1
0
Fork 0

FIX: regular users can't access wizard with guest permissions

Dieser Commit ist enthalten in:
merefield 2023-03-10 12:43:37 +00:00
Ursprung 643c5ecff0
Commit 092947f68b
2 geänderte Dateien mit 7 neuen und 0 gelöschten Zeilen

Datei anzeigen

@ -230,6 +230,7 @@ class CustomWizard::Wizard
m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID) m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID)
else else
if m[:type] === 'assignment' if m[:type] === 'assignment'
[*m[:result]].include?(GUEST_GROUP_ID) ||
[*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) || [*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) ||
GroupUser.exists?(group_id: m[:result], user_id: user.id) GroupUser.exists?(group_id: m[:result], user_id: user.id)
elsif m[:type] === 'validation' elsif m[:type] === 'validation'

Datei anzeigen

@ -6,11 +6,14 @@ describe CustomWizard::Wizard do
fab!(:admin_user) { Fabricate(:user, admin: true) } fab!(:admin_user) { Fabricate(:user, admin: true) }
let(:template_json) { get_wizard_fixture("wizard") } let(:template_json) { get_wizard_fixture("wizard") }
let(:permitted_json) { get_wizard_fixture("wizard/permitted") } let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
let(:guests_permitted_json) { get_wizard_fixture("wizard/guests_permitted") }
before do before do
Group.refresh_automatic_group!(:trust_level_3) Group.refresh_automatic_group!(:trust_level_3)
@permitted_template = template_json.dup @permitted_template = template_json.dup
@permitted_template["permitted"] = permitted_json["permitted"] @permitted_template["permitted"] = permitted_json["permitted"]
@guests_permitted_template = template_json.dup
@guests_permitted_template["permitted"] = guests_permitted_json["permitted"]
@wizard = CustomWizard::Wizard.new(template_json, user) @wizard = CustomWizard::Wizard.new(template_json, user)
end end
@ -128,6 +131,9 @@ describe CustomWizard::Wizard do
expect( expect(
CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted? CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted?
).to eq(true) ).to eq(true)
expect(
CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted?
).to eq(true)
end end
it "permits everyone if everyone is permitted" do it "permits everyone if everyone is permitted" do