From 092947f68b3ba1f526f03bc5a563d88e8f741d8c Mon Sep 17 00:00:00 2001 From: merefield Date: Fri, 10 Mar 2023 12:43:37 +0000 Subject: [PATCH 1/4] FIX: regular users can't access wizard with guest permissions --- lib/custom_wizard/wizard.rb | 1 + spec/components/custom_wizard/wizard_spec.rb | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/lib/custom_wizard/wizard.rb b/lib/custom_wizard/wizard.rb index c815c764..4ed4037d 100644 --- a/lib/custom_wizard/wizard.rb +++ b/lib/custom_wizard/wizard.rb @@ -230,6 +230,7 @@ class CustomWizard::Wizard m[:type] === 'assignment' && [*m[:result]].include?(GUEST_GROUP_ID) else if m[:type] === 'assignment' + [*m[:result]].include?(GUEST_GROUP_ID) || [*m[:result]].include?(Group::AUTO_GROUPS[:everyone]) || GroupUser.exists?(group_id: m[:result], user_id: user.id) elsif m[:type] === 'validation' diff --git a/spec/components/custom_wizard/wizard_spec.rb b/spec/components/custom_wizard/wizard_spec.rb index ed6ebbea..59c0c8c9 100644 --- a/spec/components/custom_wizard/wizard_spec.rb +++ b/spec/components/custom_wizard/wizard_spec.rb @@ -6,11 +6,14 @@ describe CustomWizard::Wizard do fab!(:admin_user) { Fabricate(:user, admin: true) } let(:template_json) { get_wizard_fixture("wizard") } let(:permitted_json) { get_wizard_fixture("wizard/permitted") } + let(:guests_permitted_json) { get_wizard_fixture("wizard/guests_permitted") } before do Group.refresh_automatic_group!(:trust_level_3) @permitted_template = template_json.dup @permitted_template["permitted"] = permitted_json["permitted"] + @guests_permitted_template = template_json.dup + @guests_permitted_template["permitted"] = guests_permitted_json["permitted"] @wizard = CustomWizard::Wizard.new(template_json, user) end @@ -128,6 +131,9 @@ describe CustomWizard::Wizard do expect( CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted? ).to eq(true) + expect( + CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted? + ).to eq(true) end it "permits everyone if everyone is permitted" do From 9e59b73ebe0359adac376baf1c791f26e671f091 Mon Sep 17 00:00:00 2001 From: merefield Date: Fri, 10 Mar 2023 12:49:32 +0000 Subject: [PATCH 2/4] Bump patch --- plugin.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.rb b/plugin.rb index 1bbd8f8e..78c384da 100644 --- a/plugin.rb +++ b/plugin.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # name: discourse-custom-wizard # about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more. -# version: 2.2.1 +# version: 2.2.2 # authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever # url: https://github.com/paviliondev/discourse-custom-wizard # contact_emails: development@pavilion.tech From a3b665434c9831df56d746045d3588ec9dd73dec Mon Sep 17 00:00:00 2001 From: merefield Date: Fri, 10 Mar 2023 12:50:37 +0000 Subject: [PATCH 3/4] Bump patch --- plugin.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.rb b/plugin.rb index 78c384da..54f9eeca 100644 --- a/plugin.rb +++ b/plugin.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # name: discourse-custom-wizard # about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more. -# version: 2.2.2 +# version: 2.2.5 # authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever # url: https://github.com/paviliondev/discourse-custom-wizard # contact_emails: development@pavilion.tech From b73437299c80b5133eedde37bf020b0af48c699e Mon Sep 17 00:00:00 2001 From: merefield Date: Fri, 10 Mar 2023 14:42:42 +0000 Subject: [PATCH 4/4] IMPROVE: separate out new tests --- spec/components/custom_wizard/wizard_spec.rb | 27 +++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/spec/components/custom_wizard/wizard_spec.rb b/spec/components/custom_wizard/wizard_spec.rb index 59c0c8c9..591eee8c 100644 --- a/spec/components/custom_wizard/wizard_spec.rb +++ b/spec/components/custom_wizard/wizard_spec.rb @@ -131,9 +131,6 @@ describe CustomWizard::Wizard do expect( CustomWizard::Wizard.new(@permitted_template, trusted_user).permitted? ).to eq(true) - expect( - CustomWizard::Wizard.new(@guests_permitted_template, trusted_user).permitted? - ).to eq(true) end it "permits everyone if everyone is permitted" do @@ -206,6 +203,30 @@ describe CustomWizard::Wizard do end end + context "with subscription and guest wizard" do + before do + enable_subscription("standard") + end + + it "permits admins" do + expect( + CustomWizard::Wizard.new(@guests_permitted_template, admin_user).permitted? + ).to eq(true) + end + + it "permits regular users" do + expect( + CustomWizard::Wizard.new(@guests_permitted_template, user).permitted? + ).to eq(true) + end + + it "permits guests" do + expect( + CustomWizard::Wizard.new(@guests_permitted_template, nil, "guest123").permitted? + ).to eq(true) + end + end + context "submissions" do before do CustomWizard::Submission.new(@wizard, step_1_field_1: "I am a user submission").save