mirror of
https://github.com/discourse/discourse.git
synced 2025-05-29 00:20:54 +08:00
FIX: Make ChatMessageUpdater check editing access for guardian (#18902)
Follow up to 766bcbc6840c9d665055441bcd77616b3a96e10e This fixes a gaffe from that commit where I passed in the guardian to ChatMessageUpdater but then forgot to remove the old way of setting the guardian and user instance variables from the chat_message that was passed in. Also, it moves the ensure_can_edit_message! check from the controller into ChatMessageUpdater so all the access checks are in the same place.
This commit is contained in:
@ -532,7 +532,7 @@ RSpec.describe Chat::ChatController do
|
||||
|
||||
it "raises an invalid request" do
|
||||
put "/chat/#{chat_channel.id}/edit/#{chat_message.id}.json", params: { new_message: "Hi" }
|
||||
expect(response.status).to eq(403)
|
||||
expect(response.status).to eq(422)
|
||||
end
|
||||
end
|
||||
|
||||
@ -540,7 +540,7 @@ RSpec.describe Chat::ChatController do
|
||||
sign_in(Fabricate(:user))
|
||||
|
||||
put "/chat/#{chat_channel.id}/edit/#{chat_message.id}.json", params: { new_message: "edit!" }
|
||||
expect(response.status).to eq(403)
|
||||
expect(response.status).to eq(422)
|
||||
end
|
||||
|
||||
it "errors when staff tries to edit another user's message" do
|
||||
@ -551,7 +551,7 @@ RSpec.describe Chat::ChatController do
|
||||
params: {
|
||||
new_message: new_message,
|
||||
}
|
||||
expect(response.status).to eq(403)
|
||||
expect(response.status).to eq(422)
|
||||
end
|
||||
|
||||
it "allows a user to edit their own messages" do
|
||||
|
Reference in New Issue
Block a user