FEATURE: hidden site setting to suppress unsecured categories from admins (#19098)

The hidden site setting `suppress_secured_categories_from_admin` will suppress visibility of categories without explicit access from admins in a few key areas (category drop downs and topic lists) It is not intended to be a security wall since admins can amend any site setting. Instead it is feature that allows hiding the categories from the UI. Admins will still be able to see topics in categories without explicit access using direct URLs or flags. Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2025-06-02 13:44:56 +08:00 · 2022-11-18 14:37:36 +11:00
parent a6c787345c
commit 4f63bc8ed2
5 changed files with 65 additions and 10 deletions
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -3100,4 +3100,22 @@ RSpec.describe User do
      expect(user.visible_sidebar_tags).to contain_exactly(tag, hidden_tag)
    end
  end
+
+  describe '#secure_category_ids' do
+    fab!(:admin) { Fabricate(:admin) }
+    fab!(:group) { Fabricate(:group) }
+    fab!(:private_category) { Fabricate(:private_category, group: group) }
+
+    it 'allows admin to see all secure categories' do
+      expect(admin.secure_category_ids).to include(private_category.id)
+    end
+
+    context 'when SiteSetting.suppress_secured_categories_from_admin is true' do
+      it 'hides secure categories from admins' do
+        SiteSetting.suppress_secured_categories_from_admin = true
+        expect(admin.secure_category_ids).not_to include(private_category.id)
+      end
+    end
+
+  end
 end