Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests
History
Osama Sayegh e2cd1da26d
FIX: All admins should be allowed to see deleted PM posts regardless of their mod status (#30206) 
Admins and moderators can see a user's deleted posts via the `/u/:username/deleted-posts` route. Admins can always see any post on the site, but that's not always the case for moderators, e.g., they can't see all PMs. So, this route accounts for that and excludes posts that a moderator wouldn't be allowed to see if they were not deleted.

However, there's currently a problem with that logic where admins who also have moderation privileges, are treated the same way as moderators and prevented from seeing posts that pure moderators can't see. This commit fixes that problem and only applies the permission checks to moderators who don't have admin privileges.

Internal topic: t/143107.
 		2024-12-23 12:48:03 +03:00
..
admin SECURITY: Moderators cannot see user emails. 2024-12-19 13:13:18 -03:00
api DEV: API to register custom request rate limiting conditions (#30239) 2024-12-23 09:57:18 +08:00
examples SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
about_controller_spec.rb FIX: crawler view with unicode usernames (#27051) 2024-05-16 17:11:24 +02:00
application_controller_spec.rb DEV: Include controller namespace in X-Discourse-Route (#29783) 2024-11-29 17:11:17 +11:00
associate_accounts_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
badges_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
bookmarks_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
categories_controller_spec.rb FIX: Filter out secured categories first (#29916) 2024-11-28 17:09:16 +02:00
clicks_controller_spec.rb
composer_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
composer_messages_controller_spec.rb
csp_reports_controller_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
directory_items_controller_spec.rb DEV: Fix specs for directory items controller (#30160) 2024-12-10 08:55:29 -07:00
do_not_disturb_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
drafts_controller_spec.rb FIX: corrently handle hidden tags when checking for edit conflicts 2024-12-09 19:17:16 +01:00
edit_directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_controller_spec.rb FEATURE: remove category badge style options, set bullet style as default (#24198) 2023-11-13 10:46:15 -05:00
embed_controller_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
exceptions_controller_spec.rb
export_csv_controller_spec.rb SECURITY: Moderators cannot see user emails. 2024-12-19 13:13:18 -03:00
extra_locales_controller_spec.rb DEV: Upgrade the MessageFormat library (JS) 2024-07-10 09:51:25 +02:00
finish_installation_controller_spec.rb DEV: Improve error message when test fails (#25067) 2023-12-29 12:44:41 +08:00
form_templates_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
forums_controller_spec.rb DEV: Correct forums_controller success spec (#24690) 2023-12-04 14:26:29 +00:00
groups_controller_spec.rb FEATURE: Allow add group member endpoint to skip invite emails (#29962) 2024-11-27 11:33:09 -06:00
hashtags_controller_spec.rb DEV: Fix flaky test (#25935) 2024-02-28 20:32:14 +02:00
highlightjs_controller_spec.rb FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
inline_onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
invites_controller_spec.rb SECURITY: When enabled only allow Discourse Connect logins 2024-12-19 13:13:23 -03:00
list_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
metadata_controller_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
net_http_timeout_spec.rb FIX: Set sane default for `Net::HTTP` when processing a request (#28141) 2024-08-06 07:12:42 +08:00
noscript_escape_spec.rb SECURITY: Properly escape user content within `<noscript>` 2024-01-30 09:10:09 -07:00
notifications_controller_spec.rb Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
offline_controller_spec.rb
omniauth_callbacks_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb FIX: `Permalink.create` didn't work as expected anymore (#29895) 2024-11-22 21:11:26 +01:00
post_action_users_controller_spec.rb DEV: Add post_action_users_list modifier for PostActionUsersController (#25740) 2024-02-20 09:48:09 +10:00
post_actions_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
post_readers_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
posts_controller_spec.rb FIX: All admins should be allowed to see deleted PM posts regardless of their mod status (#30206) 2024-12-23 12:48:03 +03:00
presence_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
published_pages_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
push_notification_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
qunit_controller_spec.rb DEV: Stop building test assets in production under Embroider (#23388) 2023-09-11 09:12:37 +01:00
reviewable_claimed_topics_controller_spec.rb FEATURE: Support designating multiple groups as mods on category (#28655) 2024-09-04 04:38:46 +03:00
reviewables_controller_spec.rb FEATURE: Reason and deleted content support in the review queue (#30295) 2024-12-17 11:44:46 +11:00
robots_txt_controller_spec.rb
safe_mode_controller_spec.rb
search_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
session_controller_spec.rb SECURITY: When enabled only allow Discourse Connect logins 2024-12-19 13:13:23 -03:00
sidebar_sections_controller_spec.rb DEV: remap all core icons for fontawesome 6 upgrade (#28715) 2024-09-13 16:50:52 +01:00
similar_topics_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
site_controller_spec.rb DEV: Resolve stat registration flaky tests (#29084) 2024-10-04 13:49:22 +01:00
sitemap_controller_spec.rb DEV: Remove unnecessary rails_helper requiring (#26364) 2024-03-26 11:32:01 +01:00
slugs_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
static_controller_spec.rb FIX: Do not ignore redirects containing "/login" in the path (#29960) 2024-11-27 11:22:45 -05:00
steps_controller_spec.rb
stylesheets_controller_spec.rb DEV: Fix test incorrectly removing stylesheet cache of other processes (#25103) 2024-01-03 13:15:35 +08:00
svg_sprite_controller_spec.rb DEV: make the build less flaky (#29288) 2024-10-18 20:07:55 +02:00
tag_groups_controller_spec.rb FEATURE: Log tag group changes in staff action log (#28787) 2024-09-09 10:50:48 +08:00
tags_controller_spec.rb DEV: Ignore invalid tag parameter in TagsController (#28557) 2024-08-27 12:06:54 -04:00
theme_javascripts_controller_spec.rb DEV: Compile theme migrations javascript files when running theme qunit (#25219) 2024-01-16 09:50:44 +08:00
topic_view_stats_controller_spec.rb FEATURE: topic_view_stats table with daily fidelity (#27197) 2024-05-27 15:25:32 +10:00
topics_controller_spec.rb DEV: Allow `freeze_original` argument in topics controller & JS transformer (#30120) 2024-12-05 08:31:05 -06:00
uploads_controller_multisite_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
uploads_controller_spec.rb FIX: Extension-less secure uploads (#29914) 2024-11-25 12:18:21 +00:00
user_actions_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
user_api_key_clients_controller_spec.rb Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
user_api_keys_controller_spec.rb Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
user_avatars_controller_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
user_badges_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
user_status_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
users_controller_spec.rb SECURITY: When enabled only allow Discourse Connect logins 2024-12-19 13:13:23 -03:00
users_email_controller_spec.rb DEV: Fix flaky users_email_controller_spec test case (#30318) 2024-12-17 18:20:01 +08:00
webhooks_controller_spec.rb FEATURE: Add Mailpace webhook (#21981) 2023-06-08 20:06:20 +03:00
wizard_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00