Spiegel von
https://github.com/paviliondev/discourse-custom-wizard.git
synchronisiert 2024-11-24 10:20:28 +01:00
Ensure user is in permitted group before redirecting after time
Dieser Commit ist enthalten in:
Ursprung
83320e227c
Commit
1f3fe7a923
6 geänderte Dateien mit 66 neuen und 18 gelöschten Zeilen
1
Gemfile
1
Gemfile
|
@ -4,4 +4,5 @@ source 'https://rubygems.org'
|
||||||
|
|
||||||
group :development do
|
group :development do
|
||||||
gem 'rubocop-discourse'
|
gem 'rubocop-discourse'
|
||||||
|
gem 'racc'
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,7 @@ GEM
|
||||||
parallel (1.22.1)
|
parallel (1.22.1)
|
||||||
parser (3.1.2.1)
|
parser (3.1.2.1)
|
||||||
ast (~> 2.4.1)
|
ast (~> 2.4.1)
|
||||||
|
racc (1.8.1)
|
||||||
rainbow (3.1.1)
|
rainbow (3.1.1)
|
||||||
regexp_parser (2.6.0)
|
regexp_parser (2.6.0)
|
||||||
rexml (3.2.5)
|
rexml (3.2.5)
|
||||||
|
@ -33,6 +34,7 @@ PLATFORMS
|
||||||
ruby
|
ruby
|
||||||
|
|
||||||
DEPENDENCIES
|
DEPENDENCIES
|
||||||
|
racc
|
||||||
rubocop-discourse
|
rubocop-discourse
|
||||||
|
|
||||||
BUNDLED WITH
|
BUNDLED WITH
|
||||||
|
|
|
@ -116,7 +116,7 @@ class CustomWizard::Template
|
||||||
::CustomWizard::Cache.wrap(AFTER_TIME_CACHE_KEY) do
|
::CustomWizard::Cache.wrap(AFTER_TIME_CACHE_KEY) do
|
||||||
list(
|
list(
|
||||||
setting: 'after_time',
|
setting: 'after_time',
|
||||||
query_str: "AND (value::json ->> 'after_time_scheduled')::timestamp < CURRENT_TIMESTAMP"
|
query_str: "AND (value::json ->> 'after_time_scheduled')::timestamp < '#{Time.now}'::timestamp"
|
||||||
).map { |t| t['id'] }
|
).map { |t| t['id'] }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -211,9 +211,9 @@ class CustomWizard::Wizard
|
||||||
(step_ids - completed).empty?
|
(step_ids - completed).empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
def permitted?
|
def permitted?(always_allow_admin: true)
|
||||||
return nil unless actor_id
|
return nil unless actor_id
|
||||||
return true if user && (user.admin? || permitted.blank?)
|
return true if user && ((always_allow_admin && user.admin?) || permitted.blank?)
|
||||||
return false if !user && permitted.blank?
|
return false if !user && permitted.blank?
|
||||||
|
|
||||||
mapper = CustomWizard::Mapper.new(
|
mapper = CustomWizard::Mapper.new(
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
# name: discourse-custom-wizard
|
# name: discourse-custom-wizard
|
||||||
# about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
|
# about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
|
||||||
# version: 2.8.2
|
# version: 2.8.3
|
||||||
# authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever, Juan Marcos Gutierrez Ramos
|
# authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever, Juan Marcos Gutierrez Ramos
|
||||||
# url: https://github.com/paviliondev/discourse-custom-wizard
|
# url: https://github.com/paviliondev/discourse-custom-wizard
|
||||||
# contact_emails: development@pavilion.tech
|
# contact_emails: development@pavilion.tech
|
||||||
|
@ -180,7 +180,8 @@ after_initialize do
|
||||||
CustomWizard::Wizard.set_wizard_redirect(current_user, wizard_id, url)
|
CustomWizard::Wizard.set_wizard_redirect(current_user, wizard_id, url)
|
||||||
end
|
end
|
||||||
|
|
||||||
redirect_to "/w/#{wizard_id.dasherize}"
|
wizard = CustomWizard::Wizard.create(wizard_id, current_user)
|
||||||
|
redirect_to "/w/#{wizard_id.dasherize}" if wizard.permitted?(always_allow_admin: false)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
describe ApplicationController do
|
describe ApplicationController do
|
||||||
fab!(:user) { Fabricate(:user, username: 'angus', email: "angus@email.com", trust_level: TrustLevel[3]) }
|
fab!(:user) { Fabricate(:user, username: 'angus', email: "angus@email.com", trust_level: TrustLevel[3]) }
|
||||||
let(:wizard_template) { get_wizard_fixture("wizard") }
|
let(:wizard_template) { get_wizard_fixture("wizard") }
|
||||||
|
let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
CustomWizard::Template.save(wizard_template, skip_jobs: true)
|
CustomWizard::Template.save(wizard_template, skip_jobs: true)
|
||||||
|
@ -22,7 +23,7 @@ describe ApplicationController do
|
||||||
|
|
||||||
it "does not redirect if wizard if no after setting is enabled" do
|
it "does not redirect if wizard if no after setting is enabled" do
|
||||||
get "/"
|
get "/"
|
||||||
expect(response.status).to eq(200)
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
end
|
end
|
||||||
|
|
||||||
context "after signup enabled" do
|
context "after signup enabled" do
|
||||||
|
@ -34,7 +35,7 @@ describe ApplicationController do
|
||||||
it "does not redirect if wizard does not exist" do
|
it "does not redirect if wizard does not exist" do
|
||||||
CustomWizard::Template.remove(@template[:id])
|
CustomWizard::Template.remove(@template[:id])
|
||||||
get "/"
|
get "/"
|
||||||
expect(response.status).to eq(200)
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
end
|
end
|
||||||
|
|
||||||
it "redirects if user is required to complete a wizard" do
|
it "redirects if user is required to complete a wizard" do
|
||||||
|
@ -50,7 +51,7 @@ describe ApplicationController do
|
||||||
CustomWizard::Template.save(@template)
|
CustomWizard::Template.save(@template)
|
||||||
|
|
||||||
get "/"
|
get "/"
|
||||||
expect(response.status).to eq(200)
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
end
|
end
|
||||||
|
|
||||||
it "saves original destination of user" do
|
it "saves original destination of user" do
|
||||||
|
@ -62,6 +63,7 @@ describe ApplicationController do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
include ActiveSupport::Testing::TimeHelpers
|
||||||
context "after time enabled" do
|
context "after time enabled" do
|
||||||
before do
|
before do
|
||||||
@template["after_time"] = true
|
@template["after_time"] = true
|
||||||
|
@ -69,16 +71,58 @@ describe ApplicationController do
|
||||||
CustomWizard::Template.save(@template)
|
CustomWizard::Template.save(@template)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "does not redirect if time hasn't passed" do
|
context "when time hasn't passed" do
|
||||||
get "/"
|
it "does not redirect" do
|
||||||
expect(response.status).to eq(200)
|
get "/"
|
||||||
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it "redirects if time has passed" do
|
context "when time has passed" do
|
||||||
@template["after_time_scheduled"] = (Time.now - 1.hours).iso8601
|
it "redirects if time has passed" do
|
||||||
CustomWizard::Template.save(@template)
|
travel_to Time.now + 4.hours
|
||||||
get "/"
|
get "/"
|
||||||
expect(response.status).to eq(200)
|
expect(response).to redirect_to("/w/super-mega-fun-wizard")
|
||||||
|
end
|
||||||
|
|
||||||
|
context "when permitted is set" do
|
||||||
|
before do
|
||||||
|
enable_subscription("business")
|
||||||
|
@template["permitted"] = permitted_json["permitted"]
|
||||||
|
CustomWizard::Template.save(@template.as_json)
|
||||||
|
end
|
||||||
|
|
||||||
|
context "when user is in permitted group" do
|
||||||
|
it "redirects user" do
|
||||||
|
travel_to Time.now + 4.hours
|
||||||
|
get "/"
|
||||||
|
expect(response).to redirect_to("/w/super-mega-fun-wizard")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "when user is not in permitted group" do
|
||||||
|
before do
|
||||||
|
Group.find(13).remove(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "does not redirect user" do
|
||||||
|
travel_to Time.now + 4.hours
|
||||||
|
user.trust_level = TrustLevel[2]
|
||||||
|
user.save!
|
||||||
|
get "/"
|
||||||
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "does not redirect if user is an admin" do
|
||||||
|
travel_to Time.now + 4.hours
|
||||||
|
user.trust_level = TrustLevel[2]
|
||||||
|
user.admin = true
|
||||||
|
user.save!
|
||||||
|
get "/"
|
||||||
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -86,7 +130,7 @@ describe ApplicationController do
|
||||||
context "who is not required to complete wizard" do
|
context "who is not required to complete wizard" do
|
||||||
it "does nothing" do
|
it "does nothing" do
|
||||||
get "/"
|
get "/"
|
||||||
expect(response.status).to eq(200)
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -94,7 +138,7 @@ describe ApplicationController do
|
||||||
context "with guest" do
|
context "with guest" do
|
||||||
it "does nothing" do
|
it "does nothing" do
|
||||||
get "/"
|
get "/"
|
||||||
expect(response.status).to eq(200)
|
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Laden …
In neuem Issue referenzieren