github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-03 19:39:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Some badge routes were still working even with badges disabled

Browse Source
This commit is contained in:
Robin Ward
2017-11-21 12:22:24 -05:00
parent 9444c31918
commit 628275fc31
5 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
spec/controllers/user_badges_controller_spec.rb
View File

@ -5,19 +5,25 @@ describe UserBadgesController do
let(:badge) { Fabricate(:badge) }
context 'index' do
let(:badge) { Fabricate(:badge, target_posts: true, show_posts: false) }
it 'does not leak private info' do
badge = Fabricate(:badge, target_posts: true, show_posts: false)
p = create_post
UserBadge.create(badge: badge, user: user, post_id: p.id, granted_by_id: -1, granted_at: Time.now)
get :index, params: { badge_id: badge.id }, format: :json
expect(response.status).to eq(200)
expect(response).to be_success
parsed = JSON.parse(response.body)
expect(parsed["topics"]).to eq(nil)
expect(parsed["badges"].length).to eq(1)
expect(parsed["user_badge_info"]["user_badges"][0]["post_id"]).to eq(nil)
end
it "fails when badges are disabled" do
SiteSetting.enable_badges = false
get :index, params: { badge_id: badge.id }, format: :json
expect(response).not_to be_success
end
end
context 'index' do