From 092947f68b3ba1f526f03bc5a563d88e8f741d8c Mon Sep 17 00:00:00 2001
From: merefield <merefield@gmail.com>
Date: Fri, 10 Mar 2023 12:43:37 +0000
Subject: [PATCH 1/4] FIX: regular users can't access wizard with guest
 permissions

---
 lib/custom_wizard/wizard.rb                  | 1 +
 spec/components/custom_wizard/wizard_spec.rb | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/lib/custom_wizard/wizard.rb b/lib/custom_wizard/wizard.rb
index c815c764..4ed4037d 100644
--- a/lib/custom_wizard/wizard.rb
+++ b/lib/custom_wizard/wizard.rb
@@ -230,6 +230,7 @@ class CustomWizard::Wizard
         m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID)
       else
         if m[:type] === 'assignment'
+          [*m[:result]].include?(GUEST_GROUP_ID) ||
           [*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) ||
           GroupUser.exists?(group_id: m[:result], user_id: user.id)
         elsif m[:type] === 'validation'
diff --git a/spec/components/custom_wizard/wizard_spec.rb b/spec/components/custom_wizard/wizard_spec.rb
index ed6ebbea..59c0c8c9 100644
--- a/spec/components/custom_wizard/wizard_spec.rb
+++ b/spec/components/custom_wizard/wizard_spec.rb
@@ -6,11 +6,14 @@ describe CustomWizard::Wizard do
   fab!(:admin_user) { Fabricate(:user, admin: true) }
   let(:template_json) { get_wizard_fixture("wizard") }
   let(:permitted_json) { get_wizard_fixture("wizard/permitted") }
+  let(:guests_permitted_json) { get_wizard_fixture("wizard/guests_permitted") }
 
   before do
     Group.refresh_automatic_group!(:trust_level_3)
     @permitted_template = template_json.dup
     @permitted_template["permitted"] = permitted_json["permitted"]
+    @guests_permitted_template = template_json.dup
+    @guests_permitted_template["permitted"] = guests_permitted_json["permitted"]
     @wizard = CustomWizard::Wizard.new(template_json, user)
   end
 
@@ -128,6 +131,9 @@ describe CustomWizard::Wizard do
       expect(
         CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted?
       ).to eq(true)
+      expect(
+        CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted?
+      ).to eq(true)
     end
 
     it "permits everyone if everyone is permitted" do

From 9e59b73ebe0359adac376baf1c791f26e671f091 Mon Sep 17 00:00:00 2001
From: merefield <merefield@gmail.com>
Date: Fri, 10 Mar 2023 12:49:32 +0000
Subject: [PATCH 2/4] Bump patch

---
 plugin.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugin.rb b/plugin.rb
index 1bbd8f8e..78c384da 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 # name: discourse-custom-wizard
 # about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
-# version: 2.2.1
+# version: 2.2.2
 # authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever
 # url: https://github.com/paviliondev/discourse-custom-wizard
 # contact_emails: development@pavilion.tech

From a3b665434c9831df56d746045d3588ec9dd73dec Mon Sep 17 00:00:00 2001
From: merefield <merefield@gmail.com>
Date: Fri, 10 Mar 2023 12:50:37 +0000
Subject: [PATCH 3/4] Bump patch

---
 plugin.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugin.rb b/plugin.rb
index 78c384da..54f9eeca 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 # name: discourse-custom-wizard
 # about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
-# version: 2.2.2
+# version: 2.2.5
 # authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever
 # url: https://github.com/paviliondev/discourse-custom-wizard
 # contact_emails: development@pavilion.tech

From b73437299c80b5133eedde37bf020b0af48c699e Mon Sep 17 00:00:00 2001
From: merefield <merefield@gmail.com>
Date: Fri, 10 Mar 2023 14:42:42 +0000
Subject: [PATCH 4/4] IMPROVE: separate out new tests

---
 spec/components/custom_wizard/wizard_spec.rb | 27 +++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/spec/components/custom_wizard/wizard_spec.rb b/spec/components/custom_wizard/wizard_spec.rb
index 59c0c8c9..591eee8c 100644
--- a/spec/components/custom_wizard/wizard_spec.rb
+++ b/spec/components/custom_wizard/wizard_spec.rb
@@ -131,9 +131,6 @@ describe CustomWizard::Wizard do
       expect(
         CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted?
       ).to eq(true)
-      expect(
-        CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted?
-      ).to eq(true)
     end
 
     it "permits everyone if everyone is permitted" do
@@ -206,6 +203,30 @@ describe CustomWizard::Wizard do
     end
   end
 
+  context "with subscription and guest wizard" do
+    before do
+      enable_subscription("standard")
+    end
+
+    it "permits admins" do
+      expect(
+        CustomWizard::Wizard.new(@guests_permitted_template, admin_user).permitted?
+      ).to eq(true)
+    end
+
+    it "permits regular users" do
+      expect(
+        CustomWizard::Wizard.new(@guests_permitted_template, user).permitted?
+      ).to eq(true)
+    end
+
+    it "permits guests" do
+      expect(
+        CustomWizard::Wizard.new(@guests_permitted_template, nil, "guest123").permitted?
+      ).to eq(true)
+    end
+  end
+
   context "submissions" do
     before do
       CustomWizard::Submission.new(@wizard, step_1_field_1: "I am a user submission").save