FIX: regular users can't access wizard with guest permissions
Dieser Commit ist enthalten in:
Ursprung
643c5ecff0
Commit
092947f68b
2 geänderte Dateien mit 7 neuen und 0 gelöschten Zeilen
|
@ -230,6 +230,7 @@ class CustomWizard::Wizard
|
|||
m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID)
|
||||
else
|
||||
if m[:type] === 'assignment'
|
||||
[*m[:result]].include?(GUEST_GROUP_ID) ||
|
||||
[*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) ||
|
||||
GroupUser.exists?(group_id: m[:result], user_id: user.id)
|
||||
elsif m[:type] === 'validation'
|
||||
|
|
|
@ -6,11 +6,14 @@ describe CustomWizard::Wizard do
|
|||
fab!(:admin_user) { Fabricate(:user, admin: true) }
|
||||
let(:template_json) { get_wizard_fixture("wizard") }
|
||||
let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
|
||||
let(:guests_permitted_json) { get_wizard_fixture("wizard/guests_permitted") }
|
||||
|
||||
before do
|
||||
Group.refresh_automatic_group!(:trust_level_3)
|
||||
@permitted_template = template_json.dup
|
||||
@permitted_template["permitted"] = permitted_json["permitted"]
|
||||
@guests_permitted_template = template_json.dup
|
||||
@guests_permitted_template["permitted"] = guests_permitted_json["permitted"]
|
||||
@wizard = CustomWizard::Wizard.new(template_json, user)
|
||||
end
|
||||
|
||||
|
@ -128,6 +131,9 @@ describe CustomWizard::Wizard do
|
|||
expect(
|
||||
CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted?
|
||||
).to eq(true)
|
||||
expect(
|
||||
CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted?
|
||||
).to eq(true)
|
||||
end
|
||||
|
||||
it "permits everyone if everyone is permitted" do
|
||||
|
|
Laden …
In neuem Issue referenzieren