Merge pull request #121 from paviliondev/cant_access_skip_bugfix

Cant access skip bugfix
2024-11-22 09:20:29 +01:00 · 2021-06-16 14:41:49 +10:00 · 2021-06-16 14:41:49 +10:00 · b2ed2c1dc7
Commit b2ed2c1dc7
--- a/controllers/custom_wizard/wizard.rb
+++ b/controllers/custom_wizard/wizard.rb
@ -61,7 +61,7 @@ class CustomWizard::WizardController < ::ApplicationController
    result = success_json
    user = current_user

-    if user
+    if user && wizard.can_access?
      submission = wizard.current_submission
      if submission && submission['redirect_to']
        result.merge!(redirect_to: submission['redirect_to'])
--- a/spec/requests/custom_wizard/wizard_controller_spec.rb
+++ b/spec/requests/custom_wizard/wizard_controller_spec.rb
@ -11,6 +11,14 @@ describe CustomWizard::WizardController do
    )
  }

+  let(:permitted_json) {
+    JSON.parse(
+      File.open(
+        "#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard/permitted.json"
+      ).read
+    )
+  }
+
  before do
    CustomWizard::Template.save(
      JSON.parse(File.open(
@ -47,6 +55,14 @@ describe CustomWizard::WizardController do
    expect(response.status).to eq(200)
  end

+  it 'lets user skip if user cant access wizard' do
+    @template["permitted"] = permitted_json["permitted"]
+    CustomWizard::Template.save(@template, skip_jobs: true)
+
+    put '/w/super-mega-fun-wizard/skip.json'
+    expect(response.status).to eq(200)
+  end
+
  it 'returns a no skip message if user is not allowed to skip' do
    @template['required'] = 'true'
    CustomWizard::Template.save(@template)