mirror of
https://github.com/discourse/discourse.git
synced 2025-07-14 01:10:53 +08:00

The reasons for these changes is https://meta.discourse.org/t/-/89605 broke and admins were not able to log back in if they had previously enabled the "read only" mode. Thus ensued a deep dive into how all the "read only" modes worked, which was made difficult due to the lack of tests. The "cornerstone" of this PR is the `read_only_mixin.rb` file which was improved to be able to differentiate between the "readonly" mode and the "staff writes only" mode. I then made use of the `allow_in_readonly_mode` and `allow_in_staff_writes_only_mode` method to **explicitely** list all the actions that should work in those modes. I also added the "readonly" mixin to the `WebhooksController` since it doesn't inherit from the `ApplicationController`. I improved the security of the `/u/admin-login` endpoint by always sending the same message no matter if we found or not an admin account with the provided email address. I added two system specs: 1. for ensuring that admins can log in via /u/admin-lgoin and then clicking the link in the email they received while the site is in readonly mode. 2. for ensuring the "staff writes only mode" is _actually_ tested by ensuring a moderator can log in and create a topic while the site is in that mode. Plenty of specs were updated to ensure 100% converage of the various "read only" modes.
60 lines
1.9 KiB
Ruby
60 lines
1.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe "Staff writes only mode", type: :system do
|
|
password = SecureRandom.alphanumeric(20)
|
|
|
|
fab!(:moderator) { Fabricate(:moderator, password:) }
|
|
fab!(:user) { Fabricate(:user, password:) }
|
|
fab!(:topic) { Fabricate(:topic, user:) }
|
|
fab!(:post) { Fabricate(:post, topic:, user:) }
|
|
|
|
let(:login_form) { PageObjects::Pages::Login.new }
|
|
let(:composer) { PageObjects::Components::Composer.new }
|
|
|
|
before { Discourse.enable_readonly_mode(Discourse::STAFF_WRITES_ONLY_MODE_KEY) }
|
|
|
|
context "when moderator" do
|
|
before { EmailToken.confirm(Fabricate(:email_token, user: moderator).token) }
|
|
|
|
it "can login and post during staff writes only mode" do
|
|
login_form.open.fill(username: moderator.username, password:).click_login
|
|
|
|
expect(page).to have_css(".header-dropdown-toggle.current-user")
|
|
|
|
page.visit "/new-topic"
|
|
|
|
expect(composer).to be_opened
|
|
|
|
title = "Test topic from moderator"
|
|
body = "This is a test post created by a moderator during staff writes only mode."
|
|
|
|
composer.fill_title(title)
|
|
composer.fill_content(body)
|
|
|
|
composer.create
|
|
|
|
expect(page).to have_content(title)
|
|
expect(page).to have_content(body)
|
|
end
|
|
end
|
|
|
|
context "when regular user" do
|
|
before { EmailToken.confirm(Fabricate(:email_token, user:).token) }
|
|
|
|
it "cannot login during staff writes only mode" do
|
|
login_form.open.fill(username: user.username, password:).click_login
|
|
|
|
expect(page).not_to have_css(".header-dropdown-toggle.current-user")
|
|
expect(page).to have_css("input#login-account-name")
|
|
end
|
|
|
|
it "can view topics but sees staff only mode message when not logged in" do
|
|
page.visit topic.url
|
|
|
|
expect(page).to have_content(topic.title)
|
|
expect(page).to have_content(post.raw)
|
|
expect(page).to have_content(I18n.t("js.staff_writes_only_mode.enabled"))
|
|
end
|
|
end
|
|
end
|