105 lines
3.4 KiB
Ruby
105 lines
3.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe Chat::Api::HintsController do
|
|
describe "#check_group_mentions" do
|
|
context "for anons" do
|
|
it "returns a 404" do
|
|
get "/chat/api/mentions/groups", params: { mentions: %w[group1] }
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "for logged in users" do
|
|
fab!(:user) { Fabricate(:user) }
|
|
fab!(:mentionable_group) do
|
|
Fabricate(:group, mentionable_level: Group::ALIAS_LEVELS[:everyone])
|
|
end
|
|
fab!(:admin_mentionable_group) do
|
|
Fabricate(:group, mentionable_level: Group::ALIAS_LEVELS[:only_admins])
|
|
end
|
|
|
|
before { sign_in(user) }
|
|
|
|
it "returns a 400 when no mentions are given" do
|
|
get "/chat/api/mentions/groups"
|
|
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "returns a warning when a group is not mentionable" do
|
|
get "/chat/api/mentions/groups",
|
|
params: {
|
|
mentions: [mentionable_group.name, admin_mentionable_group.name],
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["unreachable"]).to contain_exactly(admin_mentionable_group.name)
|
|
end
|
|
|
|
it "returns no warning if the user is allowed to mention" do
|
|
user.update!(admin: true)
|
|
get "/chat/api/mentions/groups",
|
|
params: {
|
|
mentions: [mentionable_group.name, admin_mentionable_group.name],
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["unreachable"]).to be_empty
|
|
end
|
|
|
|
it "returns a warning if the group has too many users" do
|
|
user_1 = Fabricate(:user)
|
|
user_2 = Fabricate(:user)
|
|
mentionable_group.add(user_1)
|
|
mentionable_group.add(user_2)
|
|
SiteSetting.max_users_notified_per_group_mention = 1
|
|
|
|
get "/chat/api/mentions/groups",
|
|
params: {
|
|
mentions: [mentionable_group.name, admin_mentionable_group.name],
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["over_members_limit"]).to contain_exactly(
|
|
mentionable_group.name,
|
|
)
|
|
end
|
|
|
|
it "returns no warnings when the group doesn't exist" do
|
|
get "/chat/api/mentions/groups", params: { mentions: ["a_fake_group"] }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["unreachable"]).to be_empty
|
|
expect(response.parsed_body["over_members_limit"]).to be_empty
|
|
end
|
|
|
|
it "doesn't leak groups that are not visible" do
|
|
invisible_group =
|
|
Fabricate(
|
|
:group,
|
|
visibility_level: Group.visibility_levels[:staff],
|
|
mentionable_level: Group::ALIAS_LEVELS[:only_admins],
|
|
)
|
|
|
|
get "/chat/api/mentions/groups", params: { mentions: [invisible_group.name] }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["unreachable"]).to be_empty
|
|
expect(response.parsed_body["over_members_limit"]).to be_empty
|
|
expect(response.parsed_body["invalid"]).to contain_exactly(invisible_group.name)
|
|
end
|
|
|
|
it "triggers a rate-limit on too many requests" do
|
|
RateLimiter.enable
|
|
|
|
5.times { get "/chat/api/mentions/groups", params: { mentions: [mentionable_group.name] } }
|
|
|
|
get "/chat/api/mentions/groups", params: { mentions: [mentionable_group.name] }
|
|
|
|
expect(response.status).to eq(429)
|
|
end
|
|
end
|
|
end
|
|
end
|