discourse/spec/requests/admin/badges_controller_spec.rb

597 lines
19 KiB
Ruby

# frozen_string_literal: true
RSpec.describe Admin::BadgesController do
fab!(:admin) { Fabricate(:admin) }
fab!(:moderator) { Fabricate(:moderator) }
fab!(:user) { Fabricate(:user, email: 'user1@test.com', username: 'username1') }
fab!(:badge) { Fabricate(:badge) }
describe '#index' do
context "when logged in as an admin" do
before { sign_in(admin) }
it "returns badge index" do
get "/admin/badges.json"
expect(response.status).to eq(200)
end
end
shared_examples "badges inaccessible" do
it "denies access to badges with a 404 response" do
get "/admin/badges.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badges inaccessible"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badges inaccessible"
end
end
describe '#preview' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'allows preview enable_badge_sql is enabled' do
SiteSetting.enable_badge_sql = true
post "/admin/badges/preview.json", params: {
sql: 'select id as user_id, created_at granted_at from users'
}
expect(response.status).to eq(200)
expect(response.parsed_body["grant_count"]).to be > 0
end
it 'does not allow anything if enable_badge_sql is disabled' do
SiteSetting.enable_badge_sql = false
post "/admin/badges/preview.json", params: {
sql: 'select id as user_id, created_at granted_at from users'
}
expect(response.status).to eq(403)
end
end
shared_examples "badge preview inaccessible" do
it "denies access to badge preview with a 404 response" do
SiteSetting.enable_badge_sql = true
post "/admin/badges/preview.json", params: {
sql: 'select id as user_id, created_at granted_at from users'
}
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badge preview inaccessible"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badge preview inaccessible"
end
end
describe '#create' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'can create badges correctly' do
SiteSetting.enable_badge_sql = true
post "/admin/badges.json", params: {
name: 'test', query: 'select 1 as user_id, null as granted_at', badge_type_id: 1
}
json = response.parsed_body
expect(response.status).to eq(200)
expect(json["badge"]["name"]).to eq('test')
expect(json["badge"]["query"]).to eq('select 1 as user_id, null as granted_at')
expect(UserHistory.where(acting_user_id: admin.id, action: UserHistory.actions[:create_badge]).exists?).to eq(true)
end
end
shared_examples "badge creation not allowed" do
it "prevents badge creation with a 404 response" do
SiteSetting.enable_badge_sql = true
post "/admin/badges.json", params: {
name: 'test', query: 'select 1 as user_id, null as granted_at', badge_type_id: 1
}
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badge creation not allowed"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badge creation not allowed"
end
end
describe '#save_badge_groupings' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'can save badge groupings' do
groupings = BadgeGrouping.all.order(:position).to_a
groupings << BadgeGrouping.new(name: 'Test 1')
groupings << BadgeGrouping.new(name: 'Test 2')
groupings.shuffle!
names = groupings.map { |g| g.name }
ids = groupings.map { |g| g.id.to_s }
post "/admin/badges/badge_groupings.json", params: { ids: ids, names: names }
expect(response.status).to eq(200)
groupings2 = BadgeGrouping.all.order(:position).to_a
expect(groupings2.map { |g| g.name }).to eq(names)
expect((groupings.map(&:id) - groupings2.map { |g| g.id }).compact).to be_blank
expect(response.parsed_body["badge_groupings"].length).to eq(groupings2.length)
end
end
shared_examples "badge grouping creation not allowed" do
it "prevents creation of badge groupings with a 404 response" do
groupings = BadgeGrouping.all.order(:position).to_a
groupings << BadgeGrouping.new(name: "Test 1")
groupings << BadgeGrouping.new(name: "Test 2")
groupings.shuffle!
names = groupings.map { |g| g.name }
ids = groupings.map { |g| g.id.to_s }
post "/admin/badges/badge_groupings.json", params: { ids: ids, names: names }
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badge grouping creation not allowed"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badge grouping creation not allowed"
end
end
describe '#badge_types' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'returns JSON' do
get "/admin/badges/types.json"
expect(response.status).to eq(200)
expect(response.parsed_body["badge_types"]).to be_present
end
end
shared_examples "badge types inaccessible" do
it "denies access to badge types with a 404 response" do
get "/admin/badges/types.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badge types inaccessible"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badge types inaccessible"
end
end
describe '#destroy' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'deletes the badge' do
delete "/admin/badges/#{badge.id}.json"
expect(response.status).to eq(200)
expect(Badge.where(id: badge.id).exists?).to eq(false)
expect(UserHistory.where(acting_user_id: admin.id, action: UserHistory.actions[:delete_badge]).exists?).to eq(true)
end
end
shared_examples "badge deletion not allowed" do
it "prevents deletion of badges with a 404 response" do
delete "/admin/badges/#{badge.id}.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
expect(Badge.where(id: badge.id).exists?).to eq(true)
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badge deletion not allowed"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badge deletion not allowed"
end
end
describe '#update' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'does not update the name of system badges' do
editor_badge = Badge.find(Badge::Editor)
editor_badge_name = editor_badge.name
put "/admin/badges/#{editor_badge.id}.json", params: {
name: "123456"
}
expect(response.status).to eq(200)
editor_badge.reload
expect(editor_badge.name).to eq(editor_badge_name)
expect(UserHistory.where(acting_user_id: admin.id, action: UserHistory.actions[:change_badge]).exists?).to eq(true)
end
it 'does not allow query updates if badge_sql is disabled' do
badge.query = "select 123"
badge.save
SiteSetting.enable_badge_sql = false
put "/admin/badges/#{badge.id}.json", params: {
name: "123456",
query: "select id user_id, created_at granted_at from users",
badge_type_id: badge.badge_type_id,
allow_title: false,
multiple_grant: false,
enabled: true
}
expect(response.status).to eq(200)
badge.reload
expect(badge.name).to eq('123456')
expect(badge.query).to eq('select 123')
end
it 'updates the badge' do
SiteSetting.enable_badge_sql = true
sql = "select id user_id, created_at granted_at from users"
image = Fabricate(:upload)
put "/admin/badges/#{badge.id}.json", params: {
name: "123456",
query: sql,
badge_type_id: badge.badge_type_id,
allow_title: false,
multiple_grant: false,
enabled: true,
image_upload_id: image.id,
icon: "fa-rocket",
}
expect(response.status).to eq(200)
badge.reload
expect(badge.name).to eq('123456')
expect(badge.query).to eq(sql)
expect(badge.image_upload.id).to eq(image.id)
expect(badge.icon).to eq("fa-rocket")
end
context 'when there is a user with a title granted using the badge' do
fab!(:user_with_badge_title) { Fabricate(:active_user) }
fab!(:badge) { Fabricate(:badge, name: 'Oathbreaker', allow_title: true) }
before do
BadgeGranter.grant(badge, user_with_badge_title)
user_with_badge_title.update(title: 'Oathbreaker')
end
it 'updates the user title in a job' do
expect_enqueued_with(job: :bulk_user_title_update, args: {
new_title: 'Shieldbearer',
granted_badge_id: badge.id,
action: Jobs::BulkUserTitleUpdate::UPDATE_ACTION
}) do
put "/admin/badges/#{badge.id}.json", params: {
name: "Shieldbearer"
}
end
end
end
end
shared_examples "badge update not allowed" do
it "prevents badge update with a 404 response" do
SiteSetting.enable_badge_sql = true
sql = "select id user_id, created_at granted_at from users"
image = Fabricate(:upload)
put "/admin/badges/#{badge.id}.json", params: {
name: "123456",
query: sql,
badge_type_id: badge.badge_type_id,
allow_title: false,
multiple_grant: false,
enabled: true,
image_upload_id: image.id,
icon: "fa-rocket",
}
badge.reload
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
expect(badge.name).not_to eq('123456')
expect(badge.query).not_to eq(sql)
expect(badge.icon).not_to eq("fa-rocket")
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "badge update not allowed"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "badge update not allowed"
end
end
describe '#mass_award' do
context "when logged in as an admin" do
before { sign_in(admin) }
it 'does nothing when there is no file' do
post "/admin/badges/award/#{badge.id}.json", params: { file: '' }
expect(response.status).to eq(400)
end
it 'does nothing when the badge id is not valid' do
post '/admin/badges/award/fake_id.json', params: { file: fixture_file_upload(Tempfile.new) }
expect(response.status).to eq(400)
end
it 'does nothing when the file is not a csv' do
file = file_from_fixtures('cropped.png')
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(400)
end
it 'awards the badge using a list of user emails' do
Jobs.run_immediately!
file = file_from_fixtures('user_emails.csv', 'csv')
UserBadge.destroy_all
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(200)
expect(UserBadge.where(user: user, badge: badge).count).to eq(1)
expect(UserBadge.where(user: user, badge: badge).first.seq).to eq(0)
end
it 'awards the badge using a list of usernames' do
Jobs.run_immediately!
file = file_from_fixtures('usernames.csv', 'csv')
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(200)
expect(UserBadge.where(user: user, badge: badge).count).to eq(1)
end
it 'works with a CSV containing nil values' do
Jobs.run_immediately!
file = file_from_fixtures('usernames_with_nil_values.csv', 'csv')
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(200)
expect(UserBadge.where(user: user, badge: badge).count).to eq(1)
end
it 'does not grant the badge again to a user if they already have the badge' do
Jobs.run_immediately!
badge.update!(multiple_grant: true)
BadgeGranter.grant(badge, user)
user.reload
file = file_from_fixtures('usernames_with_nil_values.csv', 'csv')
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(200)
expect(UserBadge.where(user: user, badge: badge).count).to eq(1)
end
it 'fails when the badge is disabled' do
badge.update!(enabled: false)
file = file_from_fixtures('usernames_with_nil_values.csv', 'csv')
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(422)
end
context "when grant_existing_holders is true" do
it "fails when the badge cannot be granted multiple times" do
file = file_from_fixtures('user_emails.csv', 'csv')
badge.update!(multiple_grant: false)
post "/admin/badges/award/#{badge.id}.json", params: {
file: fixture_file_upload(file),
grant_existing_holders: true
}
expect(response.status).to eq(422)
expect(response.parsed_body['errors']).to eq([
I18n.t("badges.mass_award.errors.cant_grant_multiple_times", badge_name: badge.name)
])
end
it "fails when CSV file contains more entries that it's allowed" do
badge.update!(multiple_grant: true)
csv = Tempfile.new
csv.write("#{user.username}\n" * 11)
csv.rewind
stub_const(Admin::BadgesController, "MAX_CSV_LINES", 10) do
post "/admin/badges/award/#{badge.id}.json", params: {
file: fixture_file_upload(csv),
grant_existing_holders: true
}
end
expect(response.status).to eq(400)
expect(response.parsed_body["errors"]).to include(I18n.t("badges.mass_award.errors.too_many_csv_entries", count: 10))
ensure
csv&.close
csv&.unlink
end
it "includes unmatched entries and the number of users who will receive the badge in the response" do
Jobs.run_immediately!
badge.update!(multiple_grant: true)
csv = Tempfile.new
content = [
"nonexistentuser",
"nonexistentuser",
"nonexistentemail@discourse.fake"
]
content << user.username
content << user.username
csv.write(content.join("\n"))
csv.rewind
post "/admin/badges/award/#{badge.id}.json", params: {
file: fixture_file_upload(csv),
grant_existing_holders: true
}
expect(response.status).to eq(200)
expect(response.parsed_body['unmatched_entries']).to contain_exactly(
"nonexistentuser",
"nonexistentemail@discourse.fake"
)
expect(response.parsed_body['matched_users_count']).to eq(1)
expect(response.parsed_body['unmatched_entries_count']).to eq(2)
expect(UserBadge.where(user: user, badge: badge).count).to eq(2)
ensure
csv&.close
csv&.unlink
end
it "grants the badge to the users in the CSV as many times as they appear in it" do
Jobs.run_immediately!
badge.update!(multiple_grant: true)
user_without_badge = Fabricate(:user)
user_with_badge = Fabricate(:user).tap { |u| BadgeGranter.grant(badge, u) }
csv_content = [
user_with_badge.email.titlecase,
user_with_badge.username.titlecase,
user_without_badge.email.titlecase,
user_without_badge.username.titlecase
] * 20
csv = Tempfile.new
csv.write(csv_content.join("\n"))
csv.rewind
post "/admin/badges/award/#{badge.id}.json", params: {
file: fixture_file_upload(csv),
grant_existing_holders: true
}
expect(response.status).to eq(200)
expect(response.parsed_body['unmatched_entries']).to eq([])
expect(response.parsed_body['matched_users_count']).to eq(2)
expect(response.parsed_body['unmatched_entries_count']).to eq(0)
sequence = UserBadge.where(user: user_with_badge, badge: badge).pluck(:seq)
expect(sequence.sort).to eq((0...(40 + 1)).to_a)
sequence = UserBadge.where(user: user_without_badge, badge: badge).pluck(:seq)
expect(sequence.sort).to eq((0...40).to_a)
ensure
csv&.close
csv&.unlink
end
end
end
shared_examples "mass badge award not allowed" do
it "prevents mass badge award with a 404 response" do
file = file_from_fixtures('user_emails.csv', 'csv')
post "/admin/badges/award/#{badge.id}.json", params: { file: fixture_file_upload(file) }
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
expect(UserBadge.where(user: user, badge: badge).count).to eq(0)
end
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "mass badge award not allowed"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
include_examples "mass badge award not allowed"
end
end
end