mirror of
https://github.com/discourse/discourse.git
synced 2025-05-28 13:51:18 +08:00
Nuke message_bus_observer move to service class and classes
Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them)
This commit is contained in:
@ -31,12 +31,53 @@ describe PostCreator do
|
||||
end
|
||||
|
||||
context 'success' do
|
||||
it 'creates a topic' do
|
||||
lambda { creator.create }.should change(Topic, :count).by(1)
|
||||
|
||||
it 'generates the correct messages for a secure topic' do
|
||||
|
||||
admin = Fabricate(:admin)
|
||||
|
||||
cat = Fabricate(:category)
|
||||
cat.deny(:all)
|
||||
cat.allow(Group[:admins])
|
||||
cat.save
|
||||
|
||||
created_post = nil
|
||||
reply = nil
|
||||
|
||||
messages = MessageBus.track_publish do
|
||||
created_post = PostCreator.new(admin, basic_topic_params.merge(category: cat.name)).create
|
||||
reply = PostCreator.new(admin, raw: 'this is my test reply 123 testing', topic_id: created_post.topic_id).create
|
||||
end
|
||||
|
||||
topic_id = created_post.topic_id
|
||||
|
||||
|
||||
messages.map{|m| m.channel}.sort.should == [ "/latest",
|
||||
"/users/#{admin.username}",
|
||||
"/users/#{admin.username}",
|
||||
"/topic/#{created_post.topic_id}",
|
||||
"/category/#{cat.slug}"
|
||||
].sort
|
||||
admin_ids = [Group[:admins].id]
|
||||
messages.any?{|m| m.group_ids != admin_ids}.should be_false
|
||||
|
||||
end
|
||||
|
||||
it 'returns a post' do
|
||||
creator.create.is_a?(Post).should be_true
|
||||
it 'generates the correct messages for a normal topic' do
|
||||
|
||||
p = nil
|
||||
messages = MessageBus.track_publish do
|
||||
p = creator.create
|
||||
topic_id = p.topic_id
|
||||
end
|
||||
|
||||
latest = messages.find{|m| m.channel == "/latest"}
|
||||
latest.should_not be_nil
|
||||
|
||||
user_action = messages.find{|m| m.channel == "/users/#{p.user.username}"}
|
||||
user_action.should_not be_nil
|
||||
|
||||
messages.length.should == 2
|
||||
end
|
||||
|
||||
it 'extracts links from the post' do
|
||||
@ -44,20 +85,8 @@ describe PostCreator do
|
||||
creator.create
|
||||
end
|
||||
|
||||
it 'enqueues the post on the message bus' do
|
||||
MessageBus.stubs(:publish).with("/users/#{user.username}", anything)
|
||||
MessageBus.expects(:publish).with("/topic/#{topic.id}", instance_of(Hash))
|
||||
PostCreator.new(user, raw: basic_topic_params[:raw], topic_id: topic.id)
|
||||
end
|
||||
|
||||
it 'features topic users' do
|
||||
Jobs.stubs(:enqueue).with(:process_post, anything)
|
||||
Jobs.expects(:enqueue).with(:feature_topic_users, has_key(:topic_id))
|
||||
creator.create
|
||||
end
|
||||
|
||||
it 'queues up post processing job when saved' do
|
||||
Jobs.stubs(:enqueue).with(:feature_topic_users, has_key(:topic_id))
|
||||
Jobs.expects(:enqueue).with(:feature_topic_users, has_key(:topic_id))
|
||||
Jobs.expects(:enqueue).with(:process_post, has_key(:post_id))
|
||||
creator.create
|
||||
end
|
||||
|
Reference in New Issue
Block a user