Return wizard locales according to wizard permissions
Dieser Commit ist enthalten in:
Ursprung
e066ee4b00
Commit
63a3115dda
2 geänderte Dateien mit 55 neuen und 27 gelöschten Zeilen
|
@ -1,16 +1,11 @@
|
||||||
module ExtraLocalesControllerCustomWizard
|
module ExtraLocalesControllerCustomWizard
|
||||||
def show
|
private def valid_bundle?(bundle)
|
||||||
if request.referer && URI(request.referer).path.include?('/w/')
|
super || begin
|
||||||
bundle = params[:bundle]
|
return false unless bundle =~ /wizard/ && request.referer =~ /\/w\//
|
||||||
|
path = URI(request.referer).path
|
||||||
if params[:v]&.size == 32
|
wizard_id = path.split('/w/').last
|
||||||
hash = ::ExtraLocalesController.bundle_js_hash(bundle)
|
wizard = CustomWizard::Wizard.create(wizard_id.underscore, current_user)
|
||||||
immutable_for(1.year) if hash == params[:v]
|
wizard && wizard.can_access?
|
||||||
end
|
|
||||||
|
|
||||||
render plain: ::ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"
|
|
||||||
else
|
|
||||||
super
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
|
@ -1,26 +1,59 @@
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
|
|
||||||
describe ExtraLocalesControllerCustomWizard, type: :request do
|
describe ExtraLocalesControllerCustomWizard, type: :request do
|
||||||
before do
|
let(:new_user) { Fabricate(:user, trust_level: TrustLevel[0]) }
|
||||||
CustomWizard::Template.save(
|
let(:staff_user) { Fabricate(:moderator) }
|
||||||
|
|
||||||
|
let(:template) {
|
||||||
JSON.parse(File.open(
|
JSON.parse(File.open(
|
||||||
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
|
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
|
||||||
).read),
|
).read)
|
||||||
skip_jobs: true)
|
}
|
||||||
|
|
||||||
|
let(:permitted) {
|
||||||
|
JSON.parse(File.open(
|
||||||
|
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard/permitted.json"
|
||||||
|
).read)
|
||||||
|
}
|
||||||
|
|
||||||
|
before do
|
||||||
|
CustomWizard::Template.save(template, skip_jobs: true)
|
||||||
end
|
end
|
||||||
|
|
||||||
before do
|
before do
|
||||||
@controller = ExtraLocalesController.new
|
js_hash = ExtraLocalesController.bundle_js_hash("wizard")
|
||||||
|
@locale_url = "#{Discourse.base_path}/extra-locales/wizard?v=#{js_hash}"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "returns locales when requested by wizard" do
|
it "generates the correct wizard locale url" do
|
||||||
@controller.request = ActionController::TestRequest.create(@controller.class)
|
expect(ExtraLocalesController.url("wizard")).to eq(@locale_url)
|
||||||
@controller.request.env['HTTP_REFERER'] = "/w/super-mega-fun-wizard"
|
end
|
||||||
|
|
||||||
expect(
|
it "returns wizard locales when requested by user in wizard" do
|
||||||
ExtraLocalesController.url("wizard")
|
sign_in(new_user)
|
||||||
).to eq(
|
|
||||||
"#{Discourse.base_path}/extra-locales/wizard?v=#{ExtraLocalesController.bundle_js_hash("wizard")}"
|
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
|
||||||
)
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesnt return wizard locales if user cant access wizard" do
|
||||||
|
template[:permitted] = permitted["permitted"]
|
||||||
|
CustomWizard::Template.save(template.as_json)
|
||||||
|
|
||||||
|
sign_in(new_user)
|
||||||
|
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesnt return wizard locales to non-staff when requested outside of wizard" do
|
||||||
|
sign_in(new_user)
|
||||||
|
get @locale_url
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns wizard locales to staff when requested outside of wizard" do
|
||||||
|
sign_in(staff_user)
|
||||||
|
get @locale_url
|
||||||
|
expect(response.status).to eq(200)
|
||||||
end
|
end
|
||||||
end
|
end
|
Laden …
In neuem Issue referenzieren