Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: do not verify group visibility when checking for mentionable/messageable

This commit is contained in:
Arpit Jalan 2018-06-05 16:26:51 +05:30
parent 32c0ff4831
commit f8d82f135f
2 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/groups_controller.rb
View File

@ -282,7 +282,7 @@ class GroupsController < ApplicationController
end end
def mentionable def mentionable
group = find_group(:name) group = find_group(:name, ensure_can_see: false)
if group if group
render json: { mentionable: Group.mentionable(current_user).where(id: group.id).present? } render json: { mentionable: Group.mentionable(current_user).where(id: group.id).present? }
@ -292,7 +292,7 @@ class GroupsController < ApplicationController
end end
def messageable def messageable
group = find_group(:name) group = find_group(:name, ensure_can_see: false)
if group if group
render json: { messageable: Group.messageable(current_user).where(id: group.id).present? } render json: { messageable: Group.messageable(current_user).where(id: group.id).present? }
@ -468,12 +468,11 @@ class GroupsController < ApplicationController
params.require(:group).permit(*permitted_params) params.require(:group).permit(*permitted_params)
end end
def find_group(param_name) def find_group(param_name, ensure_can_see: true)
name = params.require(param_name) name = params.require(param_name)
group = Group group = Group
group = group.find_by("lower(name) = ?", name.downcase) group = group.find_by("lower(name) = ?", name.downcase)
guardian.ensure_can_see!(group) guardian.ensure_can_see!(group) if ensure_can_see
group group
end end
end end

24
spec/requests/groups_controller_spec.rb
View File

@ -383,13 +383,12 @@ describe GroupsController do
group.update_attributes!(name: 'test') group.update_attributes!(name: 'test')
get "/groups/test/mentionable.json", params: { name: group.name } get "/groups/test/mentionable.json", params: { name: group.name }
expect(response).to be_success expect(response).to be_success
response_body = JSON.parse(response.body) response_body = JSON.parse(response.body)
expect(response_body["mentionable"]).to eq(false) expect(response_body["mentionable"]).to eq(false)
group.update_attributes!(mentionable_level: Group::ALIAS_LEVELS[:everyone]) group.update_attributes!(mentionable_level: Group::ALIAS_LEVELS[:everyone], visibility_level: Group.visibility_levels[:staff])
get "/groups/test/mentionable.json", params: { name: group.name } get "/groups/test/mentionable.json", params: { name: group.name }
expect(response).to be_success expect(response).to be_success
@ -399,6 +398,27 @@ describe GroupsController do
end end
end end
describe '#messageable' do
it "should return the right response" do
sign_in(user)
group.update_attributes!(name: 'test')
get "/groups/test/messageable.json", params: { name: group.name }
expect(response).to be_success
response_body = JSON.parse(response.body)
expect(response_body["messageable"]).to eq(false)
group.update_attributes!(messageable_level: Group::ALIAS_LEVELS[:everyone], visibility_level: Group.visibility_levels[:staff])
get "/groups/test/messageable.json", params: { name: group.name }
expect(response).to be_success
response_body = JSON.parse(response.body)
expect(response_body["messageable"]).to eq(true)
end
end
describe '#update' do describe '#update' do
let(:group) do let(:group) do
Fabricate(:group, Fabricate(:group,