Spiegel von
https://github.com/paviliondev/discourse-custom-wizard.git
synchronisiert 2024-11-24 02:10:29 +01:00
Ensure user is in permitted group before redirecting after time
Dieser Commit ist enthalten in:
Ursprung
83320e227c
Commit
1f3fe7a923
6 geänderte Dateien mit 66 neuen und 18 gelöschten Zeilen
1
Gemfile
1
Gemfile
|
@ -4,4 +4,5 @@ source 'https://rubygems.org'
|
|||
|
||||
group :development do
|
||||
gem 'rubocop-discourse'
|
||||
gem 'racc'
|
||||
end
|
||||
|
|
|
@ -6,6 +6,7 @@ GEM
|
|||
parallel (1.22.1)
|
||||
parser (3.1.2.1)
|
||||
ast (~> 2.4.1)
|
||||
racc (1.8.1)
|
||||
rainbow (3.1.1)
|
||||
regexp_parser (2.6.0)
|
||||
rexml (3.2.5)
|
||||
|
@ -33,6 +34,7 @@ PLATFORMS
|
|||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
racc
|
||||
rubocop-discourse
|
||||
|
||||
BUNDLED WITH
|
||||
|
|
|
@ -116,7 +116,7 @@ class CustomWizard::Template
|
|||
::CustomWizard::Cache.wrap(AFTER_TIME_CACHE_KEY) do
|
||||
list(
|
||||
setting: 'after_time',
|
||||
query_str: "AND (value::json ->> 'after_time_scheduled')::timestamp < CURRENT_TIMESTAMP"
|
||||
query_str: "AND (value::json ->> 'after_time_scheduled')::timestamp < '#{Time.now}'::timestamp"
|
||||
).map { |t| t['id'] }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -211,9 +211,9 @@ class CustomWizard::Wizard
|
|||
(step_ids - completed).empty?
|
||||
end
|
||||
|
||||
def permitted?
|
||||
def permitted?(always_allow_admin: true)
|
||||
return nil unless actor_id
|
||||
return true if user && (user.admin? || permitted.blank?)
|
||||
return true if user && ((always_allow_admin && user.admin?) || permitted.blank?)
|
||||
return false if !user && permitted.blank?
|
||||
|
||||
mapper = CustomWizard::Mapper.new(
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
# name: discourse-custom-wizard
|
||||
# about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
|
||||
# version: 2.8.2
|
||||
# version: 2.8.3
|
||||
# authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever, Juan Marcos Gutierrez Ramos
|
||||
# url: https://github.com/paviliondev/discourse-custom-wizard
|
||||
# contact_emails: development@pavilion.tech
|
||||
|
@ -180,7 +180,8 @@ after_initialize do
|
|||
CustomWizard::Wizard.set_wizard_redirect(current_user, wizard_id, url)
|
||||
end
|
||||
|
||||
redirect_to "/w/#{wizard_id.dasherize}"
|
||||
wizard = CustomWizard::Wizard.create(wizard_id, current_user)
|
||||
redirect_to "/w/#{wizard_id.dasherize}" if wizard.permitted?(always_allow_admin: false)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
describe ApplicationController do
|
||||
fab!(:user) { Fabricate(:user, username: 'angus', email: "angus@email.com", trust_level: TrustLevel[3]) }
|
||||
let(:wizard_template) { get_wizard_fixture("wizard") }
|
||||
let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
|
||||
|
||||
before do
|
||||
CustomWizard::Template.save(wizard_template, skip_jobs: true)
|
||||
|
@ -22,7 +23,7 @@ describe ApplicationController do
|
|||
|
||||
it "does not redirect if wizard if no after setting is enabled" do
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
|
||||
context "after signup enabled" do
|
||||
|
@ -34,7 +35,7 @@ describe ApplicationController do
|
|||
it "does not redirect if wizard does not exist" do
|
||||
CustomWizard::Template.remove(@template[:id])
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
|
||||
it "redirects if user is required to complete a wizard" do
|
||||
|
@ -50,7 +51,7 @@ describe ApplicationController do
|
|||
CustomWizard::Template.save(@template)
|
||||
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
|
||||
it "saves original destination of user" do
|
||||
|
@ -62,6 +63,7 @@ describe ApplicationController do
|
|||
end
|
||||
end
|
||||
|
||||
include ActiveSupport::Testing::TimeHelpers
|
||||
context "after time enabled" do
|
||||
before do
|
||||
@template["after_time"] = true
|
||||
|
@ -69,16 +71,58 @@ describe ApplicationController do
|
|||
CustomWizard::Template.save(@template)
|
||||
end
|
||||
|
||||
it "does not redirect if time hasn't passed" do
|
||||
context "when time hasn't passed" do
|
||||
it "does not redirect" do
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
end
|
||||
|
||||
context "when time has passed" do
|
||||
it "redirects if time has passed" do
|
||||
@template["after_time_scheduled"] = (Time.now - 1.hours).iso8601
|
||||
CustomWizard::Template.save(@template)
|
||||
travel_to Time.now + 4.hours
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
|
||||
context "when permitted is set" do
|
||||
before do
|
||||
enable_subscription("business")
|
||||
@template["permitted"] = permitted_json["permitted"]
|
||||
CustomWizard::Template.save(@template.as_json)
|
||||
end
|
||||
|
||||
context "when user is in permitted group" do
|
||||
it "redirects user" do
|
||||
travel_to Time.now + 4.hours
|
||||
get "/"
|
||||
expect(response).to redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
end
|
||||
|
||||
context "when user is not in permitted group" do
|
||||
before do
|
||||
Group.find(13).remove(user)
|
||||
end
|
||||
|
||||
it "does not redirect user" do
|
||||
travel_to Time.now + 4.hours
|
||||
user.trust_level = TrustLevel[2]
|
||||
user.save!
|
||||
get "/"
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
|
||||
it "does not redirect if user is an admin" do
|
||||
travel_to Time.now + 4.hours
|
||||
user.trust_level = TrustLevel[2]
|
||||
user.admin = true
|
||||
user.save!
|
||||
get "/"
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -86,7 +130,7 @@ describe ApplicationController do
|
|||
context "who is not required to complete wizard" do
|
||||
it "does nothing" do
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -94,7 +138,7 @@ describe ApplicationController do
|
|||
context "with guest" do
|
||||
it "does nothing" do
|
||||
get "/"
|
||||
expect(response.status).to eq(200)
|
||||
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Laden …
In neuem Issue referenzieren