Nuke message_bus_observer move to service class and classes

Secure all messages triggered by post creation and all user actions so they don't leak
(meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them)
This commit is contained in:
Sam
2013-05-16 15:03:03 +10:00
parent bae2d252fa
commit e9ebadb414
13 changed files with 214 additions and 145 deletions

View File

@ -31,12 +31,53 @@ describe PostCreator do
end
context 'success' do
it 'creates a topic' do
lambda { creator.create }.should change(Topic, :count).by(1)
it 'generates the correct messages for a secure topic' do
admin = Fabricate(:admin)
cat = Fabricate(:category)
cat.deny(:all)
cat.allow(Group[:admins])
cat.save
created_post = nil
reply = nil
messages = MessageBus.track_publish do
created_post = PostCreator.new(admin, basic_topic_params.merge(category: cat.name)).create
reply = PostCreator.new(admin, raw: 'this is my test reply 123 testing', topic_id: created_post.topic_id).create
end
topic_id = created_post.topic_id
messages.map{|m| m.channel}.sort.should == [ "/latest",
"/users/#{admin.username}",
"/users/#{admin.username}",
"/topic/#{created_post.topic_id}",
"/category/#{cat.slug}"
].sort
admin_ids = [Group[:admins].id]
messages.any?{|m| m.group_ids != admin_ids}.should be_false
end
it 'returns a post' do
creator.create.is_a?(Post).should be_true
it 'generates the correct messages for a normal topic' do
p = nil
messages = MessageBus.track_publish do
p = creator.create
topic_id = p.topic_id
end
latest = messages.find{|m| m.channel == "/latest"}
latest.should_not be_nil
user_action = messages.find{|m| m.channel == "/users/#{p.user.username}"}
user_action.should_not be_nil
messages.length.should == 2
end
it 'extracts links from the post' do
@ -44,20 +85,8 @@ describe PostCreator do
creator.create
end
it 'enqueues the post on the message bus' do
MessageBus.stubs(:publish).with("/users/#{user.username}", anything)
MessageBus.expects(:publish).with("/topic/#{topic.id}", instance_of(Hash))
PostCreator.new(user, raw: basic_topic_params[:raw], topic_id: topic.id)
end
it 'features topic users' do
Jobs.stubs(:enqueue).with(:process_post, anything)
Jobs.expects(:enqueue).with(:feature_topic_users, has_key(:topic_id))
creator.create
end
it 'queues up post processing job when saved' do
Jobs.stubs(:enqueue).with(:feature_topic_users, has_key(:topic_id))
Jobs.expects(:enqueue).with(:feature_topic_users, has_key(:topic_id))
Jobs.expects(:enqueue).with(:process_post, has_key(:post_id))
creator.create
end