params)
end
def find_group(param_name)
def find_group(param_name, ensure_can_see: true)
name = params.require(param_name)
group = Group
group = group.find_by("lower(name) = ?", name.downcase)
guardian.ensure_can_see!(group)
guardian.ensure_can_see!(group) if ensure_can_see
group
end
end

View File

@ -383,13 +383,12 @@ describe GroupsController do
group.update_attributes!(name: 'test')
get "/groups/test/mentionable.json", params: { name: group.name }
expect(response).to be_success
response_body = JSON.parse(response.body)
expect(response_body["mentionable"]).to eq(false)
group.update_attributes!(mentionable_level: Group::ALIAS_LEVELS[:everyone])
group.update_attributes!(mentionable_level: Group::ALIAS_LEVELS[:everyone], visibility_level: Group.visibility_levels[:staff])
get "/groups/test/mentionable.json", params: { name: group.name }
expect(response).to be_success
@ -399,6 +398,27 @@ describe GroupsController do
end
end
describe '#messageable' do
it "should return the right response" do
sign_in(user)
group.update_attributes!(name: 'test')
get "/groups/test/messageable.json", params: { name: group.name }
expect(response).to be_success
response_body = JSON.parse(response.body)
expect(response_body["messageable"]).to eq(false)
group.update_attributes!(messageable_level: Group::ALIAS_LEVELS[:everyone], visibility_level: Group.visibility_levels[:staff])
get "/groups/test/messageable.json", params: { name: group.name }
expect(response).to be_success
response_body = JSON.parse(response.body)
expect(response_body["messageable"]).to eq(true)
end
end
describe '#update' do
let(:group) do
Fabricate(:group,