2015-10-11 10:41:23 +01:00
require 'rails_helper'
2013-02-05 14:16:51 -05:00
require 'guardian'
2013-03-18 17:52:29 -04:00
require_dependency 'post_destroyer'
2013-02-05 14:16:51 -05:00
describe Guardian do
2013-05-21 16:39:51 +10:00
let ( :user ) { build ( :user ) }
let ( :moderator ) { build ( :moderator ) }
let ( :admin ) { build ( :admin ) }
2016-01-11 20:56:00 +05:30
let ( :trust_level_2 ) { build ( :user , trust_level : 2 ) }
2014-09-05 16:52:40 +10:00
let ( :trust_level_3 ) { build ( :user , trust_level : 3 ) }
let ( :trust_level_4 ) { build ( :user , trust_level : 4 ) }
2013-05-31 11:41:40 -04:00
let ( :another_admin ) { build ( :admin ) }
2013-05-21 16:39:51 +10:00
let ( :coding_horror ) { build ( :coding_horror ) }
2013-02-05 14:16:51 -05:00
2013-05-21 16:39:51 +10:00
let ( :topic ) { build ( :topic , user : user ) }
let ( :post ) { build ( :post , topic : topic , user : topic . user ) }
2013-02-05 14:16:51 -05:00
it 'can be created without a user (not logged in)' do
2015-01-09 13:34:37 -03:00
expect { Guardian . new } . not_to raise_error
2013-02-05 14:16:51 -05:00
end
2015-02-12 11:52:59 -05:00
it 'can be instantiated with a user instance' do
2015-01-09 13:34:37 -03:00
expect { Guardian . new ( user ) } . not_to raise_error
2013-02-05 14:16:51 -05:00
end
describe 'post_can_act?' do
2013-05-21 16:39:51 +10:00
let ( :post ) { build ( :post ) }
let ( :user ) { build ( :user ) }
2013-02-05 14:16:51 -05:00
it " returns false when the user is nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . post_can_act? ( post , :like ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when the post is nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( nil , :like ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when the topic is archived " do
post . topic . archived = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :like ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-08-07 19:12:35 +02:00
it " returns false when the post is deleted " do
post . deleted_at = Time . now
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :like ) ) . to be_falsey
2014-08-07 19:12:35 +02:00
end
2013-05-19 23:04:53 -07:00
it " always allows flagging " do
post . topic . archived = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :spam ) ) . to be_truthy
2013-05-19 23:04:53 -07:00
end
2013-02-05 14:16:51 -05:00
it " returns false when liking yourself " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . post_can_act? ( post , :like ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when you've already done it " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :like , taken_actions : { PostActionType . types [ :like ] = > 1 } ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2013-02-25 19:42:20 +03:00
it " returns false when you already flagged a post " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :off_topic , taken_actions : { PostActionType . types [ :spam ] = > 1 } ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-12-19 16:47:39 -05:00
it " returns false for notify_user if private messages are disabled " do
2015-10-12 11:15:38 +11:00
SiteSetting . enable_private_messages = false
2014-12-19 16:47:39 -05:00
user . trust_level = TrustLevel [ 2 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :notify_user ) ) . to be_falsey
expect ( Guardian . new ( user ) . post_can_act? ( post , :notify_moderators ) ) . to be_falsey
2014-12-19 16:47:39 -05:00
end
2015-10-12 11:15:38 +11:00
it " returns false for notify_user if private messages are enabled but threshold not met " do
SiteSetting . enable_private_messages = true
SiteSetting . min_trust_to_send_messages = 2
user . trust_level = TrustLevel [ 1 ]
expect ( Guardian . new ( user ) . post_can_act? ( post , :notify_user ) ) . to be_falsey
expect ( Guardian . new ( user ) . post_can_act? ( post , :notify_moderators ) ) . to be_truthy
end
2013-02-05 14:16:51 -05:00
describe " trust levels " do
it " returns true for a new user liking something " do
2014-09-05 15:20:39 +10:00
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :like ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2015-01-08 16:06:43 +01:00
it " returns false for a new user flagging a standard post as spam " do
2014-09-05 15:20:39 +10:00
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :spam ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2015-01-08 16:06:43 +01:00
it " returns true for a new user flagging a private message as spam " do
post . topic . archetype = Archetype . private_message
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :spam ) ) . to be_truthy
2015-01-08 16:06:43 +01:00
end
2013-02-05 14:16:51 -05:00
it " returns false for a new user flagging something as off topic " do
2014-09-05 15:20:39 +10:00
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :off_topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-03-10 11:48:27 -04:00
it " returns false for a new user flagging with notify_user " do
2014-09-05 15:20:39 +10:00
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :notify_user ) ) . to be_falsey # because new users can't send private messages
2014-03-10 11:48:27 -04:00
end
2013-02-05 14:16:51 -05:00
end
end
2014-07-28 19:17:37 +02:00
describe " can_defer_flags " do
2013-02-08 19:04:14 -05:00
let ( :post ) { Fabricate ( :post ) }
let ( :user ) { post . user }
let ( :moderator ) { Fabricate ( :moderator ) }
it " returns false when the user is nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_defer_flags? ( post ) ) . to be_falsey
2013-02-08 19:04:14 -05:00
end
it " returns false when the post is nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_defer_flags? ( nil ) ) . to be_falsey
2013-02-08 19:04:14 -05:00
end
it " returns false when the user is not a moderator " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_defer_flags? ( post ) ) . to be_falsey
2013-02-08 19:04:14 -05:00
end
it " returns true when the user is a moderator " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_defer_flags? ( post ) ) . to be_truthy
2013-02-08 19:04:14 -05:00
end
end
2013-02-05 14:16:51 -05:00
describe 'can_send_private_message' do
let ( :user ) { Fabricate ( :user ) }
let ( :another_user ) { Fabricate ( :user ) }
2014-05-06 15:01:19 -04:00
let ( :suspended_user ) { Fabricate ( :user , suspended_till : 1 . week . from_now , suspended_at : 1 . day . ago ) }
2013-02-05 14:16:51 -05:00
it " returns false when the user is nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_send_private_message? ( user ) ) . to be_falsey
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
it " returns false when the target user is nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when the target is the same as the user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when you are untrusted " do
2014-09-05 15:20:39 +10:00
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( another_user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns true to another user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( another_user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-04-23 17:00:22 -04:00
2015-10-12 11:15:38 +11:00
it " disallows pms to other users if trust level is not met " do
SiteSetting . min_trust_to_send_messages = TrustLevel [ 2 ]
user . trust_level = TrustLevel [ 1 ]
expect ( Guardian . new ( user ) . can_send_private_message? ( another_user ) ) . to be_falsey
end
2014-04-23 17:00:22 -04:00
context " enable_private_messages is false " do
2015-10-12 11:15:38 +11:00
before { SiteSetting . enable_private_messages = false }
2014-04-23 17:00:22 -04:00
it " returns false if user is not the contact user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( another_user ) ) . to be_falsey
2014-04-23 17:00:22 -04:00
end
2014-04-25 14:52:57 -04:00
it " returns true for the contact user and system user " do
2015-10-12 11:15:38 +11:00
SiteSetting . site_contact_username = user . username
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( another_user ) ) . to be_truthy
expect ( Guardian . new ( Discourse . system_user ) . can_send_private_message? ( another_user ) ) . to be_truthy
2014-04-23 17:00:22 -04:00
end
end
2014-05-06 15:01:19 -04:00
context " target user is suspended " do
it " returns true for staff " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_send_private_message? ( suspended_user ) ) . to be_truthy
expect ( Guardian . new ( moderator ) . can_send_private_message? ( suspended_user ) ) . to be_truthy
2014-05-06 15:01:19 -04:00
end
it " returns false for regular users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_send_private_message? ( suspended_user ) ) . to be_falsey
2014-05-06 15:01:19 -04:00
end
end
2016-01-22 12:54:18 -05:00
context " author is blocked " do
before do
user . blocked = true
user . save
end
it " returns true if target is staff " do
expect ( Guardian . new ( user ) . can_send_private_message? ( admin ) ) . to be_truthy
expect ( Guardian . new ( user ) . can_send_private_message? ( moderator ) ) . to be_truthy
end
it " returns false if target is not staff " do
expect ( Guardian . new ( user ) . can_send_private_message? ( another_user ) ) . to be_falsey
end
end
2013-02-05 14:16:51 -05:00
end
describe 'can_reply_as_new_topic' do
let ( :user ) { Fabricate ( :user ) }
let ( :topic ) { Fabricate ( :topic ) }
it " returns false for a non logged in user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_reply_as_new_topic? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false for a nil topic " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_reply_as_new_topic? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false for an untrusted user " do
2014-09-05 15:20:39 +10:00
user . trust_level = TrustLevel [ 0 ]
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_reply_as_new_topic? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns true for a trusted user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_reply_as_new_topic? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
describe 'can_see_post_actors?' do
let ( :topic ) { Fabricate ( :topic , user : coding_horror ) }
2013-04-29 16:33:24 +10:00
it 'displays visibility correctly' do
guardian = Guardian . new ( user )
2015-01-09 13:34:37 -03:00
expect ( guardian . can_see_post_actors? ( nil , PostActionType . types [ :like ] ) ) . to be_falsey
expect ( guardian . can_see_post_actors? ( topic , PostActionType . types [ :like ] ) ) . to be_truthy
expect ( guardian . can_see_post_actors? ( topic , PostActionType . types [ :bookmark ] ) ) . to be_falsey
expect ( guardian . can_see_post_actors? ( topic , PostActionType . types [ :off_topic ] ) ) . to be_falsey
expect ( guardian . can_see_post_actors? ( topic , PostActionType . types [ :spam ] ) ) . to be_falsey
expect ( guardian . can_see_post_actors? ( topic , PostActionType . types [ :vote ] ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns false for private votes' do
topic . expects ( :has_meta_data_boolean? ) . with ( :private_poll ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see_post_actors? ( topic , PostActionType . types [ :vote ] ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
end
describe 'can_impersonate?' do
2013-04-29 16:33:24 +10:00
it 'allows impersonation correctly' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_impersonate? ( nil ) ) . to be_falsey
expect ( Guardian . new . can_impersonate? ( user ) ) . to be_falsey
expect ( Guardian . new ( coding_horror ) . can_impersonate? ( user ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_impersonate? ( admin ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_impersonate? ( another_admin ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_impersonate? ( user ) ) . to be_truthy
expect ( Guardian . new ( admin ) . can_impersonate? ( moderator ) ) . to be_truthy
2013-09-05 10:27:34 +10:00
Rails . configuration . stubs ( :developer_emails ) . returns ( [ admin . email ] )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_impersonate? ( another_admin ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
2013-11-06 12:56:26 -05:00
describe 'can_invite_to_forum?' do
let ( :user ) { Fabricate . build ( :user ) }
let ( :moderator ) { Fabricate . build ( :moderator ) }
it " doesn't allow anonymous users to invite " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_invite_to_forum? ) . to be_falsey
2013-11-06 12:56:26 -05:00
end
it 'returns true when the site requires approving users and is mod' do
SiteSetting . expects ( :must_approve_users? ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_invite_to_forum? ) . to be_truthy
2013-11-06 12:56:26 -05:00
end
2015-05-19 16:51:21 +10:00
it 'returns false when max_invites_per_day is 0' do
# let's also break it while here
SiteSetting . max_invites_per_day = " a "
2015-06-05 10:22:41 +05:30
expect ( Guardian . new ( user ) . can_invite_to_forum? ) . to be_falsey
# staff should be immune to max_invites_per_day setting
expect ( Guardian . new ( moderator ) . can_invite_to_forum? ) . to be_truthy
2015-05-19 16:51:21 +10:00
end
2013-11-06 12:56:26 -05:00
it 'returns false when the site requires approving users and is regular' do
SiteSetting . expects ( :must_approve_users? ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_invite_to_forum? ) . to be_falsey
2013-11-06 12:56:26 -05:00
end
2014-06-18 16:46:04 -04:00
it 'returns false when the local logins are disabled' do
SiteSetting . stubs ( :enable_local_logins ) . returns ( false )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_invite_to_forum? ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_invite_to_forum? ) . to be_falsey
2014-06-18 16:46:04 -04:00
end
2013-11-06 12:56:26 -05:00
end
2013-02-05 14:16:51 -05:00
describe 'can_invite_to?' do
2014-07-04 23:04:19 +05:30
let ( :group ) { Fabricate ( :group ) }
let ( :category ) { Fabricate ( :category , read_restricted : true ) }
2013-02-05 14:16:51 -05:00
let ( :topic ) { Fabricate ( :topic ) }
2014-07-04 23:04:19 +05:30
let ( :private_topic ) { Fabricate ( :topic , category : category ) }
2013-02-05 14:16:51 -05:00
let ( :user ) { topic . user }
let ( :moderator ) { Fabricate ( :moderator ) }
2014-07-04 23:04:19 +05:30
let ( :admin ) { Fabricate ( :admin ) }
2015-03-02 11:25:25 -08:00
let ( :private_category ) { Fabricate ( :private_category , group : group ) }
let ( :group_private_topic ) { Fabricate ( :topic , category : private_category ) }
2015-11-10 00:52:04 +11:00
let ( :group_owner ) { group_private_topic . user . tap { | u | group . add_owner ( u ) } }
2013-02-05 14:16:51 -05:00
2013-04-29 16:33:24 +10:00
it 'handles invitation correctly' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_invite_to? ( topic ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_invite_to? ( nil ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_invite_to? ( topic ) ) . to be_truthy
expect ( Guardian . new ( user ) . can_invite_to? ( topic ) ) . to be_falsey
2015-05-19 16:51:21 +10:00
SiteSetting . max_invites_per_day = 0
2015-06-05 10:22:41 +05:30
expect ( Guardian . new ( user ) . can_invite_to? ( topic ) ) . to be_falsey
# staff should be immune to max_invites_per_day setting
expect ( Guardian . new ( moderator ) . can_invite_to? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2013-06-21 16:35:13 +10:00
it 'returns true when the site requires approving users and is mod' do
2013-02-05 14:16:51 -05:00
SiteSetting . expects ( :must_approve_users? ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_invite_to? ( topic ) ) . to be_truthy
2013-06-21 16:35:13 +10:00
end
2013-11-06 12:56:26 -05:00
it 'returns false when the site requires approving users and is regular' do
2013-06-21 16:35:13 +10:00
SiteSetting . expects ( :must_approve_users? ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_invite_to? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-07-04 23:04:19 +05:30
it 'returns false for normal user on private topic' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_invite_to? ( private_topic ) ) . to be_falsey
2014-07-04 23:04:19 +05:30
end
it 'returns true for admin on private topic' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_invite_to? ( private_topic ) ) . to be_truthy
2014-07-04 23:04:19 +05:30
end
2015-11-10 00:52:04 +11:00
it 'returns true for a group owner' do
expect ( Guardian . new ( group_owner ) . can_invite_to? ( group_private_topic ) ) . to be_truthy
2015-03-02 11:25:25 -08:00
end
2013-02-05 14:16:51 -05:00
end
describe 'can_see?' do
it 'returns false with a nil object' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-04-22 16:43:46 -04:00
describe 'a Group' do
2014-04-23 11:14:34 -04:00
let ( :group ) { Group . new }
let ( :invisible_group ) { Group . new ( visible : false ) }
2014-04-22 16:43:46 -04:00
it " returns true when the group is visible " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( group ) ) . to be_truthy
2014-04-23 11:14:34 -04:00
end
it " returns true when the group is visible but the user is an admin " do
admin = Fabricate . build ( :admin )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_see? ( invisible_group ) ) . to be_truthy
2014-04-22 16:43:46 -04:00
end
it " returns false when the group is invisible " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( invisible_group ) ) . to be_falsey
2014-04-22 16:43:46 -04:00
end
end
2013-02-05 14:16:51 -05:00
describe 'a Topic' do
it 'allows non logged in users to view topics' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2013-04-29 16:33:24 +10:00
it 'correctly handles groups' do
group = Fabricate ( :group )
2013-07-14 11:24:16 +10:00
category = Fabricate ( :category , read_restricted : true )
category . set_permissions ( group = > :full )
category . save
2013-04-29 16:33:24 +10:00
topic = Fabricate ( :topic , category : category )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see? ( topic ) ) . to be_falsey
2013-04-29 16:33:24 +10:00
group . add ( user )
group . save
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see? ( topic ) ) . to be_truthy
2013-04-29 16:33:24 +10:00
end
2014-05-12 15:26:36 -04:00
2014-07-15 14:02:43 -07:00
it " restricts deleted topics " do
topic = Fabricate ( :topic )
topic . trash! ( moderator )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_see? ( topic ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_see? ( topic ) ) . to be_truthy
expect ( Guardian . new ( admin ) . can_see? ( topic ) ) . to be_truthy
2014-07-15 14:02:43 -07:00
end
2014-05-12 15:26:36 -04:00
it " restricts private topics " do
user . save!
private_topic = Fabricate ( :private_message_topic , user : user )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( private_topic . user ) . can_see? ( private_topic ) ) . to be_truthy
expect ( Guardian . new ( build ( :user ) ) . can_see? ( private_topic ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_see? ( private_topic ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_see? ( private_topic ) ) . to be_truthy
2014-05-12 15:26:36 -04:00
end
2014-07-15 14:02:43 -07:00
it " restricts private deleted topics " do
user . save!
private_topic = Fabricate ( :private_message_topic , user : user )
private_topic . trash! ( admin )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( private_topic . user ) . can_see? ( private_topic ) ) . to be_falsey
expect ( Guardian . new ( build ( :user ) ) . can_see? ( private_topic ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_see? ( private_topic ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_see? ( private_topic ) ) . to be_truthy
2014-07-15 14:02:43 -07:00
end
2014-07-29 10:40:02 -04:00
it " restricts static doc topics " do
tos_topic = Fabricate ( :topic , user : Discourse . system_user )
SiteSetting . stubs ( :tos_topic_id ) . returns ( tos_topic . id )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_edit? ( tos_topic ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_edit? ( tos_topic ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_edit? ( tos_topic ) ) . to be_truthy
2014-07-29 10:40:02 -04:00
end
2015-02-16 13:03:04 +01:00
it " allows moderators to see a flagged private message " do
moderator . save!
user . save!
private_topic = Fabricate ( :private_message_topic , user : user )
first_post = Fabricate ( :post , topic : private_topic , user : user )
expect ( Guardian . new ( moderator ) . can_see? ( private_topic ) ) . to be_falsey
PostAction . act ( user , first_post , PostActionType . types [ :off_topic ] )
expect ( Guardian . new ( moderator ) . can_see? ( private_topic ) ) . to be_truthy
end
2013-04-29 16:33:24 +10:00
end
describe 'a Post' do
2013-07-09 15:20:18 -04:00
let ( :another_admin ) { Fabricate ( :admin ) }
2013-04-29 16:33:24 +10:00
it 'correctly handles post visibility' do
2013-05-21 16:39:51 +10:00
post = Fabricate ( :post )
topic = post . topic
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see? ( post ) ) . to be_truthy
2013-04-29 16:33:24 +10:00
2013-07-09 15:20:18 -04:00
post . trash! ( another_admin )
2013-04-29 16:33:24 +10:00
post . reload
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see? ( post ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_see? ( post ) ) . to be_truthy
2013-04-29 16:33:24 +10:00
2013-05-07 14:39:01 +10:00
post . recover!
2013-04-29 16:33:24 +10:00
post . reload
2013-07-09 15:20:18 -04:00
topic . trash! ( another_admin )
2013-04-29 16:33:24 +10:00
topic . reload
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see? ( post ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_see? ( post ) ) . to be_truthy
2013-04-29 16:33:24 +10:00
end
2015-09-10 16:01:23 -04:00
it 'respects whispers' do
regular_post = Fabricate . build ( :post )
whisper_post = Fabricate . build ( :post , post_type : Post . types [ :whisper ] )
anon_guardian = Guardian . new
expect ( anon_guardian . can_see? ( regular_post ) ) . to eq ( true )
expect ( anon_guardian . can_see? ( whisper_post ) ) . to eq ( false )
regular_user = Fabricate . build ( :user )
regular_guardian = Guardian . new ( regular_user )
expect ( regular_guardian . can_see? ( regular_post ) ) . to eq ( true )
expect ( regular_guardian . can_see? ( whisper_post ) ) . to eq ( false )
# can see your own whispers
regular_whisper = Fabricate . build ( :post , post_type : Post . types [ :whisper ] , user : regular_user )
expect ( regular_guardian . can_see? ( regular_whisper ) ) . to eq ( true )
mod_guardian = Guardian . new ( Fabricate . build ( :moderator ) )
expect ( mod_guardian . can_see? ( regular_post ) ) . to eq ( true )
expect ( mod_guardian . can_see? ( whisper_post ) ) . to eq ( true )
admin_guardian = Guardian . new ( Fabricate . build ( :admin ) )
expect ( admin_guardian . can_see? ( regular_post ) ) . to eq ( true )
expect ( admin_guardian . can_see? ( whisper_post ) ) . to eq ( true )
end
2014-03-13 10:47:37 -04:00
end
describe 'a PostRevision' do
let ( :post_revision ) { Fabricate ( :post_revision ) }
context 'edit_history_visible_to_public is true' do
before { SiteSetting . stubs ( :edit_history_visible_to_public ) . returns ( true ) }
it 'is false for nil' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( nil ) ) . to be_falsey
2014-03-13 10:47:37 -04:00
end
it 'is true if not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( post_revision ) ) . to be_truthy
2014-03-13 10:47:37 -04:00
end
2013-04-29 16:33:24 +10:00
2014-03-13 10:47:37 -04:00
it 'is true when logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( Fabricate ( :user ) ) . can_see? ( post_revision ) ) . to be_truthy
2014-03-13 10:47:37 -04:00
end
2014-07-28 10:49:42 -05:00
it 'is true if the author has public edit history' do
public_post_revision = Fabricate ( :post_revision )
2016-02-17 15:46:19 +11:00
public_post_revision . post . user . user_option . edit_history_public = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( public_post_revision ) ) . to be_truthy
2014-07-28 10:49:42 -05:00
end
2014-03-13 10:47:37 -04:00
end
2013-04-29 16:33:24 +10:00
2014-03-13 10:47:37 -04:00
context 'edit_history_visible_to_public is false' do
before { SiteSetting . stubs ( :edit_history_visible_to_public ) . returns ( false ) }
it 'is true for staff' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( Fabricate ( :admin ) ) . can_see? ( post_revision ) ) . to be_truthy
expect ( Guardian . new ( Fabricate ( :moderator ) ) . can_see? ( post_revision ) ) . to be_truthy
2014-03-13 10:47:37 -04:00
end
it 'is true for trust level 4' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_4 ) . can_see? ( post_revision ) ) . to be_truthy
2014-03-13 10:47:37 -04:00
end
it 'is false for trust level lower than 4' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_3 ) . can_see? ( post_revision ) ) . to be_falsey
2014-03-13 10:47:37 -04:00
end
2014-07-28 10:49:42 -05:00
it 'is true if the author has public edit history' do
public_post_revision = Fabricate ( :post_revision )
2016-02-17 15:46:19 +11:00
public_post_revision . post . user . user_option . edit_history_public = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_see? ( public_post_revision ) ) . to be_truthy
2014-07-28 10:49:42 -05:00
end
2014-03-13 10:47:37 -04:00
end
2013-02-05 14:16:51 -05:00
end
end
describe 'can_create?' do
describe 'a Category' do
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_create? ( Category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false when a regular user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_create? ( Category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-02-07 14:11:52 +11:00
it 'returns false when a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_create? ( Category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_create? ( Category ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
2013-07-16 15:44:07 +10:00
describe 'a Topic' do
it 'should check for full permissions' do
category = Fabricate ( :category )
category . set_permissions ( :everyone = > :create_post )
category . save
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_create? ( Topic , category ) ) . to be_falsey
2013-07-16 15:44:07 +10:00
end
2013-09-03 19:12:22 -04:00
it " is true for new users by default " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_create? ( Topic , Fabricate ( :category ) ) ) . to be_truthy
2013-09-03 19:12:22 -04:00
end
it " is false if user has not met minimum trust level " do
SiteSetting . stubs ( :min_trust_to_create_topic ) . returns ( 1 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user , trust_level : 0 ) ) . can_create? ( Topic , Fabricate ( :category ) ) ) . to be_falsey
2013-09-03 19:12:22 -04:00
end
it " is true if user has met or exceeded the minimum trust level " do
SiteSetting . stubs ( :min_trust_to_create_topic ) . returns ( 1 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user , trust_level : 1 ) ) . can_create? ( Topic , Fabricate ( :category ) ) ) . to be_truthy
expect ( Guardian . new ( build ( :user , trust_level : 2 ) ) . can_create? ( Topic , Fabricate ( :category ) ) ) . to be_truthy
expect ( Guardian . new ( build ( :admin , trust_level : 0 ) ) . can_create? ( Topic , Fabricate ( :category ) ) ) . to be_truthy
expect ( Guardian . new ( build ( :moderator , trust_level : 0 ) ) . can_create? ( Topic , Fabricate ( :category ) ) ) . to be_truthy
2013-09-03 19:12:22 -04:00
end
2013-07-16 15:44:07 +10:00
end
2013-02-05 14:16:51 -05:00
describe 'a Post' do
2013-07-16 15:44:07 +10:00
it " is false on readonly categories " do
category = Fabricate ( :category )
topic . category = category
category . set_permissions ( :everyone = > :readonly )
category . save
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( topic . user ) . can_create? ( Post , topic ) ) . to be_falsey
2013-07-16 15:44:07 +10:00
end
2013-02-05 14:16:51 -05:00
it " is false when not logged in " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_create? ( Post , topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'is true for a regular user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( topic . user ) . can_create? ( Post , topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " is false when you can't see the topic " do
Guardian . any_instance . expects ( :can_see? ) . with ( topic ) . returns ( false )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( topic . user ) . can_create? ( Post , topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
context 'closed topic' do
before do
topic . closed = true
end
it " doesn't allow new posts from regular users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( topic . user ) . can_create? ( Post , topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'allows editing of posts' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( topic . user ) . can_edit? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " allows new posts from moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_create? ( Post , topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " allows new posts from admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_create? ( Post , topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-03-17 14:50:28 -04:00
2014-09-05 16:52:40 +10:00
it " allows new posts from trust_level_4s " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_4 ) . can_create? ( Post , topic ) ) . to be_truthy
2014-03-17 14:50:28 -04:00
end
2013-02-05 14:16:51 -05:00
end
context 'archived topic' do
before do
topic . archived = true
end
context 'regular users' do
it " doesn't allow new posts from regular users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_create? ( Post , topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-08-15 12:44:58 -04:00
it 'does not allow editing of posts' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
end
2013-02-25 19:42:20 +03:00
2013-02-05 14:16:51 -05:00
it " allows new posts from moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_create? ( Post , topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " allows new posts from admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_create? ( Post , topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
2013-07-11 16:38:46 -04:00
context " trashed topic " do
before do
topic . deleted_at = Time . now
end
it " doesn't allow new posts from regular users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_create? ( Post , topic ) ) . to be_falsey
2013-07-11 16:38:46 -04:00
end
it " doesn't allow new posts from moderators users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_create? ( Post , topic ) ) . to be_falsey
2013-07-11 16:38:46 -04:00
end
it " doesn't allow new posts from admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_create? ( Post , topic ) ) . to be_falsey
2013-07-11 16:38:46 -04:00
end
end
2016-01-22 12:54:18 -05:00
context " private message " do
let ( :private_message ) { Fabricate ( :topic , archetype : Archetype . private_message , category_id : nil ) }
2013-07-11 16:38:46 -04:00
2016-01-22 12:54:18 -05:00
before { user . save! }
it " allows new posts by people included in the pm " do
private_message . topic_allowed_users . create! ( user_id : user . id )
expect ( Guardian . new ( user ) . can_create? ( Post , private_message ) ) . to be_truthy
end
it " doesn't allow new posts by people not invited to the pm " do
expect ( Guardian . new ( user ) . can_create? ( Post , private_message ) ) . to be_falsey
end
it " allows new posts from blocked users included in the pm " do
user . update_attribute ( :blocked , true )
private_message . topic_allowed_users . create! ( user_id : user . id )
expect ( Guardian . new ( user ) . can_create? ( Post , private_message ) ) . to be_truthy
end
it " doesn't allow new posts from blocked users not invited to the pm " do
user . update_attribute ( :blocked , true )
expect ( Guardian . new ( user ) . can_create? ( Post , private_message ) ) . to be_falsey
end
end
end # can_create? a Post
2013-02-05 14:16:51 -05:00
end
describe 'post_can_act?' do
it " isn't allowed on nil " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( nil , nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
describe 'a Post' do
2013-02-25 19:42:20 +03:00
let ( :guardian ) do
2013-02-05 14:16:51 -05:00
Guardian . new ( user )
end
it " isn't allowed when not logged in " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . post_can_act? ( post , :vote ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " is allowed as a regular user " do
2015-01-09 13:34:37 -03:00
expect ( guardian . post_can_act? ( post , :vote ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " doesn't allow voting if the user has an action from voting already " do
2015-01-09 13:34:37 -03:00
expect ( guardian . post_can_act? ( post , :vote , taken_actions : { PostActionType . types [ :vote ] = > 1 } ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " allows voting if the user has performed a different action " do
2015-01-09 13:34:37 -03:00
expect ( guardian . post_can_act? ( post , :vote , taken_actions : { PostActionType . types [ :like ] = > 1 } ) ) . to be_truthy
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
it " isn't allowed on archived topics " do
topic . archived = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . post_can_act? ( post , :like ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2013-02-25 19:42:20 +03:00
2013-02-05 14:16:51 -05:00
describe 'multiple voting' do
it " isn't allowed if the user voted and the topic doesn't allow multiple votes " do
Topic . any_instance . expects ( :has_meta_data_boolean? ) . with ( :single_vote ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_vote? ( post , voted_in_topic : true ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " is allowed if the user voted and the topic doesn't allow multiple votes " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_vote? ( post , voted_in_topic : false ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
end
end
2013-07-12 12:08:23 -04:00
describe " can_recover_topic? " do
it " returns false for a nil user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_recover_topic? ( topic ) ) . to be_falsey
2013-07-12 12:08:23 -04:00
end
it " returns false for a nil object " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_recover_topic? ( nil ) ) . to be_falsey
2013-07-12 12:08:23 -04:00
end
it " returns false for a regular user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_recover_topic? ( topic ) ) . to be_falsey
2013-07-12 12:08:23 -04:00
end
it " returns true for a moderator " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_recover_topic? ( topic ) ) . to be_truthy
2013-07-12 12:08:23 -04:00
end
end
2013-02-07 15:12:55 -05:00
describe " can_recover_post? " do
it " returns false for a nil user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_recover_post? ( post ) ) . to be_falsey
2013-02-07 15:12:55 -05:00
end
it " returns false for a nil object " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_recover_post? ( nil ) ) . to be_falsey
2013-02-07 15:12:55 -05:00
end
it " returns false for a regular user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_recover_post? ( post ) ) . to be_falsey
2013-02-07 15:12:55 -05:00
end
it " returns true for a moderator " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_recover_post? ( post ) ) . to be_truthy
2013-02-07 15:12:55 -05:00
end
end
2013-02-05 14:16:51 -05:00
describe 'can_edit?' do
it 'returns false with a nil object' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
describe 'a Post' do
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_edit? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-05-13 08:53:11 -04:00
it 'returns false when not logged in also for wiki post' do
post . wiki = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_edit? ( post ) ) . to be_falsey
2014-05-13 08:53:11 -04:00
end
2013-02-05 14:16:51 -05:00
it 'returns true if you want to edit your own post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-06-20 15:38:03 -04:00
it " returns false if the post is hidden due to flagging and it's too soon " do
post . hidden = true
post . hidden_at = Time . now
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_falsey
2014-06-20 15:38:03 -04:00
end
it " returns true if the post is hidden due to flagging and it been enough time " do
post . hidden = true
post . hidden_at = ( SiteSetting . cooldown_minutes_after_hiding_posts + 1 ) . minutes . ago
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_truthy
2014-09-16 11:20:31 -04:00
end
it " returns true if the post is hidden, it's been enough time and the edit window has expired " do
post . hidden = true
post . hidden_at = ( SiteSetting . cooldown_minutes_after_hiding_posts + 1 ) . minutes . ago
post . created_at = ( SiteSetting . post_edit_time_limit + 1 ) . minutes . ago
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_truthy
2014-06-20 15:38:03 -04:00
end
it " returns true if the post is hidden due to flagging and it's got a nil `hidden_at` " do
post . hidden = true
post . hidden_at = nil
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_truthy
2014-06-20 15:38:03 -04:00
end
2013-07-22 17:48:24 +10:00
it 'returns false if you are trying to edit a post you soft deleted' do
post . user_deleted = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_falsey
2013-07-22 17:48:24 +10:00
end
2014-05-13 08:53:11 -04:00
it 'returns false if another regular user tries to edit a soft deleted wiki post' do
post . wiki = true
post . user_deleted = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_falsey
2014-05-13 08:53:11 -04:00
end
2013-07-22 17:48:24 +10:00
it 'returns false if you are trying to edit a deleted post' do
post . deleted_at = 1 . day . ago
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_falsey
2013-07-22 17:48:24 +10:00
end
2014-05-13 08:53:11 -04:00
it 'returns false if another regular user tries to edit a deleted wiki post' do
post . wiki = true
post . deleted_at = 1 . day . ago
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_falsey
2014-05-13 08:53:11 -04:00
end
2013-02-05 14:16:51 -05:00
it 'returns false if another regular user tries to edit your post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-05-13 08:53:11 -04:00
it 'returns true if another regular user tries to edit wiki post' do
post . wiki = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_truthy
2014-05-13 08:53:11 -04:00
end
2013-02-05 14:16:51 -05:00
it 'returns true as a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns true as an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-01-07 10:32:09 -05:00
2014-03-13 10:47:37 -04:00
it 'returns true as a trust level 4 user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_4 ) . can_edit? ( post ) ) . to be_truthy
2014-03-13 10:47:37 -04:00
end
2015-02-25 20:53:21 +01:00
it 'returns false when another user has too low trust level to edit wiki post' do
SiteSetting . stubs ( :min_trust_to_edit_wiki_post ) . returns ( 2 )
post . wiki = true
coding_horror . trust_level = 1
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_falsey
end
it 'returns true when another user has adequate trust level to edit wiki post' do
SiteSetting . stubs ( :min_trust_to_edit_wiki_post ) . returns ( 2 )
post . wiki = true
coding_horror . trust_level = 2
expect ( Guardian . new ( coding_horror ) . can_edit? ( post ) ) . to be_truthy
end
it 'returns true for post author even when he has too low trust level to edit wiki post' do
SiteSetting . stubs ( :min_trust_to_edit_wiki_post ) . returns ( 2 )
post . wiki = true
post . user . trust_level = 1
expect ( Guardian . new ( post . user ) . can_edit? ( post ) ) . to be_truthy
end
2014-01-07 10:32:09 -05:00
context 'post is older than post_edit_time_limit' do
let ( :old_post ) { build ( :post , topic : topic , user : topic . user , created_at : 6 . minutes . ago ) }
before do
SiteSetting . stubs ( :post_edit_time_limit ) . returns ( 5 )
end
it 'returns false to the author of the post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( old_post . user ) . can_edit? ( old_post ) ) . to be_falsey
2014-01-07 10:32:09 -05:00
end
it 'returns true as a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit? ( old_post ) ) . to eq ( true )
2014-01-07 10:32:09 -05:00
end
it 'returns true as an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit? ( old_post ) ) . to eq ( true )
2014-01-07 10:32:09 -05:00
end
it 'returns false for another regular user trying to edit your post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( old_post ) ) . to be_falsey
2014-01-07 10:32:09 -05:00
end
2014-05-13 08:53:11 -04:00
it 'returns true for another regular user trying to edit a wiki post' do
old_post . wiki = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( old_post ) ) . to be_truthy
2014-05-13 08:53:11 -04:00
end
2014-01-07 10:32:09 -05:00
end
2014-07-29 10:40:02 -04:00
context " first post of a static page doc " do
let! ( :tos_topic ) { Fabricate ( :topic , user : Discourse . system_user ) }
let! ( :tos_first_post ) { build ( :post , topic : tos_topic , user : tos_topic . user ) }
before { SiteSetting . stubs ( :tos_topic_id ) . returns ( tos_topic . id ) }
it " restricts static doc posts " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_edit? ( tos_first_post ) ) . to be_falsey
expect ( Guardian . new ( moderator ) . can_edit? ( tos_first_post ) ) . to be_falsey
expect ( Guardian . new ( admin ) . can_edit? ( tos_first_post ) ) . to be_truthy
2014-07-29 10:40:02 -04:00
end
end
2013-02-05 14:16:51 -05:00
end
describe 'a Topic' do
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_edit? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true for editing your own post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( topic . user ) . can_edit? ( topic ) ) . to eq ( true )
2013-02-05 14:16:51 -05:00
end
it 'returns false as a regular user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2013-07-09 16:48:26 -04:00
context 'not archived' do
it 'returns true as a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit? ( topic ) ) . to eq ( true )
2013-07-09 16:48:26 -04:00
end
it 'returns true as an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit? ( topic ) ) . to eq ( true )
2014-01-16 11:59:26 -05:00
end
it 'returns true at trust level 3' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_3 ) . can_edit? ( topic ) ) . to eq ( true )
2013-07-09 16:48:26 -04:00
end
2015-04-30 17:03:51 -04:00
it " returns false when the category is read only " do
topic . category . set_permissions ( everyone : :readonly )
topic . category . save
expect ( Guardian . new ( trust_level_3 ) . can_edit? ( topic ) ) . to eq ( false )
end
2013-02-05 14:16:51 -05:00
end
2014-09-11 17:39:20 +10:00
context 'private message' do
it 'returns false at trust level 3' do
topic . archetype = 'private_message'
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_3 ) . can_edit? ( topic ) ) . to eq ( false )
2014-09-11 17:39:20 +10:00
end
2016-01-29 00:35:56 +05:30
it 'returns false at trust level 4' do
topic . archetype = 'private_message'
expect ( Guardian . new ( trust_level_4 ) . can_edit? ( topic ) ) . to eq ( false )
end
2014-09-11 17:39:20 +10:00
end
2013-07-09 16:48:26 -04:00
context 'archived' do
2015-02-25 20:53:21 +01:00
let ( :archived_topic ) { build ( :topic , user : user , archived : true ) }
it 'returns true as a moderator' do
expect ( Guardian . new ( moderator ) . can_edit? ( archived_topic ) ) . to be_truthy
end
it 'returns true as an admin' do
expect ( Guardian . new ( admin ) . can_edit? ( archived_topic ) ) . to be_truthy
end
2016-01-29 00:35:56 +05:30
it 'returns true at trust level 4' do
expect ( Guardian . new ( trust_level_4 ) . can_edit? ( archived_topic ) ) . to be_truthy
end
it 'returns false at trust level 3' do
expect ( Guardian . new ( trust_level_3 ) . can_edit? ( archived_topic ) ) . to be_falsey
2015-02-25 20:53:21 +01:00
end
it 'returns false as a topic creator' do
expect ( Guardian . new ( user ) . can_edit? ( archived_topic ) ) . to be_falsey
end
end
context 'very old' do
let ( :old_topic ) { build ( :topic , user : user , created_at : 6 . minutes . ago ) }
before { SiteSetting . stubs ( :post_edit_time_limit ) . returns ( 5 ) }
2014-08-15 12:44:58 -04:00
it 'returns true as a moderator' do
2015-02-25 20:53:21 +01:00
expect ( Guardian . new ( moderator ) . can_edit? ( old_topic ) ) . to be_truthy
2013-07-09 16:48:26 -04:00
end
2014-08-15 12:44:58 -04:00
it 'returns true as an admin' do
2015-02-25 20:53:21 +01:00
expect ( Guardian . new ( admin ) . can_edit? ( old_topic ) ) . to be_truthy
2014-08-15 12:44:58 -04:00
end
it 'returns true at trust level 3' do
2015-02-25 20:53:21 +01:00
expect ( Guardian . new ( trust_level_3 ) . can_edit? ( old_topic ) ) . to be_truthy
2014-01-16 11:59:26 -05:00
end
2014-08-15 12:44:58 -04:00
it 'returns false as a topic creator' do
2015-02-25 20:53:21 +01:00
expect ( Guardian . new ( user ) . can_edit? ( old_topic ) ) . to be_falsey
2013-07-09 16:48:26 -04:00
end
2013-02-05 14:16:51 -05:00
end
end
describe 'a Category' do
let ( :category ) { Fabricate ( :category ) }
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_edit? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false as a regular user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( category . user ) . can_edit? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-02-07 14:11:52 +11:00
it 'returns false as a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true as an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit? ( category ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
describe 'a User' do
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_edit? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false as a different user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_edit? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when trying to edit yourself' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit? ( user ) ) . to be_truthy
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
2013-05-02 15:15:17 +10:00
it 'returns true as a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit? ( user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns true as an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit? ( user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
end
context 'can_moderate?' do
it 'returns false with a nil object' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_moderate? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
context 'a Topic' do
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_moderate? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false when not a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_moderate? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_moderate? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_moderate? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-03-17 14:50:28 -04:00
it 'returns true when trust level 4' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( trust_level_4 ) . can_moderate? ( topic ) ) . to be_truthy
2014-03-17 14:50:28 -04:00
end
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
end
context 'can_see_flags?' do
it " returns false when there is no post " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_see_flags? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when there is no user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_see_flags? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2013-08-13 22:08:29 +02:00
it " allow regular users to see flags " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see_flags? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " allows moderators to see flags " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_see_flags? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " allows moderators to see flags " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_see_flags? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
context 'can_move_posts?' do
it 'returns false with a nil object' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_move_posts? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
context 'a Topic' do
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_move_posts? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false when not a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_move_posts? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_move_posts? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_move_posts? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
end
context 'can_delete?' do
it 'returns false with a nil object' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
context 'a Topic' do
2013-10-24 10:05:51 +11:00
before do
# pretend we have a real topic
topic . id = 9999999
end
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_delete? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false when not a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( topic ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( topic ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-08-13 17:02:44 -04:00
it 'returns false for static doc topics' do
tos_topic = Fabricate ( :topic , user : Discourse . system_user )
SiteSetting . stubs ( :tos_topic_id ) . returns ( tos_topic . id )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( tos_topic ) ) . to be_falsey
2014-08-13 17:02:44 -04:00
end
2013-02-05 14:16:51 -05:00
end
context 'a Post' do
before do
post . post_number = 2
end
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_delete? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2013-02-07 15:12:55 -05:00
it " returns false when trying to delete your own post that has already been deleted " do
2013-05-21 16:39:51 +10:00
post = Fabricate ( :post )
2013-03-18 17:52:29 -04:00
PostDestroyer . new ( user , post ) . destroy
2013-02-07 15:12:55 -05:00
post . reload
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2013-02-07 15:12:55 -05:00
it 'returns true when trying to delete your own post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( post ) ) . to be_truthy
2013-02-07 15:12:55 -05:00
end
it " returns false when trying to delete another user's own post " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( Fabricate ( :user ) ) . can_delete? ( post ) ) . to be_falsey
2013-02-07 15:12:55 -05:00
end
2013-02-05 14:16:51 -05:00
it " returns false when it's the OP, even as a moderator " do
post . update_attribute :post_number , 1
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( post ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( post ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-01-07 10:32:09 -05:00
2014-08-13 17:02:44 -04:00
it 'returns false when post is first in a static doc topic' do
tos_topic = Fabricate ( :topic , user : Discourse . system_user )
SiteSetting . stubs ( :tos_topic_id ) . returns ( tos_topic . id )
post . update_attribute :post_number , 1
post . update_attribute :topic_id , tos_topic . id
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( post ) ) . to be_falsey
2014-08-13 17:02:44 -04:00
end
2014-01-07 10:32:09 -05:00
context 'post is older than post_edit_time_limit' do
let ( :old_post ) { build ( :post , topic : topic , user : topic . user , post_number : 2 , created_at : 6 . minutes . ago ) }
before do
SiteSetting . stubs ( :post_edit_time_limit ) . returns ( 5 )
end
it 'returns false to the author of the post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( old_post . user ) . can_delete? ( old_post ) ) . to eq ( false )
2014-01-07 10:32:09 -05:00
end
it 'returns true as a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( old_post ) ) . to eq ( true )
2014-01-07 10:32:09 -05:00
end
it 'returns true as an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( old_post ) ) . to eq ( true )
2014-01-07 10:32:09 -05:00
end
it " returns false when it's the OP, even as a moderator " do
old_post . post_number = 1
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( old_post ) ) . to eq ( false )
2014-01-07 10:32:09 -05:00
end
it 'returns false for another regular user trying to delete your post' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_delete? ( old_post ) ) . to eq ( false )
2014-01-07 10:32:09 -05:00
end
end
2014-01-17 17:42:12 -05:00
context 'the topic is archived' do
before do
post . topic . archived = true
end
it " allows a staff member to delete it " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( post ) ) . to be_truthy
2014-01-17 17:42:12 -05:00
end
it " doesn't allow a regular user to delete it " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( post . user ) . can_delete? ( post ) ) . to be_falsey
2014-01-17 17:42:12 -05:00
end
end
2013-02-05 14:16:51 -05:00
end
context 'a Category' do
2013-05-21 16:39:51 +10:00
let ( :category ) { build ( :category , user : moderator ) }
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_delete? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false when a regular user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-02-07 14:11:52 +11:00
it 'returns false when a moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns true when an admin' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( category ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " can't be deleted if it has a forum topic " do
category . topic_count = 10
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_delete? ( category ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
2014-02-12 15:24:44 -05:00
it " can't be deleted if it is the Uncategorized Category " do
2013-12-17 15:36:15 -05:00
uncategorized_cat_id = SiteSetting . uncategorized_category_id
uncategorized_category = Category . find ( uncategorized_cat_id )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( uncategorized_category ) ) . to be_falsey
2013-12-17 15:36:15 -05:00
end
2014-02-12 17:24:25 -05:00
it " can't be deleted if it has children " do
category . expects ( :has_children? ) . returns ( true )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete? ( category ) ) . to be_falsey
2014-02-12 17:24:25 -05:00
end
2013-02-05 14:16:51 -05:00
end
2013-11-07 13:53:32 -05:00
context 'can_suspend?' do
it 'returns false when a user tries to suspend another user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_suspend? ( coding_horror ) ) . to be_falsey
2013-05-21 16:39:51 +10:00
end
2013-11-07 13:53:32 -05:00
it 'returns true when an admin tries to suspend another user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_suspend? ( coding_horror ) ) . to be_truthy
2013-05-21 16:39:51 +10:00
end
2013-11-07 13:53:32 -05:00
it 'returns true when a moderator tries to suspend another user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_suspend? ( coding_horror ) ) . to be_truthy
2013-05-21 16:39:51 +10:00
end
2013-11-07 13:53:32 -05:00
it 'returns false when staff tries to suspend staff' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_suspend? ( moderator ) ) . to be_falsey
2013-05-21 16:39:51 +10:00
end
end
2013-02-05 14:16:51 -05:00
context 'a PostAction' do
2013-05-21 16:39:51 +10:00
let ( :post_action ) {
user . id = 1
post . id = 1
2013-05-19 23:04:53 -07:00
a = PostAction . new ( user : user , post : post , post_action_type_id : 1 )
2013-05-21 16:39:51 +10:00
a . created_at = 1 . minute . ago
a
}
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_delete? ( post_action ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'returns false when not the user who created it' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_delete? ( post_action ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false if the window has expired " do
post_action . created_at = 20 . minutes . ago
SiteSetting . expects ( :post_undo_action_window_mins ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( post_action ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns true if it's yours " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete? ( post_action ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
end
context 'can_approve?' do
it " wont allow a non-logged in user to approve " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_approve? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " wont allow a non-admin to approve a user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( coding_horror ) . can_approve? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " returns false when the user is already approved " do
user . approved = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_approve? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " allows an admin to approve a user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_approve? ( user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
it " allows a moderator to approve a user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_approve? ( user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
context 'can_grant_admin?' do
it " wont allow a non logged in user to grant an admin's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_grant_admin? ( another_admin ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " wont allow a regular user to revoke an admin's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_grant_admin? ( another_admin ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'wont allow an admin to grant their own access' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_admin? ( admin ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " allows an admin to grant a regular user access " do
2013-05-21 16:39:51 +10:00
admin . id = 1
user . id = 2
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_admin? ( user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
context 'can_revoke_admin?' do
it " wont allow a non logged in user to revoke an admin's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_revoke_admin? ( another_admin ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " wont allow a regular user to revoke an admin's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_revoke_admin? ( another_admin ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'wont allow an admin to revoke their own access' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_revoke_admin? ( admin ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it " allows an admin to revoke another admin's access " do
2013-05-21 16:39:51 +10:00
admin . id = 1
another_admin . id = 2
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_revoke_admin? ( another_admin ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
end
2013-02-12 22:58:08 +00:00
context 'can_grant_moderation?' do
2013-05-09 17:35:15 +10:00
2013-02-12 22:58:08 +00:00
it " wont allow a non logged in user to grant an moderator's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_grant_moderation? ( user ) ) . to be_falsey
2013-02-12 22:58:08 +00:00
end
2013-05-19 23:04:53 -07:00
it " wont allow a regular user to revoke an moderator's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_grant_moderation? ( moderator ) ) . to be_falsey
2013-02-12 22:58:08 +00:00
end
2013-05-09 17:35:15 +10:00
it 'will allow an admin to grant their own moderator access' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_moderation? ( admin ) ) . to be_truthy
2013-02-12 22:58:08 +00:00
end
it 'wont allow an admin to grant it to an already moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_moderation? ( moderator ) ) . to be_falsey
2013-02-12 22:58:08 +00:00
end
it " allows an admin to grant a regular user access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_moderation? ( user ) ) . to be_truthy
2013-02-12 22:58:08 +00:00
end
end
context 'can_revoke_moderation?' do
it " wont allow a non logged in user to revoke an moderator's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new . can_revoke_moderation? ( moderator ) ) . to be_falsey
2013-02-12 22:58:08 +00:00
end
it " wont allow a regular user to revoke an moderator's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_revoke_moderation? ( moderator ) ) . to be_falsey
2013-02-12 22:58:08 +00:00
end
2013-05-09 17:35:15 +10:00
it 'wont allow a moderator to revoke their own moderator' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_revoke_moderation? ( moderator ) ) . to be_falsey
2013-02-12 22:58:08 +00:00
end
it " allows an admin to revoke a moderator's access " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_revoke_moderation? ( moderator ) ) . to be_truthy
2013-02-12 22:58:08 +00:00
end
2013-05-09 17:35:15 +10:00
it " allows an admin to revoke a moderator's access from self " do
admin . moderator = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_revoke_moderation? ( admin ) ) . to be_truthy
2013-05-09 17:35:15 +10:00
end
it " does not allow revoke from non moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_revoke_moderation? ( admin ) ) . to be_falsey
2013-05-09 17:35:15 +10:00
end
2013-02-12 22:58:08 +00:00
end
2014-03-21 14:13:04 -04:00
context " can_see_invite_details? " do
2013-02-05 14:16:51 -05:00
it 'is false without a logged in user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_see_invite_details? ( user ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'is false without a user to look at' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see_invite_details? ( nil ) ) . to be_falsey
2013-02-05 14:16:51 -05:00
end
it 'is true when looking at your own invites' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_see_invite_details? ( user ) ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2013-04-03 12:23:28 -04:00
end
context " can_access_forum? " do
let ( :unapproved_user ) { Fabricate . build ( :user ) }
context " when must_approve_users is false " do
before do
SiteSetting . stubs ( :must_approve_users? ) . returns ( false )
end
it " returns true for a nil user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_access_forum? ) . to be_truthy
2013-04-03 12:23:28 -04:00
end
it " returns true for an unapproved user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( unapproved_user ) . can_access_forum? ) . to be_truthy
2013-04-03 12:23:28 -04:00
end
end
context 'when must_approve_users is true' do
before do
SiteSetting . stubs ( :must_approve_users? ) . returns ( true )
end
it " returns false for a nil user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_access_forum? ) . to be_falsey
2013-04-03 12:23:28 -04:00
end
it " returns false for an unapproved user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( unapproved_user ) . can_access_forum? ) . to be_falsey
2013-04-03 12:23:28 -04:00
end
it " returns true for an admin user " do
unapproved_user . admin = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( unapproved_user ) . can_access_forum? ) . to be_truthy
2013-04-03 12:23:28 -04:00
end
it " returns true for an approved user " do
unapproved_user . approved = true
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( unapproved_user ) . can_access_forum? ) . to be_truthy
2013-04-03 12:23:28 -04:00
end
end
2013-02-05 14:16:51 -05:00
end
2013-07-26 15:40:08 -04:00
describe " can_delete_user? " do
2013-04-11 16:04:20 -04:00
it " is false without a logged in user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_delete_user? ( user ) ) . to be_falsey
2013-04-11 16:04:20 -04:00
end
it " is false without a user to look at " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete_user? ( nil ) ) . to be_falsey
2013-04-11 16:04:20 -04:00
end
it " is false for regular users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete_user? ( coding_horror ) ) . to be_falsey
2014-02-13 11:42:35 -05:00
end
context " delete myself " do
2014-07-28 19:17:37 +02:00
let ( :myself ) { Fabricate ( :user , created_at : 6 . months . ago ) }
2014-02-13 11:42:35 -05:00
subject { Guardian . new ( myself ) . can_delete_user? ( myself ) }
it " is true to delete myself and I have never made a post " do
2015-01-09 13:34:37 -03:00
expect ( subject ) . to be_truthy
2014-02-13 11:42:35 -05:00
end
it " is true to delete myself and I have only made 1 post " do
myself . stubs ( :post_count ) . returns ( 1 )
2015-01-09 13:34:37 -03:00
expect ( subject ) . to be_truthy
2014-02-13 11:42:35 -05:00
end
it " is false to delete myself and I have made 2 posts " do
myself . stubs ( :post_count ) . returns ( 2 )
2015-01-09 13:34:37 -03:00
expect ( subject ) . to be_falsey
2014-02-13 11:42:35 -05:00
end
2013-04-11 16:04:20 -04:00
end
2013-07-26 15:40:08 -04:00
shared_examples " can_delete_user examples " do
2014-02-20 12:29:40 -05:00
it " is true if user is not an admin and has never posted " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_user? ( Fabricate . build ( :user , created_at : 100 . days . ago ) ) ) . to be_truthy
2014-02-20 12:29:40 -05:00
end
2013-07-26 15:40:08 -04:00
2014-02-20 12:29:40 -05:00
it " is true if user is not an admin and first post is not too old " do
user = Fabricate . build ( :user , created_at : 100 . days . ago )
2014-07-28 19:17:37 +02:00
user . stubs ( :first_post_created_at ) . returns ( 9 . days . ago )
2014-02-20 12:29:40 -05:00
SiteSetting . stubs ( :delete_user_max_post_age ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_user? ( user ) ) . to be_truthy
2013-07-26 15:40:08 -04:00
end
it " is false if user is an admin " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_user? ( another_admin ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
2014-02-20 12:29:40 -05:00
it " is false if user's first post is too old " do
user = Fabricate . build ( :user , created_at : 100 . days . ago )
2014-07-28 19:17:37 +02:00
user . stubs ( :first_post_created_at ) . returns ( 11 . days . ago )
2014-02-20 12:29:40 -05:00
SiteSetting . stubs ( :delete_user_max_post_age ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_user? ( user ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
end
context " for moderators " do
let ( :actor ) { moderator }
include_examples " can_delete_user examples "
2013-04-11 16:04:20 -04:00
end
context " for admins " do
2013-07-26 15:40:08 -04:00
let ( :actor ) { admin }
include_examples " can_delete_user examples "
end
end
describe " can_delete_all_posts? " do
it " is false without a logged in user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_delete_all_posts? ( user ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
it " is false without a user to look at " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_delete_all_posts? ( nil ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
it " is false for regular users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_delete_all_posts? ( coding_horror ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
shared_examples " can_delete_all_posts examples " do
2014-02-20 12:29:40 -05:00
it " is true if user has no posts " do
SiteSetting . stubs ( :delete_user_max_post_age ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_all_posts? ( Fabricate ( :user , created_at : 100 . days . ago ) ) ) . to be_truthy
2014-02-20 12:29:40 -05:00
end
it " is true if user's first post is newer than delete_user_max_post_age days old " do
2014-07-28 19:17:37 +02:00
user = Fabricate ( :user , created_at : 100 . days . ago )
user . stubs ( :first_post_created_at ) . returns ( 9 . days . ago )
2014-02-20 12:29:40 -05:00
SiteSetting . stubs ( :delete_user_max_post_age ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_all_posts? ( user ) ) . to be_truthy
2013-07-26 15:40:08 -04:00
end
2014-02-20 12:29:40 -05:00
it " is false if user's first post is older than delete_user_max_post_age days old " do
2014-07-28 19:17:37 +02:00
user = Fabricate ( :user , created_at : 100 . days . ago )
user . stubs ( :first_post_created_at ) . returns ( 11 . days . ago )
2014-02-20 12:29:40 -05:00
SiteSetting . stubs ( :delete_user_max_post_age ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_all_posts? ( user ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
it " is false if user is an admin " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_all_posts? ( admin ) ) . to be_falsey
2013-04-11 16:04:20 -04:00
end
2013-07-26 15:40:08 -04:00
it " is true if number of posts is small " do
2014-07-28 19:17:37 +02:00
u = Fabricate ( :user , created_at : 1 . day . ago )
2013-07-26 15:40:08 -04:00
u . stubs ( :post_count ) . returns ( 1 )
SiteSetting . stubs ( :delete_all_posts_max ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_all_posts? ( u ) ) . to be_truthy
2013-04-11 16:04:20 -04:00
end
2013-07-26 15:40:08 -04:00
it " is false if number of posts is not small " do
2014-07-28 19:17:37 +02:00
u = Fabricate ( :user , created_at : 1 . day . ago )
2013-07-26 15:40:08 -04:00
u . stubs ( :post_count ) . returns ( 11 )
SiteSetting . stubs ( :delete_all_posts_max ) . returns ( 10 )
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( actor ) . can_delete_all_posts? ( u ) ) . to be_falsey
2013-07-26 15:40:08 -04:00
end
end
context " for moderators " do
let ( :actor ) { moderator }
include_examples " can_delete_all_posts examples "
end
context " for admins " do
let ( :actor ) { admin }
include_examples " can_delete_all_posts examples "
2013-04-11 16:04:20 -04:00
end
end
2015-03-06 16:44:54 -05:00
describe " can_anonymize_user? " do
it " is false without a logged in user " do
expect ( Guardian . new ( nil ) . can_anonymize_user? ( user ) ) . to be_falsey
end
it " is false without a user to look at " do
expect ( Guardian . new ( admin ) . can_anonymize_user? ( nil ) ) . to be_falsey
end
it " is false for a regular user " do
expect ( Guardian . new ( user ) . can_anonymize_user? ( coding_horror ) ) . to be_falsey
end
it " is false for myself " do
expect ( Guardian . new ( user ) . can_anonymize_user? ( user ) ) . to be_falsey
end
it " is true for admin anonymizing a regular user " do
2015-04-25 11:18:35 -04:00
expect ( Guardian . new ( admin ) . can_anonymize_user? ( user ) ) . to eq ( true )
2015-03-06 16:44:54 -05:00
end
it " is true for moderator anonymizing a regular user " do
2015-04-25 11:18:35 -04:00
expect ( Guardian . new ( moderator ) . can_anonymize_user? ( user ) ) . to eq ( true )
2015-03-06 16:44:54 -05:00
end
it " is false for admin anonymizing an admin " do
expect ( Guardian . new ( admin ) . can_anonymize_user? ( Fabricate ( :admin ) ) ) . to be_falsey
end
it " is false for admin anonymizing a moderator " do
expect ( Guardian . new ( admin ) . can_anonymize_user? ( Fabricate ( :moderator ) ) ) . to be_falsey
end
it " is false for moderator anonymizing an admin " do
expect ( Guardian . new ( moderator ) . can_anonymize_user? ( admin ) ) . to be_falsey
end
it " is false for moderator anonymizing a moderator " do
expect ( Guardian . new ( moderator ) . can_anonymize_user? ( Fabricate ( :moderator ) ) ) . to be_falsey
end
end
2013-06-25 18:39:20 -04:00
describe 'can_grant_title?' do
it 'is false without a logged in user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_grant_title? ( user ) ) . to be_falsey
2013-06-25 18:39:20 -04:00
end
it 'is false for regular users' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_grant_title? ( user ) ) . to be_falsey
2013-06-25 18:39:20 -04:00
end
it 'is true for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_grant_title? ( user ) ) . to be_truthy
2013-06-25 18:39:20 -04:00
end
it 'is true for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_title? ( user ) ) . to be_truthy
2013-06-25 18:39:20 -04:00
end
it 'is false without a user to look at' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_grant_title? ( nil ) ) . to be_falsey
2013-06-25 18:39:20 -04:00
end
end
2013-07-23 09:13:48 +10:00
describe 'can_change_trust_level?' do
it 'is false without a logged in user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_change_trust_level? ( user ) ) . to be_falsey
2013-07-23 09:13:48 +10:00
end
it 'is false for regular users' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_change_trust_level? ( user ) ) . to be_falsey
2013-07-23 09:13:48 +10:00
end
it 'is true for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_change_trust_level? ( user ) ) . to be_truthy
2013-07-23 09:13:48 +10:00
end
it 'is true for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_change_trust_level? ( user ) ) . to be_truthy
2013-07-23 09:13:48 +10:00
end
end
2013-08-12 14:54:52 -04:00
describe " can_edit_username? " do
it " is false without a logged in user " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_edit_username? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2013-08-12 14:54:52 -04:00
end
it " is false for regular users to edit another user's username " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_edit_username? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2013-08-12 14:54:52 -04:00
end
shared_examples " staff can always change usernames " do
it " is true for moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_username? ( user ) ) . to be_truthy
2013-08-12 14:54:52 -04:00
end
it " is true for admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_username? ( user ) ) . to be_truthy
2013-08-12 14:54:52 -04:00
end
end
context 'for a new user' do
2014-07-28 19:17:37 +02:00
let ( :target_user ) { Fabricate ( :user , created_at : 1 . minute . ago ) }
2013-08-12 14:54:52 -04:00
include_examples " staff can always change usernames "
2013-12-03 10:19:54 +05:30
it " is true for the user to change their own username " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( target_user ) . can_edit_username? ( target_user ) ) . to be_truthy
2013-08-12 14:54:52 -04:00
end
end
context 'for an old user' do
before do
SiteSetting . stubs ( :username_change_period ) . returns ( 3 )
end
2014-07-28 19:17:37 +02:00
let ( :target_user ) { Fabricate ( :user , created_at : 4 . days . ago ) }
2013-08-12 14:54:52 -04:00
2013-08-23 11:23:00 -04:00
context 'with no posts' do
include_examples " staff can always change usernames "
2013-12-03 10:19:54 +05:30
it " is true for the user to change their own username " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( target_user ) . can_edit_username? ( target_user ) ) . to be_truthy
2013-08-23 11:23:00 -04:00
end
end
2013-08-12 14:54:52 -04:00
2013-08-23 11:23:00 -04:00
context 'with posts' do
before { target_user . stubs ( :post_count ) . returns ( 1 ) }
include_examples " staff can always change usernames "
2013-12-03 10:19:54 +05:30
it " is false for the user to change their own username " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( target_user ) . can_edit_username? ( target_user ) ) . to be_falsey
2013-08-23 11:23:00 -04:00
end
2013-08-12 14:54:52 -04:00
end
end
2013-09-08 11:42:41 +09:00
context 'when editing is disabled in preferences' do
before do
SiteSetting . stubs ( :username_change_period ) . returns ( 0 )
end
include_examples " staff can always change usernames "
2013-12-03 10:19:54 +05:30
it " is false for the user to change their own username " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_username? ( user ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
end
2014-03-09 21:38:36 -04:00
context 'when SSO username override is active' do
before do
SiteSetting . stubs ( :enable_sso ) . returns ( true )
SiteSetting . stubs ( :sso_overrides_username ) . returns ( true )
end
it " is false for admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_username? ( admin ) ) . to be_falsey
2014-03-09 21:38:36 -04:00
end
it " is false for moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_username? ( moderator ) ) . to be_falsey
2014-03-09 21:38:36 -04:00
end
it " is false for users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_username? ( user ) ) . to be_falsey
2014-03-09 21:38:36 -04:00
end
end
2013-09-08 11:42:41 +09:00
end
describe " can_edit_email? " do
context 'when allowed in settings' do
before do
SiteSetting . stubs ( :email_editable? ) . returns ( true )
end
it " is false when not logged in " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_edit_email? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
it " is false for regular users to edit another user's email " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_edit_email? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
2013-12-03 10:19:54 +05:30
it " is true for a regular user to edit their own email " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_email? ( user ) ) . to be_truthy
2013-09-08 11:42:41 +09:00
end
it " is true for moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_email? ( user ) ) . to be_truthy
2013-09-08 11:42:41 +09:00
end
it " is true for admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_email? ( user ) ) . to be_truthy
2013-09-08 11:42:41 +09:00
end
end
context 'when not allowed in settings' do
before do
SiteSetting . stubs ( :email_editable? ) . returns ( false )
end
it " is false when not logged in " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_edit_email? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
it " is false for regular users to edit another user's email " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_edit_email? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
2013-12-03 10:19:54 +05:30
it " is false for a regular user to edit their own email " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_email? ( user ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
2014-08-15 12:56:03 +10:00
it " is false for admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_email? ( user ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
2014-08-15 12:56:03 +10:00
it " is false for moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_email? ( user ) ) . to be_falsey
2013-09-08 11:42:41 +09:00
end
end
2013-08-12 14:54:52 -04:00
2014-03-09 21:38:36 -04:00
context 'when SSO email override is active' do
before do
SiteSetting . stubs ( :enable_sso ) . returns ( true )
SiteSetting . stubs ( :sso_overrides_email ) . returns ( true )
end
it " is false for admins " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_email? ( admin ) ) . to be_falsey
2014-03-09 21:38:36 -04:00
end
it " is false for moderators " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_email? ( moderator ) ) . to be_falsey
2014-03-09 21:38:36 -04:00
end
it " is false for users " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_email? ( user ) ) . to be_falsey
2014-03-09 21:38:36 -04:00
end
end
end
2014-03-13 13:26:40 -07:00
describe 'can_edit_name?' do
it 'is false without a logged in user' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( nil ) . can_edit_name? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
it " is false for regular users to edit another user's name " do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( build ( :user ) ) . can_edit_name? ( build ( :user , created_at : 1 . minute . ago ) ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
context 'for a new user' do
let ( :target_user ) { build ( :user , created_at : 1 . minute . ago ) }
it 'is true for the user to change their own name' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( target_user ) . can_edit_name? ( target_user ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
it 'is true for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_name? ( user ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
it 'is true for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_name? ( user ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
end
context 'when name is disabled in preferences' do
before do
SiteSetting . stubs ( :enable_names ) . returns ( false )
end
it 'is false for the user to change their own name' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_name? ( user ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
it 'is false for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_name? ( user ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
it 'is false for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_name? ( user ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
end
context 'when name is enabled in preferences' do
before do
SiteSetting . stubs ( :enable_names ) . returns ( true )
end
context 'when SSO is disabled' do
before do
SiteSetting . stubs ( :enable_sso ) . returns ( false )
SiteSetting . stubs ( :sso_overrides_name ) . returns ( false )
end
it 'is true for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_name? ( admin ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
it 'is true for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_name? ( moderator ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
it 'is true for users' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_name? ( user ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
end
context 'when SSO is enabled' do
before do
SiteSetting . stubs ( :enable_sso ) . returns ( true )
end
context 'when SSO name override is active' do
before do
SiteSetting . stubs ( :sso_overrides_name ) . returns ( true )
end
it 'is false for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_name? ( admin ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
it 'is false for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_name? ( moderator ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
it 'is false for users' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_name? ( user ) ) . to be_falsey
2014-03-13 13:26:40 -07:00
end
end
context 'when SSO name override is not active' do
before do
SiteSetting . stubs ( :sso_overrides_name ) . returns ( false )
end
it 'is true for admins' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( admin ) . can_edit_name? ( admin ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
it 'is true for moderators' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( moderator ) . can_edit_name? ( moderator ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
it 'is true for users' do
2015-01-09 13:34:37 -03:00
expect ( Guardian . new ( user ) . can_edit_name? ( user ) ) . to be_truthy
2014-03-13 13:26:40 -07:00
end
end
end
end
end
2014-05-13 08:53:11 -04:00
describe 'can_wiki?' do
2016-01-11 20:56:00 +05:30
let ( :post ) { build ( :post ) }
2014-05-13 08:53:11 -04:00
it 'returns false for regular user' do
2016-01-11 20:56:00 +05:30
expect ( Guardian . new ( coding_horror ) . can_wiki? ( post ) ) . to be_falsey
end
it " returns false when user does not satisfy trust level but owns the post " do
own_post = Fabricate ( :post , user : trust_level_2 )
expect ( Guardian . new ( trust_level_2 ) . can_wiki? ( own_post ) ) . to be_falsey
end
it " returns false when user satisfies trust level but tries to wiki someone else's post " do
SiteSetting . min_trust_to_allow_self_wiki = 2
expect ( Guardian . new ( trust_level_2 ) . can_wiki? ( post ) ) . to be_falsey
end
it 'returns true when user satisfies trust level and owns the post' do
SiteSetting . min_trust_to_allow_self_wiki = 2
own_post = Fabricate ( :post , user : trust_level_2 )
expect ( Guardian . new ( trust_level_2 ) . can_wiki? ( own_post ) ) . to be_truthy
2014-05-13 08:53:11 -04:00
end
it 'returns true for admin user' do
2016-01-11 20:56:00 +05:30
expect ( Guardian . new ( admin ) . can_wiki? ( post ) ) . to be_truthy
2014-05-13 08:53:11 -04:00
end
2014-09-05 16:52:40 +10:00
it 'returns true for trust_level_4 user' do
2016-01-11 20:56:00 +05:30
expect ( Guardian . new ( trust_level_4 ) . can_wiki? ( post ) ) . to be_truthy
2014-05-13 08:53:11 -04:00
end
end
2013-02-05 14:16:51 -05:00
end
