FEATURE: add support for group members visibility level (#8004)

There are 5 visibility levels (similar to group visibility) public (default) logged-in users members only staff owners Admins & group owners always have visibility to group members.
2025-05-26 10:31:56 +08:00 · 2019-08-14 19:00:04 +05:30
parent f4aa6096ab
commit 88359b0f16
22 changed files with 351 additions and 15 deletions
--- a/spec/requests/groups_controller_spec.rb
+++ b/spec/requests/groups_controller_spec.rb
@ -335,6 +335,15 @@ describe GroupsController do
      expect(response.status).to eq(403)
    end

+    it "ensures the group members can be seen" do
+      sign_in(Fabricate(:user))
+      group.update!(members_visibility_level: Group.visibility_levels[:owners])
+
+      get "/groups/#{group.name}/posts.json"
+
+      expect(response.status).to eq(403)
+    end
+
    it "calls `posts_for` and responds with JSON" do
      sign_in(user)
      post = Fabricate(:post, user: user)
@ -369,6 +378,14 @@ describe GroupsController do
      expect(response.status).to eq(403)
    end

+    it "ensures the group members can be seen" do
+      group.update!(members_visibility_level: Group.visibility_levels[:logged_on_users])
+
+      get "/groups/#{group.name}/members.json", params: { limit: 1 }
+
+      expect(response.status).to eq(403)
+    end
+
    it "ensures that membership can be paginated" do

      freeze_time
@ -613,6 +630,7 @@ describe GroupsController do
      it 'should be able to update the group' do
        group.update!(
          visibility_level: 2,
+          members_visibility_level: 2,
          automatic_membership_retroactive: false,
          grant_trust_level: 0
        )
@ -626,7 +644,8 @@ describe GroupsController do
            automatic_membership_email_domains: 'test.org',
            automatic_membership_retroactive: true,
            grant_trust_level: 2,
-            visibility_level: 1
+            visibility_level: 1,
+            members_visibility_level: 3
          }
        }

@ -638,6 +657,7 @@ describe GroupsController do
        expect(group.incoming_email).to eq("test@mail.org")
        expect(group.primary_group).to eq(true)
        expect(group.visibility_level).to eq(1)
+        expect(group.members_visibility_level).to eq(3)
        expect(group.automatic_membership_email_domains).to eq('test.org')
        expect(group.automatic_membership_retroactive).to eq(true)
        expect(group.grant_trust_level).to eq(2)