0
0
Fork 1
Spiegel von https://github.com/paviliondev/discourse-custom-wizard.git synchronisiert 2024-11-24 02:10:29 +01:00

Ensure user is in permitted group before redirecting after time

Dieser Commit ist enthalten in:
Angus McLeod 2024-09-24 13:39:25 +02:00
Ursprung 83320e227c
Commit 1f3fe7a923
6 geänderte Dateien mit 66 neuen und 18 gelöschten Zeilen

Datei anzeigen

@ -4,4 +4,5 @@ source 'https://rubygems.org'
group :development do
gem 'rubocop-discourse'
gem 'racc'
end

Datei anzeigen

@ -6,6 +6,7 @@ GEM
parallel (1.22.1)
parser (3.1.2.1)
ast (~> 2.4.1)
racc (1.8.1)
rainbow (3.1.1)
regexp_parser (2.6.0)
rexml (3.2.5)
@ -33,6 +34,7 @@ PLATFORMS
ruby
DEPENDENCIES
racc
rubocop-discourse
BUNDLED WITH

Datei anzeigen

@ -116,7 +116,7 @@ class CustomWizard::Template
::CustomWizard::Cache.wrap(AFTER_TIME_CACHE_KEY) do
list(
setting: 'after_time',
query_str: "AND (value::json ->> 'after_time_scheduled')::timestamp < CURRENT_TIMESTAMP"
query_str: "AND (value::json ->> 'after_time_scheduled')::timestamp < '#{Time.now}'::timestamp"
).map { |t| t['id'] }
end
end

Datei anzeigen

@ -211,9 +211,9 @@ class CustomWizard::Wizard
(step_ids - completed).empty?
end
def permitted?
def permitted?(always_allow_admin: true)
return nil unless actor_id
return true if user && (user.admin? || permitted.blank?)
return true if user && ((always_allow_admin && user.admin?) || permitted.blank?)
return false if !user && permitted.blank?
mapper = CustomWizard::Mapper.new(

Datei anzeigen

@ -1,7 +1,7 @@
# frozen_string_literal: true
# name: discourse-custom-wizard
# about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
# version: 2.8.2
# version: 2.8.3
# authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever, Juan Marcos Gutierrez Ramos
# url: https://github.com/paviliondev/discourse-custom-wizard
# contact_emails: development@pavilion.tech
@ -180,7 +180,8 @@ after_initialize do
CustomWizard::Wizard.set_wizard_redirect(current_user, wizard_id, url)
end
redirect_to "/w/#{wizard_id.dasherize}"
wizard = CustomWizard::Wizard.create(wizard_id, current_user)
redirect_to "/w/#{wizard_id.dasherize}" if wizard.permitted?(always_allow_admin: false)
end
end
end

Datei anzeigen

@ -3,6 +3,7 @@
describe ApplicationController do
fab!(:user) { Fabricate(:user, username: 'angus', email: "angus@email.com", trust_level: TrustLevel[3]) }
let(:wizard_template) { get_wizard_fixture("wizard") }
let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
before do
CustomWizard::Template.save(wizard_template, skip_jobs: true)
@ -22,7 +23,7 @@ describe ApplicationController do
it "does not redirect if wizard if no after setting is enabled" do
get "/"
expect(response.status).to eq(200)
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
context "after signup enabled" do
@ -34,7 +35,7 @@ describe ApplicationController do
it "does not redirect if wizard does not exist" do
CustomWizard::Template.remove(@template[:id])
get "/"
expect(response.status).to eq(200)
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
it "redirects if user is required to complete a wizard" do
@ -50,7 +51,7 @@ describe ApplicationController do
CustomWizard::Template.save(@template)
get "/"
expect(response.status).to eq(200)
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
it "saves original destination of user" do
@ -62,6 +63,7 @@ describe ApplicationController do
end
end
include ActiveSupport::Testing::TimeHelpers
context "after time enabled" do
before do
@template["after_time"] = true
@ -69,16 +71,58 @@ describe ApplicationController do
CustomWizard::Template.save(@template)
end
it "does not redirect if time hasn't passed" do
context "when time hasn't passed" do
it "does not redirect" do
get "/"
expect(response.status).to eq(200)
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
end
context "when time has passed" do
it "redirects if time has passed" do
@template["after_time_scheduled"] = (Time.now - 1.hours).iso8601
CustomWizard::Template.save(@template)
travel_to Time.now + 4.hours
get "/"
expect(response.status).to eq(200)
expect(response).to redirect_to("/w/super-mega-fun-wizard")
end
context "when permitted is set" do
before do
enable_subscription("business")
@template["permitted"] = permitted_json["permitted"]
CustomWizard::Template.save(@template.as_json)
end
context "when user is in permitted group" do
it "redirects user" do
travel_to Time.now + 4.hours
get "/"
expect(response).to redirect_to("/w/super-mega-fun-wizard")
end
end
context "when user is not in permitted group" do
before do
Group.find(13).remove(user)
end
it "does not redirect user" do
travel_to Time.now + 4.hours
user.trust_level = TrustLevel[2]
user.save!
get "/"
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
it "does not redirect if user is an admin" do
travel_to Time.now + 4.hours
user.trust_level = TrustLevel[2]
user.admin = true
user.save!
get "/"
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
end
end
end
end
end
@ -86,7 +130,7 @@ describe ApplicationController do
context "who is not required to complete wizard" do
it "does nothing" do
get "/"
expect(response.status).to eq(200)
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
end
end
@ -94,7 +138,7 @@ describe ApplicationController do
context "with guest" do
it "does nothing" do
get "/"
expect(response.status).to eq(200)
expect(response).to_not redirect_to("/w/super-mega-fun-wizard")
end
end
end