From d320f4840d2b6803e0290d2ea8052e064d78c1a7 Mon Sep 17 00:00:00 2001 From: Guo Xiang Tan Date: Fri, 3 Nov 2017 21:39:55 +0800 Subject: [PATCH] FIX: Unable to invite groups that are not public visible into pms. https://meta.discourse.org/t/inviting-groups-broken-in-head/73346/6 --- app/controllers/users_controller.rb | 12 ++++++-- app/models/group.rb | 10 ++----- spec/requests/users_controller_spec.rb | 41 ++++++++++++++++++++++++-- 3 files changed, 50 insertions(+), 13 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index bec832bdbd4..ad304f72a63 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -719,9 +719,15 @@ class UsersController < ApplicationController end end - if groups || params[:include_groups] == "true" - to_render[:groups] = Group.search_groups(term, groups: groups) - .map { |m| { name: m.name, full_name: m.full_name } } + include_groups = params[:include_groups] == "true" + + if include_groups || groups + groups = Group.search_groups(term, groups: groups) + groups = groups.where(visibility_level: Group.visibility_levels[:public]) if include_groups + + to_render[:groups] = groups.map do |m| + { name: m.name, full_name: m.full_name } + end end render json: to_render diff --git a/app/models/group.rb b/app/models/group.rb index 226b0555b04..81c939fabc4 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -370,13 +370,9 @@ class Group < ActiveRecord::Base end def self.search_groups(name, groups: nil) - query = groups || Group - - query - .where(visibility_level: visibility_levels[:public]) - .where( - "name ILIKE :term_like OR full_name ILIKE :term_like", term_like: "%#{name}%" - ) + (groups || Group).where( + "name ILIKE :term_like OR full_name ILIKE :term_like", term_like: "%#{name}%" + ) end def self.lookup_group(name) diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 002d3cc5b20..3b92888b329 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -167,14 +167,45 @@ RSpec.describe UsersController do end context 'groups' do - let!(:mentionable_group) { Fabricate(:group, mentionable_level: 99, messageable_level: 0) } - let!(:messageable_group) { Fabricate(:group, mentionable_level: 0, messageable_level: 99) } + let!(:mentionable_group) do + Fabricate(:group, + mentionable_level: 99, + messageable_level: 0, + visibility_level: 0 + ) + end + + let!(:mentionable_group_2) do + Fabricate(:group, + mentionable_level: 99, + messageable_level: 0, + visibility_level: 1 + ) + end + + let!(:messageable_group) do + Fabricate(:group, + mentionable_level: 0, + messageable_level: 99 + ) + end describe 'when signed in' do before do sign_in(user) end + it "only returns visible groups" do + get "/u/search/users.json", params: { include_groups: "true" } + + expect(response).to be_success + + groups = JSON.parse(response.body)["groups"] + + expect(groups.map { |group| group['name'] }) + .to_not include(mentionable_group_2.name) + end + it "doesn't search for groups" do get "/u/search/users.json", params: { include_mentionable_groups: 'false', @@ -202,7 +233,11 @@ RSpec.describe UsersController do } expect(response).to be_success - expect(JSON.parse(response.body)["groups"].first['name']).to eq(mentionable_group.name) + + groups = JSON.parse(response.body)["groups"] + + expect(groups.map { |group| group['name'] }) + .to eq([mentionable_group.name, mentionable_group_2.name]) end end