work in progress, add fidelity to category group permissions (full, create posts, readonly)

This commit is contained in:
Sam 2013-07-14 11:24:16 +10:00
parent 8d947535a8
commit ecf17cfebb
38 changed files with 349 additions and 126 deletions

View File

@ -101,14 +101,12 @@ Discourse.EditCategoryController = Discourse.ObjectController.extend(Discourse.M
return false; return false;
}, },
addGroup: function(){ addPermission: function(group, permission_id){
this.get('model').addGroup(this.get("selectedGroup")); this.get('model').addPermission({group_name: group + "", permission: Discourse.PermissionType.create({id: permission_id})});
}, },
removeGroup: function(group){ removePermission: function(permission){
// OBVIOUS, Ember treats this as Ember.String, we need a real string here this.get('model').removePermission(permission);
group = group + "";
this.get('model').removeGroup(group);
}, },
saveCategory: function() { saveCategory: function() {

View File

@ -11,9 +11,21 @@ Discourse.Category = Discourse.Model.extend({
init: function() { init: function() {
this._super(); this._super();
this.set("availableGroups", Em.A(this.get("available_groups"))); this.set("availableGroups", Em.A(this.get("available_groups")));
this.set("groups", Em.A(this.groups)); this.set("permissions", Em.A(_.map(this.group_permissions, function(elem){
return {
group_name: elem.group_name,
permission: Discourse.PermissionType.create({id: elem.permission_type})
};
})));
}, },
availablePermissions: function(){
return [ Discourse.PermissionType.create({id: Discourse.PermissionType.FULL}),
Discourse.PermissionType.create({id: Discourse.PermissionType.CREATE_POST}),
Discourse.PermissionType.create({id: Discourse.PermissionType.READONLY})
];
}.property(),
searchContext: function() { searchContext: function() {
return ({ type: 'category', id: this.get('id'), category: this }); return ({ type: 'category', id: this.get('id'), category: this });
}.property('id'), }.property('id'),
@ -37,15 +49,20 @@ Discourse.Category = Discourse.Model.extend({
} }
return Discourse.ajax(url, { return Discourse.ajax(url, {
data: { contentType: 'application/json',
dataType: 'json',
data: JSON.stringify({
name: this.get('name'), name: this.get('name'),
color: this.get('color'), color: this.get('color'),
text_color: this.get('text_color'), text_color: this.get('text_color'),
hotness: this.get('hotness'), hotness: this.get('hotness'),
secure: this.get('secure'), secure: this.get('secure'),
group_names: this.get('groups').join(","), permissions: _.map(
this.get('permissions'), function(p){
return { group_name: p.group_name, permission_type: p.permission.id};
}),
auto_close_days: this.get('auto_close_days') auto_close_days: this.get('auto_close_days')
}, }),
type: this.get('id') ? 'PUT' : 'POST' type: this.get('id') ? 'PUT' : 'POST'
}); });
}, },
@ -54,22 +71,30 @@ Discourse.Category = Discourse.Model.extend({
return Discourse.ajax("/categories/" + (this.get('slug') || this.get('id')), { type: 'DELETE' }); return Discourse.ajax("/categories/" + (this.get('slug') || this.get('id')), { type: 'DELETE' });
}, },
addGroup: function(group){ addPermission: function(permission){
this.get("groups").addObject(group); this.get("permissions").addObject(permission);
this.get("availableGroups").removeObject(group); this.get("availableGroups").removeObject(permission.group_name);
}, },
removeGroup: function(group){ removePermission: function(permission){
this.get("groups").removeObject(group); this.get("permissions").removeObject(permission);
this.get("availableGroups").addObject(group); this.get("availableGroups").addObject(permission.group_name);
}, },
// note, this is used in a data attribute, data attributes get downcased // note, this is used in a data attribute, data attributes get downcased
// to avoid confusion later on using this naming here. // to avoid confusion later on using this naming here.
description_text: function(){ description_text: function(){
return $("<div>" + this.get("description") + "</div>").text(); return $("<div>" + this.get("description") + "</div>").text();
}.property("description") }.property("description"),
permissions: function(){
return Em.A([
{group_name: "everyone", permission: Discourse.PermissionType.create({id: 1})},
{group_name: "admins", permission: Discourse.PermissionType.create({id: 2}) },
{group_name: "crap", permission: Discourse.PermissionType.create({id: 3}) }
]);
}.property()
}); });

View File

@ -0,0 +1,23 @@
Discourse.PermissionType = Discourse.Model.extend({
description: function(){
var key = "";
switch(this.get("id")){
case 1:
key = "full";
break;
case 2:
key = "create_post";
break;
case 3:
key = "readonly";
break;
}
return I18n.t("permission_types." + key);
}.property("id")
});
Discourse.PermissionType.FULL = 1;
Discourse.PermissionType.CREATE_POST = 2;
Discourse.PermissionType.READONLY = 3;

View File

@ -60,25 +60,18 @@
{{#unless isUncategorized}} {{#unless isUncategorized}}
<div {{bindAttr class=":modal-tab :options-tab securitySelected::invisible"}}> <div {{bindAttr class=":modal-tab :options-tab securitySelected::invisible"}}>
<section class='field'> <section class='field'>
<label> <ul>
{{input type="checkbox" checked=secure}} {{#each permissions}}
{{i18n category.is_secure}} <li>
</label> <span class="badge-group">{{group_name}}</span>
{{#if secure}} <span class="permission">{{permission.description}}</span>
<div class="secure-category-options"> <a {{action removePermission this}}><i class="icon icon-remove-sign"></i></a>
<label>{{i18n category.allowed_groups}}</label>
<ul class="badge-list">
{{#each groups}}
<li class="badge-group">
{{this}}
<a {{action removeGroup this}}><i class="icon icon-remove-sign"></i></a>
</li> </li>
{{/each}} {{/each}}
</ul> </ul>
{{view Ember.Select contentBinding="availableGroups" valueBinding="selectedGroup"}} {{view Ember.Select contentBinding="availableGroups" valueBinding="selectedGroup"}}
<button {{action addGroup}} class="btn btn-small">{{i18n category.add_group}}</button> {{view Ember.Select optionValuePath="content.id" optionLabelPath="content.description" contentBinding="availablePermissions" valueBinding="selectedPermission"}}
</div> <button {{action addPermission selectedGroup selectedPermission}} class="btn btn-small">{{i18n category.add_group}}</button>
{{/if}}
</section> </section>
</div> </div>
<div {{bindAttr class=":modal-tab :options-tab settingsSelected::invisible"}}> <div {{bindAttr class=":modal-tab :options-tab settingsSelected::invisible"}}>

View File

@ -102,7 +102,7 @@ class ApplicationController < ActionController::Base
guardian.current_user.sync_notification_channel_position guardian.current_user.sync_notification_channel_position
end end
store_preloaded("site", Site.cached_json(current_user)) store_preloaded("site", Site.cached_json(guardian))
if current_user.present? if current_user.present?
store_preloaded("currentUser", MultiJson.dump(CurrentUserSerializer.new(current_user, root: false))) store_preloaded("currentUser", MultiJson.dump(CurrentUserSerializer.new(current_user, root: false)))

View File

@ -53,7 +53,7 @@ class CategoriesController < ApplicationController
end end
def category_param_keys def category_param_keys
[required_param_keys, :hotness, :secure, :group_names, :auto_close_days].flatten! [required_param_keys, :hotness, :read_restricted, :permissions, :auto_close_days].flatten!
end end
def category_params def category_params

View File

@ -22,6 +22,7 @@ class Category < ActiveRecord::Base
before_validation :ensure_slug before_validation :ensure_slug
after_save :invalidate_site_cache after_save :invalidate_site_cache
before_save :apply_permissions
after_create :create_category_definition after_create :create_category_definition
after_create :publish_categories_list after_create :publish_categories_list
after_destroy :invalidate_site_cache after_destroy :invalidate_site_cache
@ -34,16 +35,49 @@ class Category < ActiveRecord::Base
scope :secured, ->(guardian = nil) { scope :secured, ->(guardian = nil) {
ids = guardian.secure_category_ids if guardian ids = guardian.secure_category_ids if guardian
if ids.present? if ids.present?
where("NOT categories.secure or categories.id in (:cats)", cats: ids) where("NOT categories.read_restricted or categories.id in (:cats)", cats: ids)
else else
where("NOT categories.secure") where("NOT categories.read_restricted")
end end
} }
scope :topic_create_allowed, ->(guardian) {
scoped_to_permissions(guardian, [:full])
}
scope :post_create_allowed, ->(guardian) {
scoped_to_permissions(guardian, [:create_post, :full])
}
delegate :post_template, to: 'self.class' delegate :post_template, to: 'self.class'
attr_accessor :displayable_topics attr_accessor :displayable_topics
def self.scoped_to_permissions(guardian, permission_types)
if guardian && guardian.is_staff?
scoped
else
permission_types = permission_types.map{ |permission_type|
CategoryGroup.permission_types[permission_type]
}
where("categories.id in (
SELECT c.id FROM categories c
WHERE (
NOT c.read_restricted AND
NOT EXISTS(
SELECT 1 FROM category_groups cg WHERE cg.category_id = categories.id )
) OR EXISTS(
SELECT 1 FROM category_groups cg
WHERE permission_type in (?) AND
cg.category_id = categories.id AND
group_id IN (
SELECT g.group_id FROM group_users g where g.user_id = ?
)
)
)", permission_types,(!guardian || guardian.user.blank?) ? -1 : guardian.user.id)
end
end
# Internal: Update category stats: # of topics in past year, month, week for # Internal: Update category stats: # of topics in past year, month, week for
# all categories. # all categories.
def self.update_stats def self.update_stats
@ -119,28 +153,65 @@ class Category < ActiveRecord::Base
end end
end end
def deny(group) # will reset permission on a topic to a particular
if group == :all # set.
self.secure = true #
end # Available permissions are, :full, :create_post, :readonly
# hash can be:
#
# :everyone => :full - everyone has everything
# :everyone => :readonly, :staff => :full
# 7 => 1 # you can pass a group_id and permission id
def set_permissions(permissions)
self.read_restricted, @permissions = Category.resolve_permissions(permissions)
# Ideally we can just call .clear here, but it runs SQL, we only want to run it
# on save.
end end
def allow(group) def apply_permissions
if group == :all if @permissions
self.secure = false category_groups.destroy_all
# this is kind of annoying, there should be a clean way of queuing this stuff @permissions.each do |group_id, permission_type|
category_groups.destroy_all unless new_record? category_groups.build(group_id: group_id, permission_type: permission_type)
else end
groups.push(group) @permissions = nil
end end
end end
def secure_group_ids def secure_group_ids
if self.secure if self.read_restricted?
groups.pluck("groups.id") groups.pluck("groups.id")
end end
end end
def self.resolve_permissions(permissions)
read_restricted = true
everyone = Group::AUTO_GROUPS[:everyone]
full = CategoryGroup.permission_types[:full]
mapped = permissions.map do |group,permission|
group = group.id if Group === group
# subtle, using Group[] ensures the group exists in the DB
group = Group[group].id unless Fixnum === group
permission = CategoryGroup.permission_types[permission] unless Fixnum === permission
[group, permission]
end
mapped.each do |group, permission|
if group == everyone && permission == full
return [false, []]
end
read_restricted = false if group == everyone
end
[read_restricted, mapped]
end
end end
# == Schema Information # == Schema Information
@ -162,7 +233,7 @@ end
# description :text # description :text
# text_color :string(6) default("FFFFFF"), not null # text_color :string(6) default("FFFFFF"), not null
# hotness :float default(5.0), not null # hotness :float default(5.0), not null
# secure :boolean default(FALSE), not null # read_restricted :boolean default(FALSE), not null
# auto_close_days :float # auto_close_days :float
# #
# Indexes # Indexes

View File

@ -1,6 +1,11 @@
class CategoryGroup < ActiveRecord::Base class CategoryGroup < ActiveRecord::Base
belongs_to :category belongs_to :category
belongs_to :group belongs_to :group
def self.permission_types
@permission_types ||= Enum.new(:full, :create_post, :readonly)
end
end end
# == Schema Information # == Schema Information
@ -12,5 +17,6 @@ end
# group_id :integer not null # group_id :integer not null
# created_at :datetime not null # created_at :datetime not null
# updated_at :datetime not null # updated_at :datetime not null
# permission_type :integer default(1)
# #

View File

@ -10,6 +10,7 @@ class Group < ActiveRecord::Base
validate :name_format_validator validate :name_format_validator
AUTO_GROUPS = { AUTO_GROUPS = {
:everyone => 0,
:admins => 1, :admins => 1,
:moderators => 2, :moderators => 2,
:staff => 3, :staff => 3,
@ -34,6 +35,10 @@ class Group < ActiveRecord::Base
group.save! group.save!
end end
# the everyone group is special, it can include non-users so there is no
# way to have the membership in a table
return group if name == :everyone
group.name = I18n.t("groups.default_names.#{name}") group.name = I18n.t("groups.default_names.#{name}")
# don't allow shoddy localization to break this # don't allow shoddy localization to break this

View File

@ -59,6 +59,7 @@ end
# created_at :datetime not null # created_at :datetime not null
# updated_at :datetime not null # updated_at :datetime not null
# deleted_at :datetime # deleted_at :datetime
# deleted_by_id :integer
# #
# Indexes # Indexes
# #

View File

@ -412,6 +412,8 @@ end
# percent_rank :float default(1.0) # percent_rank :float default(1.0)
# notify_user_count :integer default(0), not null # notify_user_count :integer default(0), not null
# like_score :integer default(0), not null # like_score :integer default(0), not null
# deleted_by_id :integer
# nuked_user :boolean default(FALSE)
# #
# Indexes # Indexes
# #

View File

@ -27,7 +27,7 @@ class Site
def categories def categories
Category Category
.secured(@guardian) .topic_create_allowed(@guardian)
.latest .latest
.includes(:topic_only_relative_url) .includes(:topic_only_relative_url)
end end

View File

@ -103,9 +103,9 @@ class Topic < ActiveRecord::Base
# Query conditions # Query conditions
condition = condition =
if ids.present? if ids.present?
["NOT c.secure or c.id in (:cats)", cats: ids] ["NOT c.read_restricted or c.id in (:cats)", cats: ids]
else else
["NOT c.secure"] ["NOT c.read_restricted"]
end end
where("category_id IS NULL OR category_id IN ( where("category_id IS NULL OR category_id IN (
@ -629,8 +629,8 @@ class Topic < ActiveRecord::Base
self self
end end
def secure_category? def read_restricted_category?
category && category.secure category && category.read_restricted
end end
private private
@ -692,6 +692,7 @@ end
# auto_close_at :datetime # auto_close_at :datetime
# auto_close_user_id :integer # auto_close_user_id :integer
# auto_close_started_at :datetime # auto_close_started_at :datetime
# deleted_by_id :integer
# #
# Indexes # Indexes
# #

View File

@ -113,11 +113,11 @@ class TopicTrackingState
((#{unread}) OR (#{new})) AND ((#{unread}) OR (#{new})) AND
(topics.visible OR u.admin OR u.moderator) AND (topics.visible OR u.admin OR u.moderator) AND
topics.deleted_at IS NULL AND topics.deleted_at IS NULL AND
( category_id IS NULL OR NOT c.secure OR category_id IN ( ( category_id IS NULL OR NOT c.read_restricted OR category_id IN (
SELECT c2.id FROM categories c2 SELECT c2.id FROM categories c2
JOIN category_groups cg ON cg.category_id = c2.id JOIN category_groups cg ON cg.category_id = c2.id
JOIN group_users gu ON gu.user_id = u.id AND cg.group_id = gu.group_id JOIN group_users gu ON gu.user_id = u.id AND cg.group_id = gu.group_id
WHERE c2.secure ) WHERE c2.read_restricted )
) )
SQL SQL

View File

@ -486,10 +486,14 @@ class User < ActiveRecord::Base
end end
def secure_category_ids def secure_category_ids
cats = self.staff? ? Category.select(:id).where(secure: true) : secure_categories.select('categories.id') cats = self.staff? ? Category.select(:id).where(read_restricted: true) : secure_categories.select('categories.id')
cats.map { |c| c.id }.sort cats.map { |c| c.id }.sort
end end
def topic_create_allowed_category_ids
Category.topic_create_allowed(self.id).select(:id)
end
# Flag all posts from a user as spam # Flag all posts from a user as spam
def flag_linked_posts_as_spam def flag_linked_posts_as_spam
admin = Discourse.system_user admin = Discourse.system_user
@ -660,6 +664,7 @@ end
# topic_reply_count :integer default(0), not null # topic_reply_count :integer default(0), not null
# blocked :boolean default(FALSE) # blocked :boolean default(FALSE)
# dynamic_favicon :boolean default(FALSE), not null # dynamic_favicon :boolean default(FALSE), not null
# title :string(255)
# #
# Indexes # Indexes
# #

View File

@ -179,7 +179,7 @@ ORDER BY p.created_at desc
# move into Topic perhaps # move into Topic perhaps
group_ids = nil group_ids = nil
if topic && topic.category && topic.category.secure if topic && topic.category && topic.category.read_restricted
group_ids = topic.category.groups.pluck("groups.id") group_ids = topic.category.groups.pluck("groups.id")
end end
@ -232,11 +232,11 @@ ORDER BY p.created_at desc
unless guardian.is_staff? unless guardian.is_staff?
allowed = guardian.secure_category_ids allowed = guardian.secure_category_ids
if allowed.present? if allowed.present?
builder.where("( c.secure IS NULL OR builder.where("( c.read_restricted IS NULL OR
c.secure = 'f' OR NOT c.read_restricted OR
(c.secure = 't' and c.id in (:cats)) )", cats: guardian.secure_category_ids ) (c.read_restricted and c.id in (:cats)) )", cats: guardian.secure_category_ids )
else else
builder.where("(c.secure IS NULL OR c.secure = 'f')") builder.where("(c.read_restricted IS NULL OR NOT c.read_restricted)")
end end
end end
end end

View File

@ -9,6 +9,6 @@ class BasicCategorySerializer < ApplicationSerializer
:description, :description,
:topic_url, :topic_url,
:hotness, :hotness,
:secure :read_restricted
end end

View File

@ -1,13 +1,24 @@
class CategorySerializer < BasicCategorySerializer class CategorySerializer < BasicCategorySerializer
attributes :secure, :groups, :available_groups, :auto_close_days attributes :read_restricted, :groups, :available_groups, :auto_close_days, :group_permissions
def groups def group_permissions
@groups ||= object.groups.order("name").all.map(&:name) @group_permissions ||= begin
perms = object.category_groups.joins(:group).order("groups.name").map do |cg|
{
permission_type: cg.permission_type,
group_name: cg.group.name
}
end
if perms.length == 0 && !object.read_restricted
perms << {permission_type: CategoryGroup.permission_types[:full], group_name: :everyone}
end
perms
end
end end
def available_groups def available_groups
Group.order("name").map(&:name) - groups Group.order("name").pluck(:name) - group_permissions.map{|g| g[:group_name]}
end end
end end

View File

@ -999,6 +999,11 @@ en:
browser_update: 'Unfortunately, <a href="http://www.discourse.org/faq/#browser">your browser is too old to work on this Discourse forum</a>. Please <a href="http://browsehappy.com">upgrade your browser</a>.' browser_update: 'Unfortunately, <a href="http://www.discourse.org/faq/#browser">your browser is too old to work on this Discourse forum</a>. Please <a href="http://browsehappy.com">upgrade your browser</a>.'
permission_types:
full: "Create Topics, Create Posts and Read"
create_post: "Create Posts and Read"
readonly: "Read Only"
# This section is exported to the javascript for i18n in the admin section # This section is exported to the javascript for i18n in the admin section
admin_js: admin_js:
type_to_filter: "type to filter..." type_to_filter: "type to filter..."
@ -1245,3 +1250,4 @@ en:
title: 'Settings' title: 'Settings'
reset: 'reset to default' reset: 'reset to default'
none: 'none' none: 'none'

View File

@ -0,0 +1,9 @@
class AddPermissionTypeToCategoryGroups < ActiveRecord::Migration
def change
# 1 is full permissions
add_column :category_groups, :permission_type, :integer, default: 1
# secure is ambiguous after this change, it should be read_restricted
rename_column :categories, :secure, :read_restricted
end
end

View File

@ -7,6 +7,7 @@ class Guardian
def staff?; false; end def staff?; false; end
def approved?; false; end def approved?; false; end
def secure_category_ids; []; end def secure_category_ids; []; end
def topic_create_allowed_category_ids; []; end
def has_trust_level?(level); false; end def has_trust_level?(level); false; end
end end
@ -328,7 +329,7 @@ class Guardian
topic.deleted_at.nil? && topic.deleted_at.nil? &&
# not secure, or I can see it # not secure, or I can see it
(not(topic.secure_category?) || can_see_category?(topic.category)) && (not(topic.read_restricted_category?) || can_see_category?(topic.category)) &&
# not private, or I am allowed (or an admin) # not private, or I am allowed (or an admin)
(not(topic.private_message?) || authenticated? && (topic.all_allowed_users.where(id: @user.id).exists? || is_admin?)) (not(topic.private_message?) || authenticated? && (topic.all_allowed_users.where(id: @user.id).exists? || is_admin?))
@ -340,7 +341,7 @@ class Guardian
end end
def can_see_category?(category) def can_see_category?(category)
not(category.secure) || secure_category_ids.include?(category.id) not(category.read_restricted) || secure_category_ids.include?(category.id)
end end
def can_vote?(post, opts={}) def can_vote?(post, opts={})
@ -378,6 +379,10 @@ class Guardian
@secure_category_ids ||= @user.secure_category_ids @secure_category_ids ||= @user.secure_category_ids
end end
def topic_create_allowed_category_ids
@topic_create_allowed_category_ids ||= @user.topic_create_allowed_category_ids
end
private private
def is_my_own?(obj) def is_my_own?(obj)

View File

@ -116,7 +116,7 @@ class PostCreator
protected protected
def secure_group_ids(topic) def secure_group_ids(topic)
@secure_group_ids ||= if topic.category && topic.category.secure? @secure_group_ids ||= if topic.category && topic.category.read_restricted?
topic.category.secure_group_ids topic.category.secure_group_ids
end end
end end

View File

@ -160,9 +160,9 @@ class Search
.order("topics.bumped_at DESC") .order("topics.bumped_at DESC")
if secure_category_ids.present? if secure_category_ids.present?
posts = posts.where("(categories.id IS NULL) OR (NOT categories.secure) OR (categories.id IN (?))", secure_category_ids) posts = posts.where("(categories.id IS NULL) OR (NOT categories.read_restricted) OR (categories.id IN (?))", secure_category_ids)
else else
posts = posts.where("(categories.id IS NULL) OR (NOT categories.secure)") posts = posts.where("(categories.id IS NULL) OR (NOT categories.read_restricted)")
end end
posts.limit(limit) posts.limit(limit)
end end

View File

@ -18,9 +18,9 @@ class SqlBuilder
def secure_category(secure_category_ids, category_alias = 'c') def secure_category(secure_category_ids, category_alias = 'c')
if secure_category_ids.present? if secure_category_ids.present?
where("NOT COALESCE(" << category_alias << ".secure, false) OR " << category_alias << ".id IN (:secure_category_ids)", secure_category_ids: secure_category_ids) where("NOT COALESCE(" << category_alias << ".read_restricted, false) OR " << category_alias << ".id IN (:secure_category_ids)", secure_category_ids: secure_category_ids)
else else
where("NOT COALESCE(" << category_alias << ".secure, false)") where("NOT COALESCE(" << category_alias << ".read_restricted, false)")
end end
self self
end end

View File

@ -239,9 +239,9 @@ class TopicQuery
unless @user && @user.moderator? unless @user && @user.moderator?
category_ids = @user.secure_category_ids if @user category_ids = @user.secure_category_ids if @user
if category_ids.present? if category_ids.present?
result = result.where('categories.secure IS NULL OR categories.secure = ? OR categories.id IN (?)', false, category_ids) result = result.where('categories.read_restricted IS NULL OR categories.read_restricted = ? OR categories.id IN (?)', false, category_ids)
else else
result = result.where('categories.secure IS NULL OR categories.secure = ?', false) result = result.where('categories.read_restricted IS NULL OR categories.read_restricted = ?', false)
end end
end end

View File

@ -41,8 +41,7 @@ describe CategoryList do
cat = Fabricate(:category) cat = Fabricate(:category)
topic = Fabricate(:topic, category: cat) topic = Fabricate(:topic, category: cat)
cat.deny(:all) cat.set_permissions(:admins => :full)
cat.allow(Group[:admins])
cat.save cat.save
CategoryList.new(Guardian.new admin).categories.count.should == 1 CategoryList.new(Guardian.new admin).categories.count.should == 1

View File

@ -215,8 +215,9 @@ describe Guardian do
it 'correctly handles groups' do it 'correctly handles groups' do
group = Fabricate(:group) group = Fabricate(:group)
category = Fabricate(:category, secure: true) category = Fabricate(:category, read_restricted: true)
category.allow(group) category.set_permissions(group => :full)
category.save
topic = Fabricate(:topic, category: category) topic = Fabricate(:topic, category: category)

View File

@ -62,8 +62,7 @@ describe PostCreator do
admin = Fabricate(:admin) admin = Fabricate(:admin)
cat = Fabricate(:category) cat = Fabricate(:category)
cat.deny(:all) cat.set_permissions(:admins => :full)
cat.allow(Group[:admins])
cat.save cat.save
created_post = nil created_post = nil

View File

@ -171,8 +171,7 @@ describe Search do
topic.category_id = category.id topic.category_id = category.id
topic.save topic.save
category.deny(:all) category.set_permissions(:staff => :full)
category.allow(Group[:staff])
category.save category.save
result(nil).should_not be_present result(nil).should_not be_present
@ -211,7 +210,7 @@ describe Search do
r[:title].should == category.name r[:title].should == category.name
r[:url].should == "/category/#{category.slug}" r[:url].should == "/category/#{category.slug}"
category.deny(:all) category.set_permissions({})
category.save category.save
result.should_not be_present result.should_not be_present

View File

@ -14,9 +14,8 @@ describe TopicQuery do
context 'secure category' do context 'secure category' do
it "filters categories out correctly" do it "filters categories out correctly" do
category = Fabricate(:category) category = Fabricate(:category)
category.deny(:all)
group = Fabricate(:group) group = Fabricate(:group)
category.allow(group) category.set_permissions(group => :full)
category.save category.save
topic = Fabricate(:topic, category: category) topic = Fabricate(:topic, category: category)

View File

@ -134,11 +134,11 @@ describe CategoriesController do
describe 'success' do describe 'success' do
before do before do
# might as well test this as well # might as well test this while at it
@category.allow(Group[:admins]) @category.set_permissions(:admins => :full)
@category.save @category.save
xhr :put, :update, id: @category.id, name: 'science', color: '000', text_color: '0ff', group_names: Group[:staff].name, secure: 'true' xhr :put, :update, id: @category.id, name: 'science', color: '000', text_color: '0ff', group_names: Group[:staff].name, read_restricted: 'true'
@category.reload @category.reload
end end
@ -146,7 +146,7 @@ describe CategoriesController do
@category.name.should == 'science' @category.name.should == 'science'
@category.color.should == '000' @category.color.should == '000'
@category.text_color.should == '0ff' @category.text_color.should == '0ff'
@category.secure?.should be_true @category.read_restricted?.should be_true
@category.groups.count.should == 1 @category.groups.count.should == 1
end end
end end

View File

@ -15,8 +15,7 @@ describe CategoryFeaturedTopic do
# so much dancing, I am thinking fixures make sense here. # so much dancing, I am thinking fixures make sense here.
user.change_trust_level!(:basic) user.change_trust_level!(:basic)
category.deny(:all) category.set_permissions(:trust_level_1 => :full)
category.allow(Group[:trust_level_1])
category.save category.save
uncategorized_post = PostCreator.create(user, raw: "this is my new post 123 post", title: "hello world") uncategorized_post = PostCreator.create(user, raw: "this is my new post 123 post", title: "hello world")

View File

@ -18,6 +18,57 @@ describe Category do
it { should have_many :category_featured_topics } it { should have_many :category_featured_topics }
it { should have_many :featured_topics } it { should have_many :featured_topics }
describe "resolve_permissions" do
it "can determine read_restricted" do
read_restricted, resolved = Category.resolve_permissions(:everyone => :full)
read_restricted.should be_false
resolved.should == []
end
end
describe "topic_create_allowed and post_create_allowed" do
it "works" do
default_category = Fabricate(:category)
full_category = Fabricate(:category)
can_post_category = Fabricate(:category)
can_read_category = Fabricate(:category)
user = Fabricate(:user)
group = Fabricate(:group)
group.add(user)
group.save
admin = Fabricate(:admin)
full_category.set_permissions(group => :full)
full_category.save
can_post_category.set_permissions(group => :create_post)
can_post_category.save
can_read_category.set_permissions(group => :readonly)
can_read_category.save
guardian = Guardian.new(admin)
Category.topic_create_allowed(guardian).count.should == 4
Category.post_create_allowed(guardian).count.should == 4
Category.secured(guardian).count.should == 4
guardian = Guardian.new(user)
Category.secured(guardian).count.should == 4
Category.post_create_allowed(guardian).count.should == 3
Category.topic_create_allowed(guardian).count.should == 2 # explicitly allowed once, default allowed once
end
end
describe "post_create_allowed" do
end
describe "security" do describe "security" do
let(:category) { Fabricate(:category) } let(:category) { Fabricate(:category) }
let(:category_2) { Fabricate(:category) } let(:category_2) { Fabricate(:category) }
@ -25,20 +76,20 @@ describe Category do
let(:group) { Fabricate(:group) } let(:group) { Fabricate(:group) }
it "secures categories correctly" do it "secures categories correctly" do
category.secure?.should be_false category.read_restricted?.should be_false
category.deny(:all) category.set_permissions({})
category.secure?.should be_true category.read_restricted?.should be_true
category.allow(:all) category.set_permissions(:everyone => :full)
category.secure?.should be_false category.read_restricted?.should be_false
user.secure_categories.should be_empty user.secure_categories.should be_empty
group.add(user) group.add(user)
group.save group.save
category.allow(group) category.set_permissions(group.id => :full)
category.save category.save
user.reload user.reload
@ -47,13 +98,13 @@ describe Category do
it "lists all secured categories correctly" do it "lists all secured categories correctly" do
group.add(user) group.add(user)
category.allow(group) category.set_permissions(group.id => :full)
category.save
category_2.set_permissions(group.id => :full)
category_2.save
Category.secured.should == [category] Category.secured.should =~ []
Category.secured(Guardian.new(user)).should =~ [category, category_2]
category_2.allow(group)
Category.secured.should =~ [category, category_2]
end end
end end

16
spec/models/site_spec.rb Normal file
View File

@ -0,0 +1,16 @@
require 'spec_helper'
require_dependency 'site'
describe Site do
it "omits categories users can not write to from the category list" do
category = Fabricate(:category)
user = Fabricate(:user)
Site.new(Guardian.new(user)).categories.count.should == 1
category.set_permissions(:everyone => :create_post)
category.save
Site.new(Guardian.new(user)).categories.count.should == 0
end
end

View File

@ -258,8 +258,7 @@ describe TopicLink do
TopicLink.topic_summary(Guardian.new, post.topic_id).count.should == 1 TopicLink.topic_summary(Guardian.new, post.topic_id).count.should == 1
TopicLink.counts_for(Guardian.new, post.topic, [post]).length.should == 1 TopicLink.counts_for(Guardian.new, post.topic, [post]).length.should == 1
category.deny(:all) category.set_permissions(:staff => :full)
category.allow(Group[:staff])
category.save category.save
admin = Fabricate(:admin) admin = Fabricate(:admin)

View File

@ -192,7 +192,7 @@ describe Topic do
context "secure categories" do context "secure categories" do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
let(:category) { Fabricate(:category, secure: true) } let(:category) { Fabricate(:category, read_restricted: true) }
before do before do
topic.category = category topic.category = category
@ -1263,7 +1263,7 @@ describe Topic do
describe 'secured' do describe 'secured' do
it 'can remove secure groups' do it 'can remove secure groups' do
category = Fabricate(:category, secure: true) category = Fabricate(:category, read_restricted: true)
topic = Fabricate(:topic, category: category) topic = Fabricate(:topic, category: category)
Topic.secured(Guardian.new(nil)).count.should == 0 Topic.secured(Guardian.new(nil)).count.should == 0
@ -1280,17 +1280,17 @@ describe Topic do
let(:category){ Category.new } let(:category){ Category.new }
it "is true if the category is secure" do it "is true if the category is secure" do
category.stubs(:secure).returns(true) category.stubs(:read_restricted).returns(true)
Topic.new(:category => category).should be_secure_category Topic.new(:category => category).should be_read_restricted_category
end end
it "is false if the category is not secure" do it "is false if the category is not secure" do
category.stubs(:secure).returns(false) category.stubs(:read_restricted).returns(false)
Topic.new(:category => category).should_not be_secure_category Topic.new(:category => category).should_not be_read_restricted_category
end end
it "is false if there is no category" do it "is false if there is no category" do
Topic.new(:category => nil).should_not be_secure_category Topic.new(:category => nil).should_not be_read_restricted_category
end end
end end

View File

@ -51,7 +51,7 @@ describe TopicTrackingState do
row.user_id.should == post.user_id row.user_id.should == post.user_id
# when we have no permission to see a category, don't show its stats # when we have no permission to see a category, don't show its stats
category = Fabricate(:category, secure: true) category = Fabricate(:category, read_restricted: true)
post.topic.category_id = category.id post.topic.category_id = category.id
post.topic.save post.topic.save

View File

@ -68,7 +68,7 @@ describe UserAction do
# groups # groups
category = Fabricate(:category, secure: true) category = Fabricate(:category, read_restricted: true)
public_topic.recover! public_topic.recover!
public_topic.category = category public_topic.category = category
@ -82,7 +82,7 @@ describe UserAction do
group.add(u) group.add(u)
group.save group.save
category.allow(group) category.set_permissions(group => :full)
category.save category.save
stats_for_user(u).should == [UserAction::NEW_TOPIC] stats_for_user(u).should == [UserAction::NEW_TOPIC]