-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure user is in permitted group before redirecting after time
- Loading branch information
1 parent
83320e2
commit 1f3fe7a
Showing
6 changed files
with
66 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,4 +4,5 @@ source 'https://rubygems.org' | |
|
|
||
| group :development do | ||
| gem 'rubocop-discourse' | ||
| gem 'racc' | ||
| end | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| # frozen_string_literal: true | ||
| # name: discourse-custom-wizard | ||
| # about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more. | ||
| # version: 2.8.2 | ||
| # version: 2.8.3 | ||
| # authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever, Juan Marcos Gutierrez Ramos | ||
| # url: https://github.com/paviliondev/discourse-custom-wizard | ||
| # contact_emails: [email protected] | ||
|
|
@@ -180,7 +180,8 @@ | |
| CustomWizard::Wizard.set_wizard_redirect(current_user, wizard_id, url) | ||
| end | ||
|
|
||
| redirect_to "/w/#{wizard_id.dasherize}" | ||
| wizard = CustomWizard::Wizard.create(wizard_id, current_user) | ||
| redirect_to "/w/#{wizard_id.dasherize}" if wizard.permitted?(always_allow_admin: false) | ||
| end | ||
| end | ||
| end | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,6 +3,7 @@ | |
| describe ApplicationController do | ||
| fab!(:user) { Fabricate(:user, username: 'angus', email: "[email protected]", trust_level: TrustLevel[3]) } | ||
| let(:wizard_template) { get_wizard_fixture("wizard") } | ||
| let(:permitted_json) { get_wizard_fixture("wizard/permitted") } | ||
|
|
||
| before do | ||
| CustomWizard::Template.save(wizard_template, skip_jobs: true) | ||
|
|
@@ -22,7 +23,7 @@ | |
|
|
||
| it "does not redirect if wizard if no after setting is enabled" do | ||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
|
|
||
| context "after signup enabled" do | ||
|
|
@@ -34,7 +35,7 @@ | |
| it "does not redirect if wizard does not exist" do | ||
| CustomWizard::Template.remove(@template[:id]) | ||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
|
|
||
| it "redirects if user is required to complete a wizard" do | ||
|
|
@@ -50,7 +51,7 @@ | |
| CustomWizard::Template.save(@template) | ||
|
|
||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
|
|
||
| it "saves original destination of user" do | ||
|
|
@@ -62,39 +63,82 @@ | |
| end | ||
| end | ||
|
|
||
| include ActiveSupport::Testing::TimeHelpers | ||
| context "after time enabled" do | ||
| before do | ||
| @template["after_time"] = true | ||
| @template["after_time_scheduled"] = (Time.now + 3.hours).iso8601 | ||
| CustomWizard::Template.save(@template) | ||
| end | ||
|
|
||
| it "does not redirect if time hasn't passed" do | ||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| context "when time hasn't passed" do | ||
| it "does not redirect" do | ||
| get "/" | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
| end | ||
|
|
||
| it "redirects if time has passed" do | ||
| @template["after_time_scheduled"] = (Time.now - 1.hours).iso8601 | ||
| CustomWizard::Template.save(@template) | ||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| context "when time has passed" do | ||
| it "redirects if time has passed" do | ||
| travel_to Time.now + 4.hours | ||
| get "/" | ||
| expect(response).to redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
|
|
||
| context "when permitted is set" do | ||
| before do | ||
| enable_subscription("business") | ||
| @template["permitted"] = permitted_json["permitted"] | ||
| CustomWizard::Template.save(@template.as_json) | ||
| end | ||
|
|
||
| context "when user is in permitted group" do | ||
| it "redirects user" do | ||
| travel_to Time.now + 4.hours | ||
| get "/" | ||
| expect(response).to redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
| end | ||
|
|
||
| context "when user is not in permitted group" do | ||
| before do | ||
| Group.find(13).remove(user) | ||
| end | ||
|
|
||
| it "does not redirect user" do | ||
| travel_to Time.now + 4.hours | ||
| user.trust_level = TrustLevel[2] | ||
| user.save! | ||
| get "/" | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
|
|
||
| it "does not redirect if user is an admin" do | ||
| travel_to Time.now + 4.hours | ||
| user.trust_level = TrustLevel[2] | ||
| user.admin = true | ||
| user.save! | ||
| get "/" | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end | ||
|
|
||
| context "who is not required to complete wizard" do | ||
| it "does nothing" do | ||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
| end | ||
| end | ||
|
|
||
| context "with guest" do | ||
| it "does nothing" do | ||
| get "/" | ||
| expect(response.status).to eq(200) | ||
| expect(response).to_not redirect_to("/w/super-mega-fun-wizard") | ||
| end | ||
| end | ||
| end | ||