Return wizard locales according to wizard permissions
Dieser Commit ist enthalten in:
Ursprung
e066ee4b00
Commit
63a3115dda
2 geänderte Dateien mit 55 neuen und 27 gelöschten Zeilen
|
@ -1,16 +1,11 @@
|
|||
module ExtraLocalesControllerCustomWizard
|
||||
def show
|
||||
if request.referer && URI(request.referer).path.include?('/w/')
|
||||
bundle = params[:bundle]
|
||||
|
||||
if params[:v]&.size == 32
|
||||
hash = ::ExtraLocalesController.bundle_js_hash(bundle)
|
||||
immutable_for(1.year) if hash == params[:v]
|
||||
end
|
||||
|
||||
render plain: ::ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"
|
||||
else
|
||||
super
|
||||
private def valid_bundle?(bundle)
|
||||
super || begin
|
||||
return false unless bundle =~ /wizard/ && request.referer =~ /\/w\//
|
||||
path = URI(request.referer).path
|
||||
wizard_id = path.split('/w/').last
|
||||
wizard = CustomWizard::Wizard.create(wizard_id.underscore, current_user)
|
||||
wizard && wizard.can_access?
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,26 +1,59 @@
|
|||
require 'rails_helper'
|
||||
|
||||
describe ExtraLocalesControllerCustomWizard, type: :request do
|
||||
let(:new_user) { Fabricate(:user, trust_level: TrustLevel[0]) }
|
||||
let(:staff_user) { Fabricate(:moderator) }
|
||||
|
||||
let(:template) {
|
||||
JSON.parse(File.open(
|
||||
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
|
||||
).read)
|
||||
}
|
||||
|
||||
let(:permitted) {
|
||||
JSON.parse(File.open(
|
||||
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard/permitted.json"
|
||||
).read)
|
||||
}
|
||||
|
||||
before do
|
||||
CustomWizard::Template.save(
|
||||
JSON.parse(File.open(
|
||||
"#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard.json"
|
||||
).read),
|
||||
skip_jobs: true)
|
||||
CustomWizard::Template.save(template, skip_jobs: true)
|
||||
end
|
||||
|
||||
before do
|
||||
@controller = ExtraLocalesController.new
|
||||
js_hash = ExtraLocalesController.bundle_js_hash("wizard")
|
||||
@locale_url = "#{Discourse.base_path}/extra-locales/wizard?v=#{js_hash}"
|
||||
end
|
||||
|
||||
it "returns locales when requested by wizard" do
|
||||
@controller.request = ActionController::TestRequest.create(@controller.class)
|
||||
@controller.request.env['HTTP_REFERER'] = "/w/super-mega-fun-wizard"
|
||||
it "generates the correct wizard locale url" do
|
||||
expect(ExtraLocalesController.url("wizard")).to eq(@locale_url)
|
||||
end
|
||||
|
||||
expect(
|
||||
ExtraLocalesController.url("wizard")
|
||||
).to eq(
|
||||
"#{Discourse.base_path}/extra-locales/wizard?v=#{ExtraLocalesController.bundle_js_hash("wizard")}"
|
||||
)
|
||||
it "returns wizard locales when requested by user in wizard" do
|
||||
sign_in(new_user)
|
||||
|
||||
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it "doesnt return wizard locales if user cant access wizard" do
|
||||
template[:permitted] = permitted["permitted"]
|
||||
CustomWizard::Template.save(template.as_json)
|
||||
|
||||
sign_in(new_user)
|
||||
get @locale_url, headers: { 'REFERER' => "/w/super-mega-fun-wizard" }
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
||||
it "doesnt return wizard locales to non-staff when requested outside of wizard" do
|
||||
sign_in(new_user)
|
||||
get @locale_url
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
||||
it "returns wizard locales to staff when requested outside of wizard" do
|
||||
sign_in(staff_user)
|
||||
get @locale_url
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
end
|
Laden …
In neuem Issue referenzieren