From 092947f68b3ba1f526f03bc5a563d88e8f741d8c Mon Sep 17 00:00:00 2001 From: merefield Date: Fri, 10 Mar 2023 12:43:37 +0000 Subject: [PATCH] FIX: regular users can't access wizard with guest permissions --- lib/custom_wizard/wizard.rb | 1 + spec/components/custom_wizard/wizard_spec.rb | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/lib/custom_wizard/wizard.rb b/lib/custom_wizard/wizard.rb index c815c764..4ed4037d 100644 --- a/lib/custom_wizard/wizard.rb +++ b/lib/custom_wizard/wizard.rb @@ -230,6 +230,7 @@ class CustomWizard::Wizard m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID) else if m[:type] === 'assignment' + [*m[:result]].include?(GUEST_GROUP_ID) || [*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) || GroupUser.exists?(group_id: m[:result], user_id: user.id) elsif m[:type] === 'validation' diff --git a/spec/components/custom_wizard/wizard_spec.rb b/spec/components/custom_wizard/wizard_spec.rb index ed6ebbea..59c0c8c9 100644 --- a/spec/components/custom_wizard/wizard_spec.rb +++ b/spec/components/custom_wizard/wizard_spec.rb @@ -6,11 +6,14 @@ describe CustomWizard::Wizard do fab!(:admin_user) { Fabricate(:user, admin: true) } let(:template_json) { get_wizard_fixture("wizard") } let(:permitted_json) { get_wizard_fixture("wizard/permitted") } + let(:guests_permitted_json) { get_wizard_fixture("wizard/guests_permitted") } before do Group.refresh_automatic_group!(:trust_level_3) @permitted_template = template_json.dup @permitted_template["permitted"] = permitted_json["permitted"] + @guests_permitted_template = template_json.dup + @guests_permitted_template["permitted"] = guests_permitted_json["permitted"] @wizard = CustomWizard::Wizard.new(template_json, user) end @@ -128,6 +131,9 @@ describe CustomWizard::Wizard do expect( CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted? ).to eq(true) + expect( + CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted? + ).to eq(true) end it "permits everyone if everyone is permitted" do