discourse/spec
Isaac Janzen 366ff0e76b
FIX: Don't display destroy reviewable button on client (#21226)
# Context

https://meta.discourse.org/t/missing-translate-in-review-page/262604

![image](https://user-images.githubusercontent.com/50783505/234089049-72332040-e7d5-4081-824a-b0b36e37187a.png)

An additional button was added as a result of dd495a0e19 which was intended to grant access to deleting reviewable from the API. 

We were being too flexible by only checking if the user was an admin

012aaf0ba3/lib/guardian.rb (L237)

where it should instead by scoped to check if the request was an API call.

# Fix

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R237

# Additions

Added a new guard of `is_api?`

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R657-R660

In `app/models/reviewable.rb` we check if the user has the permissions to the destroy action via the `Guardian`. To do this we were instantiating a new `Guardian` class which then caused us to lose the context of the request. The request is a necessary component in the guard of `is_api?` so we needed to pass the already defined Guardian from the `app/controllers/reviewables_controller.rb` to the `#perform` method to ensure the request is present.
2023-04-24 20:22:37 -05:00
..
fabricators DEV: Define form template field inputs (#20430) 2023-03-01 11:07:13 -08:00
fixtures DEV: Allow `DROP NOT NULL` in pre-deploy migrations (#20775) 2023-03-22 14:43:32 +00:00
helpers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
import_export DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
initializers FEATURE: Add support for user badge revocation webhook events (#21204) 2023-04-24 20:36:40 +00:00
integration DEV: Update the rubocop setup (#20668) 2023-03-14 11:42:11 +01:00
integrity DEV: Colocate wizard component templates (#20309) 2023-02-15 11:29:22 +00:00
jobs FIX: Ensure reviewable counts are updated correctly for new user menu (#21222) 2023-04-24 16:59:32 +01:00
lib FIX: Don't display destroy reviewable button on client (#21226) 2023-04-24 20:22:37 -05:00
mailers DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
models FEATURE: Add support for user badge revocation webhook events (#21204) 2023-04-24 20:36:40 +00:00
multisite DEV: Add plugin hook for transforming site setting defaults (#20941) 2023-04-05 12:28:16 +01:00
requests FIX: Show auto-group flair according to user preferences (#21221) 2023-04-24 16:04:26 -03:00
script/import_scripts DEV: Correct syntax_tree violations 2023-02-02 13:03:11 +00:00
serializers FIX: Show auto-group flair according to user preferences (#21221) 2023-04-24 16:04:26 -03:00
services FIX: Hashtag subcategory ref incorrect when not highest-ranked type (#21163) 2023-04-20 09:03:55 +10:00
support FIX: Render links with subfolders properly in Discobot 2023-04-17 16:53:00 +02:00
system PERF: Don't serialize value for theme_fields unnecessarily (#21201) 2023-04-24 09:30:51 -05:00
tasks DEV: Capture output in hashtags spec (#20773) 2023-03-23 11:47:14 +10:00
views FEATURE: add category name in articleSection meta tag for schema. (#21004) 2023-04-06 23:30:19 +05:30
rails_helper.rb DEV: Change Bookmarkable registration to DiscoursePluginRegistry (#20556) 2023-03-08 10:39:12 +10:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00