1
0
Fork 0

Return wizard locales according to wizard permissions

Dieser Commit ist enthalten in:
Angus McLeod 2020-11-23 11:11:13 +11:00
Ursprung e066ee4b00
Commit 63a3115dda
2 geänderte Dateien mit 55 neuen und 27 gelöschten Zeilen

Datei anzeigen

@ -1,16 +1,11 @@
module ExtraLocalesControllerCustomWizard
def show
if request.referer && URI(request.referer).path.include?('/w/')
bundle = params[:bundle]
if params[:v]&.size == 32
hash = ::ExtraLocalesController.bundle_js_hash(bundle)
immutable_for(1.year) if hash == params[:v]
end
render plain: ::ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"
else
super
private def valid_bundle?(bundle)
super || begin
return false unless bundle =~ /wizard/ && request.referer =~ /\/w\//
path = URI(request.referer).path
wizard_id = path.split('/w/').last
wizard = CustomWizard::Wizard.create(wizard_id.underscore, current_user)
wizard && wizard.can_access?
end
end
end

Datei anzeigen

@ -1,26 +1,59 @@
require 'rails_helper'
describe ExtraLocalesControllerCustomWizard, type: :request do
let(:new_user) { Fabricate(:user, trust_level: TrustLevel[0]) }
let(:staff_user) { Fabricate(:moderator) }
let(:template) {
JSON.parse(File.open(
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
).read)
}
let(:permitted) {
JSON.parse(File.open(
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard/permitted.json"
).read)
}
before do
CustomWizard::Template.save(
JSON.parse(File.open(
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
).read),
skip_jobs: true)
CustomWizard::Template.save(template, skip_jobs: true)
end
before do
@controller = ExtraLocalesController.new
js_hash = ExtraLocalesController.bundle_js_hash("wizard")
@locale_url = "#{Discourse.base_path}/extra-locales/wizard?v=#{js_hash}"
end
it "returns locales when requested by wizard" do
@controller.request = ActionController::TestRequest.create(@controller.class)
@controller.request.env['HTTP_REFERER'] = "/w/super-mega-fun-wizard"
expect(
ExtraLocalesController.url("wizard")
).to eq(
"#{Discourse.base_path}/extra-locales/wizard?v=#{ExtraLocalesController.bundle_js_hash("wizard")}"
)
it "generates the correct wizard locale url" do
expect(ExtraLocalesController.url("wizard")).to eq(@locale_url)
end
it "returns wizard locales when requested by user in wizard" do
sign_in(new_user)
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
expect(response.status).to eq(200)
end
it "doesnt return wizard locales if user cant access wizard" do
template[:permitted] = permitted["permitted"]
CustomWizard::Template.save(template.as_json)
sign_in(new_user)
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
expect(response.status).to eq(403)
end
it "doesnt return wizard locales to non-staff when requested outside of wizard" do
sign_in(new_user)
get @locale_url
expect(response.status).to eq(403)
end
it "returns wizard locales to staff when requested outside of wizard" do
sign_in(staff_user)
get @locale_url
expect(response.status).to eq(200)
end
end