mirror of
https://github.com/discourse/discourse.git
synced 2025-06-01 17:40:43 +08:00
FIX: access to category chat only when user can create post (#19488)
Previously, restricted category chat channel was available for all groups - even `readonly`. From now on, only user who belong to group with `create_post` or `full` permissions can access that chat channel.
This commit is contained in:

committed by
GitHub

parent
4adb457ced
commit
09d15d4c7f
@ -72,18 +72,18 @@ RSpec.describe Chat::GuardianExtensions do
|
||||
expect(staff_guardian.can_change_channel_status?(channel, :read_only)).to eq(true)
|
||||
end
|
||||
|
||||
describe "#can_see_chat_channel?" do
|
||||
describe "#can_join_chat_channel?" do
|
||||
context "for direct message channels" do
|
||||
fab!(:chatable) { Fabricate(:direct_message) }
|
||||
fab!(:channel) { Fabricate(:direct_message_channel, chatable: chatable) }
|
||||
|
||||
it "returns false if the user is not part of the direct message" do
|
||||
expect(guardian.can_see_chat_channel?(channel)).to eq(false)
|
||||
expect(guardian.can_join_chat_channel?(channel)).to eq(false)
|
||||
end
|
||||
|
||||
it "returns true if the user is part of the direct message" do
|
||||
DirectMessageUser.create!(user: user, direct_message: chatable)
|
||||
expect(guardian.can_see_chat_channel?(channel)).to eq(true)
|
||||
expect(guardian.can_join_chat_channel?(channel)).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
@ -92,15 +92,20 @@ RSpec.describe Chat::GuardianExtensions do
|
||||
|
||||
before { channel.update(chatable: category) }
|
||||
|
||||
it "returns true if the user can see the category" do
|
||||
expect(Guardian.new(user).can_see_chat_channel?(channel)).to eq(false)
|
||||
group = Fabricate(:group)
|
||||
CategoryGroup.create(group: group, category: category)
|
||||
GroupUser.create(group: group, user: user)
|
||||
it "returns true if the user can join the category" do
|
||||
guardian = Guardian.new(user)
|
||||
|
||||
# have to make a new instance of guardian because `user.secure_category_ids`
|
||||
# is memoized there
|
||||
expect(Guardian.new(user).can_see_chat_channel?(channel)).to eq(true)
|
||||
readonly_group = Fabricate(:group)
|
||||
CategoryGroup.create(group: readonly_group, category: category, permission_type: CategoryGroup.permission_types[:readonly])
|
||||
GroupUser.create(group: readonly_group, user: user)
|
||||
|
||||
create_post_group = Fabricate(:group)
|
||||
CategoryGroup.create(group: create_post_group, category: category, permission_type: CategoryGroup.permission_types[:create_post])
|
||||
|
||||
expect(guardian.can_join_chat_channel?(channel)).to eq(false)
|
||||
|
||||
GroupUser.create(group: create_post_group, user: user)
|
||||
expect(guardian.can_join_chat_channel?(channel)).to eq(true)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Reference in New Issue
Block a user