1
0
Fork 0

FIX: regular users can't access wizard with guest permissions

Dieser Commit ist enthalten in:
merefield 2023-03-10 12:43:37 +00:00
Ursprung 643c5ecff0
Commit 092947f68b
2 geänderte Dateien mit 7 neuen und 0 gelöschten Zeilen

Datei anzeigen

@ -230,6 +230,7 @@ class CustomWizard::Wizard
m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID)
else
if m[:type] === 'assignment'
[*m[:result]].include?(GUEST_GROUP_ID) ||
[*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) ||
GroupUser.exists?(group_id: m[:result], user_id: user.id)
elsif m[:type] === 'validation'

Datei anzeigen

@ -6,11 +6,14 @@ describe CustomWizard::Wizard do
fab!(:admin_user) { Fabricate(:user, admin: true) }
let(:template_json) { get_wizard_fixture("wizard") }
let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
let(:guests_permitted_json) { get_wizard_fixture("wizard/guests_permitted") }
before do
Group.refresh_automatic_group!(:trust_level_3)
@permitted_template = template_json.dup
@permitted_template["permitted"] = permitted_json["permitted"]
@guests_permitted_template = template_json.dup
@guests_permitted_template["permitted"] = guests_permitted_json["permitted"]
@wizard = CustomWizard::Wizard.new(template_json, user)
end
@ -128,6 +131,9 @@ describe CustomWizard::Wizard do
expect(
CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted?
).to eq(true)
expect(
CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted?
).to eq(true)
end
it "permits everyone if everyone is permitted" do