1
0
Fork 0

Return wizard locales according to wizard permissions

Dieser Commit ist enthalten in:
Angus McLeod 2020-11-23 11:11:13 +11:00
Ursprung e066ee4b00
Commit 63a3115dda
2 geänderte Dateien mit 55 neuen und 27 gelöschten Zeilen

Datei anzeigen

@ -1,16 +1,11 @@
module ExtraLocalesControllerCustomWizard module ExtraLocalesControllerCustomWizard
def show private def valid_bundle?(bundle)
if request.referer && URI(request.referer).path.include?('/w/') super || begin
bundle = params[:bundle] return false unless bundle =~ /wizard/ && request.referer =~ /\/w\//
path = URI(request.referer).path
if params[:v]&.size == 32 wizard_id = path.split('/w/').last
hash = ::ExtraLocalesController.bundle_js_hash(bundle) wizard = CustomWizard::Wizard.create(wizard_id.underscore, current_user)
immutable_for(1.year) if hash == params[:v] wizard && wizard.can_access?
end
render plain: ::ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"
else
super
end end
end end
end end

Datei anzeigen

@ -1,26 +1,59 @@
require 'rails_helper' require 'rails_helper'
describe ExtraLocalesControllerCustomWizard, type: :request do describe ExtraLocalesControllerCustomWizard, type: :request do
before do let(:new_user) { Fabricate(:user, trust_level: TrustLevel[0]) }
CustomWizard::Template.save( let(:staff_user) { Fabricate(:moderator) }
let(:template) {
JSON.parse(File.open( JSON.parse(File.open(
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json" "#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
).read), ).read)
skip_jobs: true) }
let(:permitted) {
JSON.parse(File.open(
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard/permitted.json"
).read)
}
before do
CustomWizard::Template.save(template, skip_jobs: true)
end end
before do before do
@controller = ExtraLocalesController.new js_hash = ExtraLocalesController.bundle_js_hash("wizard")
@locale_url = "#{Discourse.base_path}/extra-locales/wizard?v=#{js_hash}"
end end
it "returns locales when requested by wizard" do it "generates the correct wizard locale url" do
@controller.request = ActionController::TestRequest.create(@controller.class) expect(ExtraLocalesController.url("wizard")).to eq(@locale_url)
@controller.request.env['HTTP_REFERER'] = "/w/super-mega-fun-wizard" end
expect( it "returns wizard locales when requested by user in wizard" do
ExtraLocalesController.url("wizard") sign_in(new_user)
).to eq(
"#{Discourse.base_path}/extra-locales/wizard?v=#{ExtraLocalesController.bundle_js_hash("wizard")}" get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
) expect(response.status).to eq(200)
end
it "doesnt return wizard locales if user cant access wizard" do
template[:permitted] = permitted["permitted"]
CustomWizard::Template.save(template.as_json)
sign_in(new_user)
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
expect(response.status).to eq(403)
end
it "doesnt return wizard locales to non-staff when requested outside of wizard" do
sign_in(new_user)
get @locale_url
expect(response.status).to eq(403)
end
it "returns wizard locales to staff when requested outside of wizard" do
sign_in(staff_user)
get @locale_url
expect(response.status).to eq(200)
end end
end end