Nuke message_bus_observer move to service class and classes

Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them)
2025-05-30 07:11:34 +08:00 · 2013-05-16 15:03:03 +10:00
parent bae2d252fa
commit e9ebadb414
13 changed files with 214 additions and 145 deletions
--- a/spec/components/post_creator_spec.rb
+++ b/spec/components/post_creator_spec.rb
@ -31,12 +31,53 @@ describe PostCreator do
    end

    context 'success' do
-      it 'creates a topic' do
-        lambda { creator.create }.should change(Topic, :count).by(1)
+
+      it 'generates the correct messages for a secure topic' do
+
+        admin = Fabricate(:admin)
+
+        cat = Fabricate(:category)
+        cat.deny(:all)
+        cat.allow(Group[:admins])
+        cat.save
+
+        created_post = nil
+        reply = nil
+
+        messages = MessageBus.track_publish do
+          created_post = PostCreator.new(admin, basic_topic_params.merge(category: cat.name)).create
+          reply = PostCreator.new(admin, raw: 'this is my test reply 123 testing', topic_id: created_post.topic_id).create
+        end
+
+        topic_id = created_post.topic_id
+
+
+        messages.map{|m| m.channel}.sort.should == [ "/latest",
+                                                     "/users/#{admin.username}",
+                                                     "/users/#{admin.username}",
+                                                     "/topic/#{created_post.topic_id}",
+                                                     "/category/#{cat.slug}"
+                                                   ].sort
+        admin_ids = [Group[:admins].id]
+        messages.any?{|m| m.group_ids != admin_ids}.should be_false
+
      end

-      it 'returns a post' do
-        creator.create.is_a?(Post).should be_true
+      it 'generates the correct messages for a normal topic' do
+
+        p = nil
+        messages = MessageBus.track_publish do
+          p = creator.create
+          topic_id = p.topic_id
+        end
+
+        latest = messages.find{|m| m.channel == "/latest"}
+        latest.should_not be_nil
+
+        user_action = messages.find{|m| m.channel == "/users/#{p.user.username}"}
+        user_action.should_not be_nil
+
+        messages.length.should == 2
      end

      it 'extracts links from the post' do
@ -44,20 +85,8 @@ describe PostCreator do
        creator.create
      end

-      it 'enqueues the post on the message bus' do
-        MessageBus.stubs(:publish).with("/users/#{user.username}", anything)
-        MessageBus.expects(:publish).with("/topic/#{topic.id}", instance_of(Hash))
-        PostCreator.new(user, raw: basic_topic_params[:raw], topic_id: topic.id)
-      end
-
-      it 'features topic users' do
-        Jobs.stubs(:enqueue).with(:process_post, anything)
-        Jobs.expects(:enqueue).with(:feature_topic_users, has_key(:topic_id))
-        creator.create
-      end
-
      it 'queues up post processing job when saved' do
-        Jobs.stubs(:enqueue).with(:feature_topic_users, has_key(:topic_id))
+        Jobs.expects(:enqueue).with(:feature_topic_users, has_key(:topic_id))
        Jobs.expects(:enqueue).with(:process_post, has_key(:post_id))
        creator.create
      end