discourse/spec/components/guardian_spec.rb

2277 lines
76 KiB
Ruby

require 'rails_helper'
require 'guardian'
require_dependency 'post_destroyer'
describe Guardian do
let(:user) { build(:user) }
let(:moderator) { build(:moderator) }
let(:admin) { build(:admin) }
let(:trust_level_2) { build(:user, trust_level: 2) }
let(:trust_level_3) { build(:user, trust_level: 3) }
let(:trust_level_4) { build(:user, trust_level: 4) }
let(:another_admin) { build(:admin) }
let(:coding_horror) { build(:coding_horror) }
let(:topic) { build(:topic, user: user) }
let(:post) { build(:post, topic: topic, user: topic.user) }
it 'can be created without a user (not logged in)' do
expect { Guardian.new }.not_to raise_error
end
it 'can be instantiated with a user instance' do
expect { Guardian.new(user) }.not_to raise_error
end
describe 'post_can_act?' do
let(:post) { build(:post) }
let(:user) { build(:user) }
it "returns false when the user is nil" do
expect(Guardian.new(nil).post_can_act?(post, :like)).to be_falsey
end
it "returns false when the post is nil" do
expect(Guardian.new(user).post_can_act?(nil, :like)).to be_falsey
end
it "returns false when the topic is archived" do
post.topic.archived = true
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
end
it "returns false when the post is deleted" do
post.deleted_at = Time.now
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
end
it "always allows flagging" do
post.topic.archived = true
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
end
it "returns false when liking yourself" do
expect(Guardian.new(post.user).post_can_act?(post, :like)).to be_falsey
end
it "returns false when you've already done it" do
expect(Guardian.new(user).post_can_act?(post, :like, taken_actions: {PostActionType.types[:like] => 1})).to be_falsey
end
it "returns false when you already flagged a post" do
expect(Guardian.new(user).post_can_act?(post, :off_topic, taken_actions: {PostActionType.types[:spam] => 1})).to be_falsey
end
it "returns false for notify_user if private messages are disabled" do
SiteSetting.enable_private_messages = false
user.trust_level = TrustLevel[2]
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey
expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_falsey
end
it "returns false for notify_user if private messages are enabled but threshold not met" do
SiteSetting.enable_private_messages = true
SiteSetting.min_trust_to_send_messages = 2
user.trust_level = TrustLevel[1]
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey
expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_truthy
end
describe "trust levels" do
it "returns true for a new user liking something" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).post_can_act?(post, :like)).to be_truthy
end
it "returns false for a new user flagging a standard post as spam" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_falsey
end
it "returns true for a new user flagging a private message as spam" do
post.topic.archetype = Archetype.private_message
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy
end
it "returns false for a new user flagging something as off topic" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).post_can_act?(post, :off_topic)).to be_falsey
end
it "returns false for a new user flagging with notify_user" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey # because new users can't send private messages
end
end
end
describe "can_defer_flags" do
let(:post) { Fabricate(:post) }
let(:user) { post.user }
let(:moderator) { Fabricate(:moderator) }
it "returns false when the user is nil" do
expect(Guardian.new(nil).can_defer_flags?(post)).to be_falsey
end
it "returns false when the post is nil" do
expect(Guardian.new(moderator).can_defer_flags?(nil)).to be_falsey
end
it "returns false when the user is not a moderator" do
expect(Guardian.new(user).can_defer_flags?(post)).to be_falsey
end
it "returns true when the user is a moderator" do
expect(Guardian.new(moderator).can_defer_flags?(post)).to be_truthy
end
end
describe 'can_send_private_message' do
let(:user) { Fabricate(:user) }
let(:another_user) { Fabricate(:user) }
let(:suspended_user) { Fabricate(:user, suspended_till: 1.week.from_now, suspended_at: 1.day.ago) }
it "returns false when the user is nil" do
expect(Guardian.new(nil).can_send_private_message?(user)).to be_falsey
end
it "returns false when the target user is nil" do
expect(Guardian.new(user).can_send_private_message?(nil)).to be_falsey
end
it "returns false when the target is the same as the user" do
expect(Guardian.new(user).can_send_private_message?(user)).to be_falsey
end
it "returns false when you are untrusted" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
end
it "returns true to another user" do
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy
end
it "disallows pms to other users if trust level is not met" do
SiteSetting.min_trust_to_send_messages = TrustLevel[2]
user.trust_level = TrustLevel[1]
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
end
context "enable_private_messages is false" do
before { SiteSetting.enable_private_messages = false }
it "returns false if user is not the contact user" do
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
end
it "returns true for the contact user and system user" do
SiteSetting.site_contact_username = user.username
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy
expect(Guardian.new(Discourse.system_user).can_send_private_message?(another_user)).to be_truthy
end
end
context "target user is suspended" do
it "returns true for staff" do
expect(Guardian.new(admin).can_send_private_message?(suspended_user)).to be_truthy
expect(Guardian.new(moderator).can_send_private_message?(suspended_user)).to be_truthy
end
it "returns false for regular users" do
expect(Guardian.new(user).can_send_private_message?(suspended_user)).to be_falsey
end
end
context "author is blocked" do
before do
user.blocked = true
user.save
end
it "returns true if target is staff" do
expect(Guardian.new(user).can_send_private_message?(admin)).to be_truthy
expect(Guardian.new(user).can_send_private_message?(moderator)).to be_truthy
end
it "returns false if target is not staff" do
expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey
end
it "returns true if target is a staff group" do
Group::STAFF_GROUPS.each do |name|
g = Group[name]
g.alias_level = Group::ALIAS_LEVELS[:everyone]
expect(Guardian.new(user).can_send_private_message?(g)).to be_truthy
end
end
end
end
describe 'can_reply_as_new_topic' do
let(:user) { Fabricate(:user) }
let(:topic) { Fabricate(:topic) }
it "returns false for a non logged in user" do
expect(Guardian.new(nil).can_reply_as_new_topic?(topic)).to be_falsey
end
it "returns false for a nil topic" do
expect(Guardian.new(user).can_reply_as_new_topic?(nil)).to be_falsey
end
it "returns false for an untrusted user" do
user.trust_level = TrustLevel[0]
expect(Guardian.new(user).can_reply_as_new_topic?(topic)).to be_falsey
end
it "returns true for a trusted user" do
expect(Guardian.new(user).can_reply_as_new_topic?(topic)).to be_truthy
end
end
describe 'can_see_post_actors?' do
let(:topic) { Fabricate(:topic, user: coding_horror)}
it 'displays visibility correctly' do
guardian = Guardian.new(user)
expect(guardian.can_see_post_actors?(nil, PostActionType.types[:like])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:like])).to be_truthy
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:bookmark])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:off_topic])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:spam])).to be_falsey
expect(guardian.can_see_post_actors?(topic, PostActionType.types[:vote])).to be_truthy
end
it 'returns false for private votes' do
topic.expects(:has_meta_data_boolean?).with(:private_poll).returns(true)
expect(Guardian.new(user).can_see_post_actors?(topic, PostActionType.types[:vote])).to be_falsey
end
end
describe 'can_impersonate?' do
it 'allows impersonation correctly' do
expect(Guardian.new(admin).can_impersonate?(nil)).to be_falsey
expect(Guardian.new.can_impersonate?(user)).to be_falsey
expect(Guardian.new(coding_horror).can_impersonate?(user)).to be_falsey
expect(Guardian.new(admin).can_impersonate?(admin)).to be_falsey
expect(Guardian.new(admin).can_impersonate?(another_admin)).to be_falsey
expect(Guardian.new(admin).can_impersonate?(user)).to be_truthy
expect(Guardian.new(admin).can_impersonate?(moderator)).to be_truthy
Rails.configuration.stubs(:developer_emails).returns([admin.email])
expect(Guardian.new(admin).can_impersonate?(another_admin)).to be_truthy
end
end
describe 'can_invite_to_forum?' do
let(:user) { Fabricate.build(:user) }
let(:moderator) { Fabricate.build(:moderator) }
it "doesn't allow anonymous users to invite" do
expect(Guardian.new.can_invite_to_forum?).to be_falsey
end
it 'returns true when the site requires approving users and is mod' do
SiteSetting.expects(:must_approve_users?).returns(true)
expect(Guardian.new(moderator).can_invite_to_forum?).to be_truthy
end
it 'returns false when max_invites_per_day is 0' do
# let's also break it while here
SiteSetting.max_invites_per_day = "a"
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
# staff should be immune to max_invites_per_day setting
expect(Guardian.new(moderator).can_invite_to_forum?).to be_truthy
end
it 'returns false when the site requires approving users and is regular' do
SiteSetting.expects(:must_approve_users?).returns(true)
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
end
it 'returns false when the local logins are disabled' do
SiteSetting.stubs(:enable_local_logins).returns(false)
expect(Guardian.new(user).can_invite_to_forum?).to be_falsey
expect(Guardian.new(moderator).can_invite_to_forum?).to be_falsey
end
end
describe 'can_invite_to?' do
let(:group) { Fabricate(:group) }
let(:category) { Fabricate(:category, read_restricted: true) }
let(:topic) { Fabricate(:topic) }
let(:private_topic) { Fabricate(:topic, category: category) }
let(:user) { topic.user }
let(:moderator) { Fabricate(:moderator) }
let(:admin) { Fabricate(:admin) }
let(:private_category) { Fabricate(:private_category, group: group) }
let(:group_private_topic) { Fabricate(:topic, category: private_category) }
let(:group_owner) { group_private_topic.user.tap { |u| group.add_owner(u) } }
it 'handles invitation correctly' do
expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
SiteSetting.max_invites_per_day = 0
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
# staff should be immune to max_invites_per_day setting
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
end
it 'returns true when the site requires approving users and is mod' do
SiteSetting.expects(:must_approve_users?).returns(true)
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
end
it 'returns false when the site requires approving users and is regular' do
SiteSetting.expects(:must_approve_users?).returns(true)
expect(Guardian.new(coding_horror).can_invite_to?(topic)).to be_falsey
end
it 'returns false for normal user on private topic' do
expect(Guardian.new(user).can_invite_to?(private_topic)).to be_falsey
end
it 'returns true for admin on private topic' do
expect(Guardian.new(admin).can_invite_to?(private_topic)).to be_truthy
end
it 'returns true for a group owner' do
expect(Guardian.new(group_owner).can_invite_to?(group_private_topic)).to be_truthy
end
end
describe 'can_see?' do
it 'returns false with a nil object' do
expect(Guardian.new.can_see?(nil)).to be_falsey
end
describe 'a Group' do
let(:group) { Group.new }
let(:invisible_group) { Group.new(visible: false, name: 'invisible') }
it "returns true when the group is visible" do
expect(Guardian.new.can_see?(group)).to be_truthy
end
it "returns true when the group is invisible but the user is an admin" do
admin = Fabricate.build(:admin)
expect(Guardian.new(admin).can_see?(invisible_group)).to be_truthy
end
it "returns true when the group is invisible but the user is a member" do
invisible_group.save!
member = Fabricate.build(:user)
GroupUser.create(group: invisible_group, user: member)
expect(Guardian.new(member).can_see?(invisible_group)).to be_truthy
end
it "returns false when the group is invisible" do
expect(Guardian.new.can_see?(invisible_group)).to be_falsey
end
end
describe 'a Category' do
it 'allows public categories' do
public_category = build(:category, read_restricted: false)
expect(Guardian.new.can_see?(public_category)).to be_truthy
end
it 'correctly handles secure categories' do
normal_user = build(:user)
staged_user = build(:user, staged: true)
admin_user = build(:user, admin: true)
secure_category = build(:category, read_restricted: true)
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
secure_category = build(:category, read_restricted: true, email_in: "foo@bar.com")
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
secure_category = build(:category, read_restricted: true, email_in_allow_strangers: true)
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
secure_category = build(:category, read_restricted: true, email_in: "foo@bar.com", email_in_allow_strangers: true)
expect(Guardian.new(normal_user).can_see?(secure_category)).to be_falsey
expect(Guardian.new(staged_user).can_see?(secure_category)).to be_truthy
expect(Guardian.new(admin_user).can_see?(secure_category)).to be_truthy
end
it 'allows members of an authorized group' do
user = Fabricate(:user)
group = Fabricate(:group)
secure_category = Fabricate(:category)
secure_category.set_permissions(group => :readonly)
secure_category.save
expect(Guardian.new(user).can_see?(secure_category)).to be_falsey
group.add(user)
group.save
expect(Guardian.new(user).can_see?(secure_category)).to be_truthy
end
end
describe 'a Topic' do
it 'allows non logged in users to view topics' do
expect(Guardian.new.can_see?(topic)).to be_truthy
end
it 'correctly handles groups' do
group = Fabricate(:group)
category = Fabricate(:category, read_restricted: true)
category.set_permissions(group => :full)
category.save
topic = Fabricate(:topic, category: category)
expect(Guardian.new(user).can_see?(topic)).to be_falsey
group.add(user)
group.save
expect(Guardian.new(user).can_see?(topic)).to be_truthy
end
it "restricts deleted topics" do
topic = Fabricate(:topic)
topic.trash!(moderator)
expect(Guardian.new(build(:user)).can_see?(topic)).to be_falsey
expect(Guardian.new(moderator).can_see?(topic)).to be_truthy
expect(Guardian.new(admin).can_see?(topic)).to be_truthy
end
it "restricts private topics" do
user.save!
private_topic = Fabricate(:private_message_topic, user: user)
expect(Guardian.new(private_topic.user).can_see?(private_topic)).to be_truthy
expect(Guardian.new(build(:user)).can_see?(private_topic)).to be_falsey
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
expect(Guardian.new(admin).can_see?(private_topic)).to be_truthy
end
it "restricts private deleted topics" do
user.save!
private_topic = Fabricate(:private_message_topic, user: user)
private_topic.trash!(admin)
expect(Guardian.new(private_topic.user).can_see?(private_topic)).to be_falsey
expect(Guardian.new(build(:user)).can_see?(private_topic)).to be_falsey
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
expect(Guardian.new(admin).can_see?(private_topic)).to be_truthy
end
it "restricts static doc topics" do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
expect(Guardian.new(build(:user)).can_edit?(tos_topic)).to be_falsey
expect(Guardian.new(moderator).can_edit?(tos_topic)).to be_falsey
expect(Guardian.new(admin).can_edit?(tos_topic)).to be_truthy
end
it "allows moderators to see a flagged private message" do
moderator.save!
user.save!
private_topic = Fabricate(:private_message_topic, user: user)
first_post = Fabricate(:post, topic: private_topic, user: user)
expect(Guardian.new(moderator).can_see?(private_topic)).to be_falsey
PostAction.act(user, first_post, PostActionType.types[:off_topic])
expect(Guardian.new(moderator).can_see?(private_topic)).to be_truthy
end
end
describe 'a Post' do
let(:another_admin) { Fabricate(:admin) }
it 'correctly handles post visibility' do
post = Fabricate(:post)
topic = post.topic
expect(Guardian.new(user).can_see?(post)).to be_truthy
post.trash!(another_admin)
post.reload
expect(Guardian.new(user).can_see?(post)).to be_falsey
expect(Guardian.new(admin).can_see?(post)).to be_truthy
post.recover!
post.reload
topic.trash!(another_admin)
topic.reload
expect(Guardian.new(user).can_see?(post)).to be_falsey
expect(Guardian.new(admin).can_see?(post)).to be_truthy
end
it 'respects whispers' do
regular_post = Fabricate.build(:post)
whisper_post = Fabricate.build(:post, post_type: Post.types[:whisper])
anon_guardian = Guardian.new
expect(anon_guardian.can_see?(regular_post)).to eq(true)
expect(anon_guardian.can_see?(whisper_post)).to eq(false)
regular_user = Fabricate.build(:user)
regular_guardian = Guardian.new(regular_user)
expect(regular_guardian.can_see?(regular_post)).to eq(true)
expect(regular_guardian.can_see?(whisper_post)).to eq(false)
# can see your own whispers
regular_whisper = Fabricate.build(:post, post_type: Post.types[:whisper], user: regular_user)
expect(regular_guardian.can_see?(regular_whisper)).to eq(true)
mod_guardian = Guardian.new(Fabricate.build(:moderator))
expect(mod_guardian.can_see?(regular_post)).to eq(true)
expect(mod_guardian.can_see?(whisper_post)).to eq(true)
admin_guardian = Guardian.new(Fabricate.build(:admin))
expect(admin_guardian.can_see?(regular_post)).to eq(true)
expect(admin_guardian.can_see?(whisper_post)).to eq(true)
end
end
describe 'a PostRevision' do
let(:post_revision) { Fabricate(:post_revision) }
context 'edit_history_visible_to_public is true' do
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(true) }
it 'is false for nil' do
expect(Guardian.new.can_see?(nil)).to be_falsey
end
it 'is true if not logged in' do
expect(Guardian.new.can_see?(post_revision)).to be_truthy
end
it 'is true when logged in' do
expect(Guardian.new(Fabricate(:user)).can_see?(post_revision)).to be_truthy
end
it 'is true if the author has public edit history' do
public_post_revision = Fabricate(:post_revision)
public_post_revision.post.user.user_option.edit_history_public = true
expect(Guardian.new.can_see?(public_post_revision)).to be_truthy
end
end
context 'edit_history_visible_to_public is false' do
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(false) }
it 'is true for staff' do
expect(Guardian.new(Fabricate(:admin)).can_see?(post_revision)).to be_truthy
expect(Guardian.new(Fabricate(:moderator)).can_see?(post_revision)).to be_truthy
end
it 'is true for trust level 4' do
expect(Guardian.new(trust_level_4).can_see?(post_revision)).to be_truthy
end
it 'is false for trust level lower than 4' do
expect(Guardian.new(trust_level_3).can_see?(post_revision)).to be_falsey
end
it 'is true if the author has public edit history' do
public_post_revision = Fabricate(:post_revision)
public_post_revision.post.user.user_option.edit_history_public = true
expect(Guardian.new.can_see?(public_post_revision)).to be_truthy
end
end
end
end
describe 'can_create?' do
describe 'a Category' do
it 'returns false when not logged in' do
expect(Guardian.new.can_create?(Category)).to be_falsey
end
it 'returns false when a regular user' do
expect(Guardian.new(user).can_create?(Category)).to be_falsey
end
it 'returns false when a moderator' do
expect(Guardian.new(moderator).can_create?(Category)).to be_falsey
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_create?(Category)).to be_truthy
end
end
describe 'a Topic' do
it 'does not allow moderators to create topics in readonly categories' do
category = Fabricate(:category)
category.set_permissions(:everyone => :read)
category.save
expect(Guardian.new(moderator).can_create?(Topic,category)).to be_falsey
end
it 'should check for full permissions' do
category = Fabricate(:category)
category.set_permissions(:everyone => :create_post)
category.save
expect(Guardian.new(user).can_create?(Topic,category)).to be_falsey
end
it "is true for new users by default" do
expect(Guardian.new(user).can_create?(Topic,Fabricate(:category))).to be_truthy
end
it "is false if user has not met minimum trust level" do
SiteSetting.stubs(:min_trust_to_create_topic).returns(1)
expect(Guardian.new(build(:user, trust_level: 0)).can_create?(Topic,Fabricate(:category))).to be_falsey
end
it "is true if user has met or exceeded the minimum trust level" do
SiteSetting.stubs(:min_trust_to_create_topic).returns(1)
expect(Guardian.new(build(:user, trust_level: 1)).can_create?(Topic,Fabricate(:category))).to be_truthy
expect(Guardian.new(build(:user, trust_level: 2)).can_create?(Topic,Fabricate(:category))).to be_truthy
expect(Guardian.new(build(:admin, trust_level: 0)).can_create?(Topic,Fabricate(:category))).to be_truthy
expect(Guardian.new(build(:moderator, trust_level: 0)).can_create?(Topic,Fabricate(:category))).to be_truthy
end
end
describe 'a Post' do
it "is false on readonly categories" do
category = Fabricate(:category)
topic.category = category
category.set_permissions(:everyone => :readonly)
category.save
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_falsey
end
it "is false when not logged in" do
expect(Guardian.new.can_create?(Post, topic)).to be_falsey
end
it 'is true for a regular user' do
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_truthy
end
it "is false when you can't see the topic" do
Guardian.any_instance.expects(:can_see?).with(topic).returns(false)
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
end
context 'closed topic' do
before do
topic.closed = true
end
it "doesn't allow new posts from regular users" do
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
end
it 'allows editing of posts' do
expect(Guardian.new(topic.user).can_edit?(post)).to be_truthy
end
it "allows new posts from moderators" do
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_truthy
end
it "allows new posts from admins" do
expect(Guardian.new(admin).can_create?(Post, topic)).to be_truthy
end
it "allows new posts from trust_level_4s" do
expect(Guardian.new(trust_level_4).can_create?(Post, topic)).to be_truthy
end
end
context 'archived topic' do
before do
topic.archived = true
end
context 'regular users' do
it "doesn't allow new posts from regular users" do
expect(Guardian.new(coding_horror).can_create?(Post, topic)).to be_falsey
end
it 'does not allow editing of posts' do
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
end
end
it "allows new posts from moderators" do
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_truthy
end
it "allows new posts from admins" do
expect(Guardian.new(admin).can_create?(Post, topic)).to be_truthy
end
end
context "trashed topic" do
before do
topic.deleted_at = Time.now
end
it "doesn't allow new posts from regular users" do
expect(Guardian.new(coding_horror).can_create?(Post, topic)).to be_falsey
end
it "doesn't allow new posts from moderators users" do
expect(Guardian.new(moderator).can_create?(Post, topic)).to be_falsey
end
it "doesn't allow new posts from admins" do
expect(Guardian.new(admin).can_create?(Post, topic)).to be_falsey
end
end
context "private message" do
let(:private_message) { Fabricate(:topic, archetype: Archetype.private_message, category_id: nil) }
before { user.save! }
it "allows new posts by people included in the pm" do
private_message.topic_allowed_users.create!(user_id: user.id)
expect(Guardian.new(user).can_create?(Post, private_message)).to be_truthy
end
it "doesn't allow new posts by people not invited to the pm" do
expect(Guardian.new(user).can_create?(Post, private_message)).to be_falsey
end
it "allows new posts from blocked users included in the pm" do
user.update_attribute(:blocked, true)
private_message.topic_allowed_users.create!(user_id: user.id)
expect(Guardian.new(user).can_create?(Post, private_message)).to be_truthy
end
it "doesn't allow new posts from blocked users not invited to the pm" do
user.update_attribute(:blocked, true)
expect(Guardian.new(user).can_create?(Post, private_message)).to be_falsey
end
end
end # can_create? a Post
end
describe 'post_can_act?' do
it "isn't allowed on nil" do
expect(Guardian.new(user).post_can_act?(nil, nil)).to be_falsey
end
describe 'a Post' do
let (:guardian) do
Guardian.new(user)
end
it "isn't allowed when not logged in" do
expect(Guardian.new(nil).post_can_act?(post,:vote)).to be_falsey
end
it "is allowed as a regular user" do
expect(guardian.post_can_act?(post,:vote)).to be_truthy
end
it "doesn't allow voting if the user has an action from voting already" do
expect(guardian.post_can_act?(post,:vote,taken_actions: {PostActionType.types[:vote] => 1})).to be_falsey
end
it "allows voting if the user has performed a different action" do
expect(guardian.post_can_act?(post,:vote,taken_actions: {PostActionType.types[:like] => 1})).to be_truthy
end
it "isn't allowed on archived topics" do
topic.archived = true
expect(Guardian.new(user).post_can_act?(post,:like)).to be_falsey
end
describe 'multiple voting' do
it "isn't allowed if the user voted and the topic doesn't allow multiple votes" do
Topic.any_instance.expects(:has_meta_data_boolean?).with(:single_vote).returns(true)
expect(Guardian.new(user).can_vote?(post, voted_in_topic: true)).to be_falsey
end
it "is allowed if the user voted and the topic doesn't allow multiple votes" do
expect(Guardian.new(user).can_vote?(post, voted_in_topic: false)).to be_truthy
end
end
end
end
describe "can_recover_topic?" do
it "returns false for a nil user" do
expect(Guardian.new(nil).can_recover_topic?(topic)).to be_falsey
end
it "returns false for a nil object" do
expect(Guardian.new(user).can_recover_topic?(nil)).to be_falsey
end
it "returns false for a regular user" do
expect(Guardian.new(user).can_recover_topic?(topic)).to be_falsey
end
it "returns true for a moderator" do
expect(Guardian.new(moderator).can_recover_topic?(topic)).to be_truthy
end
end
describe "can_recover_post?" do
it "returns false for a nil user" do
expect(Guardian.new(nil).can_recover_post?(post)).to be_falsey
end
it "returns false for a nil object" do
expect(Guardian.new(user).can_recover_post?(nil)).to be_falsey
end
it "returns false for a regular user" do
expect(Guardian.new(user).can_recover_post?(post)).to be_falsey
end
it "returns true for a moderator" do
expect(Guardian.new(moderator).can_recover_post?(post)).to be_truthy
end
end
context 'can_convert_topic?' do
it 'returns false with a nil object' do
expect(Guardian.new(user).can_convert_topic?(nil)).to be_falsey
end
it 'returns false when not logged in' do
expect(Guardian.new.can_convert_topic?(topic)).to be_falsey
end
it 'returns false when not staff' do
expect(Guardian.new(trust_level_4).can_convert_topic?(topic)).to be_falsey
end
it 'returns true when a moderator' do
expect(Guardian.new(moderator).can_convert_topic?(topic)).to be_truthy
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_convert_topic?(topic)).to be_truthy
end
end
describe 'can_edit?' do
it 'returns false with a nil object' do
expect(Guardian.new(user).can_edit?(nil)).to be_falsey
end
describe 'a Post' do
it 'returns false when not logged in' do
expect(Guardian.new.can_edit?(post)).to be_falsey
end
it 'returns false when not logged in also for wiki post' do
post.wiki = true
expect(Guardian.new.can_edit?(post)).to be_falsey
end
it 'returns true if you want to edit your own post' do
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
it "returns false if the post is hidden due to flagging and it's too soon" do
post.hidden = true
post.hidden_at = Time.now
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
end
it "returns true if the post is hidden due to flagging and it been enough time" do
post.hidden = true
post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
it "returns true if the post is hidden, it's been enough time and the edit window has expired" do
post.hidden = true
post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
post.created_at = (SiteSetting.post_edit_time_limit + 1).minutes.ago
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
it "returns true if the post is hidden due to flagging and it's got a nil `hidden_at`" do
post.hidden = true
post.hidden_at = nil
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
it 'returns false if you are trying to edit a post you soft deleted' do
post.user_deleted = true
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
end
it 'returns false if another regular user tries to edit a soft deleted wiki post' do
post.wiki = true
post.user_deleted = true
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
end
it 'returns false if you are trying to edit a deleted post' do
post.deleted_at = 1.day.ago
expect(Guardian.new(post.user).can_edit?(post)).to be_falsey
end
it 'returns false if another regular user tries to edit a deleted wiki post' do
post.wiki = true
post.deleted_at = 1.day.ago
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
end
it 'returns false if another regular user tries to edit your post' do
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
end
it 'returns true if another regular user tries to edit wiki post' do
post.wiki = true
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
end
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(post)).to be_truthy
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(post)).to be_truthy
end
it 'returns true as a trust level 4 user' do
expect(Guardian.new(trust_level_4).can_edit?(post)).to be_truthy
end
it 'returns false when another user has too low trust level to edit wiki post' do
SiteSetting.stubs(:min_trust_to_edit_wiki_post).returns(2)
post.wiki = true
coding_horror.trust_level = 1
expect(Guardian.new(coding_horror).can_edit?(post)).to be_falsey
end
it 'returns true when another user has adequate trust level to edit wiki post' do
SiteSetting.stubs(:min_trust_to_edit_wiki_post).returns(2)
post.wiki = true
coding_horror.trust_level = 2
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
end
it 'returns true for post author even when he has too low trust level to edit wiki post' do
SiteSetting.stubs(:min_trust_to_edit_wiki_post).returns(2)
post.wiki = true
post.user.trust_level = 1
expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
end
context 'post is older than post_edit_time_limit' do
let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 6.minutes.ago) }
before do
SiteSetting.stubs(:post_edit_time_limit).returns(5)
end
it 'returns false to the author of the post' do
expect(Guardian.new(old_post.user).can_edit?(old_post)).to be_falsey
end
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(old_post)).to eq(true)
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(old_post)).to eq(true)
end
it 'returns false for another regular user trying to edit your post' do
expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_falsey
end
it 'returns true for another regular user trying to edit a wiki post' do
old_post.wiki = true
expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_truthy
end
end
context "first post of a static page doc" do
let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
before { SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id) }
it "restricts static doc posts" do
expect(Guardian.new(build(:user)).can_edit?(tos_first_post)).to be_falsey
expect(Guardian.new(moderator).can_edit?(tos_first_post)).to be_falsey
expect(Guardian.new(admin).can_edit?(tos_first_post)).to be_truthy
end
end
end
describe 'a Topic' do
it 'returns false when not logged in' do
expect(Guardian.new.can_edit?(topic)).to be_falsey
end
it 'returns true for editing your own post' do
expect(Guardian.new(topic.user).can_edit?(topic)).to eq(true)
end
it 'returns false as a regular user' do
expect(Guardian.new(coding_horror).can_edit?(topic)).to be_falsey
end
context 'not archived' do
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
end
it 'returns true at trust level 3' do
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true)
end
it "returns false when the category is read only" do
topic.category.set_permissions(everyone: :readonly)
topic.category.save
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
expect(Guardian.new(moderator).can_edit?(post)).to eq(false)
expect(Guardian.new(moderator).can_edit?(topic)).to eq(false)
end
it "returns false for trust level 3 if category is secured" do
topic.category.set_permissions(everyone: :create_post, staff: :full)
topic.category.save
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
end
end
context 'private message' do
it 'returns false at trust level 3' do
topic.archetype = 'private_message'
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
end
it 'returns false at trust level 4' do
topic.archetype = 'private_message'
expect(Guardian.new(trust_level_4).can_edit?(topic)).to eq(false)
end
end
context 'archived' do
let(:archived_topic) { build(:topic, user: user, archived: true) }
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(archived_topic)).to be_truthy
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(archived_topic)).to be_truthy
end
it 'returns true at trust level 4' do
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy
end
it 'returns false at trust level 3' do
expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey
end
it 'returns false as a topic creator' do
expect(Guardian.new(user).can_edit?(archived_topic)).to be_falsey
end
end
context 'very old' do
let(:old_topic) { build(:topic, user: user, created_at: 6.minutes.ago) }
before { SiteSetting.stubs(:post_edit_time_limit).returns(5) }
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(old_topic)).to be_truthy
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(old_topic)).to be_truthy
end
it 'returns true at trust level 3' do
expect(Guardian.new(trust_level_3).can_edit?(old_topic)).to be_truthy
end
it 'returns false as a topic creator' do
expect(Guardian.new(user).can_edit?(old_topic)).to be_falsey
end
end
end
describe 'a Category' do
let(:category) { Fabricate(:category) }
it 'returns false when not logged in' do
expect(Guardian.new.can_edit?(category)).to be_falsey
end
it 'returns false as a regular user' do
expect(Guardian.new(category.user).can_edit?(category)).to be_falsey
end
it 'returns false as a moderator' do
expect(Guardian.new(moderator).can_edit?(category)).to be_falsey
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(category)).to be_truthy
end
end
describe 'a User' do
it 'returns false when not logged in' do
expect(Guardian.new.can_edit?(user)).to be_falsey
end
it 'returns false as a different user' do
expect(Guardian.new(coding_horror).can_edit?(user)).to be_falsey
end
it 'returns true when trying to edit yourself' do
expect(Guardian.new(user).can_edit?(user)).to be_truthy
end
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(user)).to be_truthy
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_edit?(user)).to be_truthy
end
end
end
context 'can_moderate?' do
it 'returns false with a nil object' do
expect(Guardian.new(user).can_moderate?(nil)).to be_falsey
end
context 'when user is blocked' do
it 'returns false' do
user.toggle!(:blocked)
expect(Guardian.new(user).can_moderate?(post)).to be(false)
expect(Guardian.new(user).can_moderate?(topic)).to be(false)
end
end
context 'a Topic' do
it 'returns false when not logged in' do
expect(Guardian.new.can_moderate?(topic)).to be_falsey
end
it 'returns false when not a moderator' do
expect(Guardian.new(user).can_moderate?(topic)).to be_falsey
end
it 'returns true when a moderator' do
expect(Guardian.new(moderator).can_moderate?(topic)).to be_truthy
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_moderate?(topic)).to be_truthy
end
it 'returns true when trust level 4' do
expect(Guardian.new(trust_level_4).can_moderate?(topic)).to be_truthy
end
end
end
context 'can_see_flags?' do
it "returns false when there is no post" do
expect(Guardian.new(moderator).can_see_flags?(nil)).to be_falsey
end
it "returns false when there is no user" do
expect(Guardian.new(nil).can_see_flags?(post)).to be_falsey
end
it "allow regular users to see flags" do
expect(Guardian.new(user).can_see_flags?(post)).to be_falsey
end
it "allows moderators to see flags" do
expect(Guardian.new(moderator).can_see_flags?(post)).to be_truthy
end
it "allows moderators to see flags" do
expect(Guardian.new(admin).can_see_flags?(post)).to be_truthy
end
end
context 'can_move_posts?' do
it 'returns false with a nil object' do
expect(Guardian.new(user).can_move_posts?(nil)).to be_falsey
end
context 'a Topic' do
it 'returns false when not logged in' do
expect(Guardian.new.can_move_posts?(topic)).to be_falsey
end
it 'returns false when not a moderator' do
expect(Guardian.new(user).can_move_posts?(topic)).to be_falsey
end
it 'returns true when a moderator' do
expect(Guardian.new(moderator).can_move_posts?(topic)).to be_truthy
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_move_posts?(topic)).to be_truthy
end
end
end
context 'can_delete?' do
it 'returns false with a nil object' do
expect(Guardian.new(user).can_delete?(nil)).to be_falsey
end
context 'a Topic' do
before do
# pretend we have a real topic
topic.id = 9999999
end
it 'returns false when not logged in' do
expect(Guardian.new.can_delete?(topic)).to be_falsey
end
it 'returns false when not a moderator' do
expect(Guardian.new(user).can_delete?(topic)).to be_falsey
end
it 'returns true when a moderator' do
expect(Guardian.new(moderator).can_delete?(topic)).to be_truthy
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_delete?(topic)).to be_truthy
end
it 'returns false for static doc topics' do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
expect(Guardian.new(admin).can_delete?(tos_topic)).to be_falsey
end
end
context 'a Post' do
before do
post.post_number = 2
end
it 'returns false when not logged in' do
expect(Guardian.new.can_delete?(post)).to be_falsey
end
it "returns false when trying to delete your own post that has already been deleted" do
post = Fabricate(:post)
PostDestroyer.new(user, post).destroy
post.reload
expect(Guardian.new(user).can_delete?(post)).to be_falsey
end
it 'returns true when trying to delete your own post' do
expect(Guardian.new(user).can_delete?(post)).to be_truthy
end
it "returns false when trying to delete another user's own post" do
expect(Guardian.new(Fabricate(:user)).can_delete?(post)).to be_falsey
end
it "returns false when it's the OP, even as a moderator" do
post.update_attribute :post_number, 1
expect(Guardian.new(moderator).can_delete?(post)).to be_falsey
end
it 'returns true when a moderator' do
expect(Guardian.new(moderator).can_delete?(post)).to be_truthy
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_delete?(post)).to be_truthy
end
it 'returns false when post is first in a static doc topic' do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
post.update_attribute :post_number, 1
post.update_attribute :topic_id, tos_topic.id
expect(Guardian.new(admin).can_delete?(post)).to be_falsey
end
context 'post is older than post_edit_time_limit' do
let(:old_post) { build(:post, topic: topic, user: topic.user, post_number: 2, created_at: 6.minutes.ago) }
before do
SiteSetting.stubs(:post_edit_time_limit).returns(5)
end
it 'returns false to the author of the post' do
expect(Guardian.new(old_post.user).can_delete?(old_post)).to eq(false)
end
it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_delete?(old_post)).to eq(true)
end
it 'returns true as an admin' do
expect(Guardian.new(admin).can_delete?(old_post)).to eq(true)
end
it "returns false when it's the OP, even as a moderator" do
old_post.post_number = 1
expect(Guardian.new(moderator).can_delete?(old_post)).to eq(false)
end
it 'returns false for another regular user trying to delete your post' do
expect(Guardian.new(coding_horror).can_delete?(old_post)).to eq(false)
end
end
context 'the topic is archived' do
before do
post.topic.archived = true
end
it "allows a staff member to delete it" do
expect(Guardian.new(moderator).can_delete?(post)).to be_truthy
end
it "doesn't allow a regular user to delete it" do
expect(Guardian.new(post.user).can_delete?(post)).to be_falsey
end
end
end
context 'a Category' do
let(:category) { build(:category, user: moderator) }
it 'returns false when not logged in' do
expect(Guardian.new.can_delete?(category)).to be_falsey
end
it 'returns false when a regular user' do
expect(Guardian.new(user).can_delete?(category)).to be_falsey
end
it 'returns false when a moderator' do
expect(Guardian.new(moderator).can_delete?(category)).to be_falsey
end
it 'returns true when an admin' do
expect(Guardian.new(admin).can_delete?(category)).to be_truthy
end
it "can't be deleted if it has a forum topic" do
category.topic_count = 10
expect(Guardian.new(moderator).can_delete?(category)).to be_falsey
end
it "can't be deleted if it is the Uncategorized Category" do
uncategorized_cat_id = SiteSetting.uncategorized_category_id
uncategorized_category = Category.find(uncategorized_cat_id)
expect(Guardian.new(admin).can_delete?(uncategorized_category)).to be_falsey
end
it "can't be deleted if it has children" do
category.expects(:has_children?).returns(true)
expect(Guardian.new(admin).can_delete?(category)).to be_falsey
end
end
context 'can_suspend?' do
it 'returns false when a user tries to suspend another user' do
expect(Guardian.new(user).can_suspend?(coding_horror)).to be_falsey
end
it 'returns true when an admin tries to suspend another user' do
expect(Guardian.new(admin).can_suspend?(coding_horror)).to be_truthy
end
it 'returns true when a moderator tries to suspend another user' do
expect(Guardian.new(moderator).can_suspend?(coding_horror)).to be_truthy
end
it 'returns false when staff tries to suspend staff' do
expect(Guardian.new(admin).can_suspend?(moderator)).to be_falsey
end
end
context 'a PostAction' do
let(:post_action) {
user.id = 1
post.id = 1
a = PostAction.new(user: user, post: post, post_action_type_id: 1)
a.created_at = 1.minute.ago
a
}
it 'returns false when not logged in' do
expect(Guardian.new.can_delete?(post_action)).to be_falsey
end
it 'returns false when not the user who created it' do
expect(Guardian.new(coding_horror).can_delete?(post_action)).to be_falsey
end
it "returns false if the window has expired" do
post_action.created_at = 20.minutes.ago
SiteSetting.expects(:post_undo_action_window_mins).returns(10)
expect(Guardian.new(user).can_delete?(post_action)).to be_falsey
end
it "returns true if it's yours" do
expect(Guardian.new(user).can_delete?(post_action)).to be_truthy
end
end
end
context 'can_approve?' do
it "wont allow a non-logged in user to approve" do
expect(Guardian.new.can_approve?(user)).to be_falsey
end
it "wont allow a non-admin to approve a user" do
expect(Guardian.new(coding_horror).can_approve?(user)).to be_falsey
end
it "returns false when the user is already approved" do
user.approved = true
expect(Guardian.new(admin).can_approve?(user)).to be_falsey
end
it "allows an admin to approve a user" do
expect(Guardian.new(admin).can_approve?(user)).to be_truthy
end
it "allows a moderator to approve a user" do
expect(Guardian.new(moderator).can_approve?(user)).to be_truthy
end
end
context 'can_grant_admin?' do
it "wont allow a non logged in user to grant an admin's access" do
expect(Guardian.new.can_grant_admin?(another_admin)).to be_falsey
end
it "wont allow a regular user to revoke an admin's access" do
expect(Guardian.new(user).can_grant_admin?(another_admin)).to be_falsey
end
it 'wont allow an admin to grant their own access' do
expect(Guardian.new(admin).can_grant_admin?(admin)).to be_falsey
end
it "allows an admin to grant a regular user access" do
admin.id = 1
user.id = 2
expect(Guardian.new(admin).can_grant_admin?(user)).to be_truthy
end
end
context 'can_revoke_admin?' do
it "wont allow a non logged in user to revoke an admin's access" do
expect(Guardian.new.can_revoke_admin?(another_admin)).to be_falsey
end
it "wont allow a regular user to revoke an admin's access" do
expect(Guardian.new(user).can_revoke_admin?(another_admin)).to be_falsey
end
it 'wont allow an admin to revoke their own access' do
expect(Guardian.new(admin).can_revoke_admin?(admin)).to be_falsey
end
it "allows an admin to revoke another admin's access" do
admin.id = 1
another_admin.id = 2
expect(Guardian.new(admin).can_revoke_admin?(another_admin)).to be_truthy
end
end
context 'can_grant_moderation?' do
it "wont allow a non logged in user to grant an moderator's access" do
expect(Guardian.new.can_grant_moderation?(user)).to be_falsey
end
it "wont allow a regular user to revoke an moderator's access" do
expect(Guardian.new(user).can_grant_moderation?(moderator)).to be_falsey
end
it 'will allow an admin to grant their own moderator access' do
expect(Guardian.new(admin).can_grant_moderation?(admin)).to be_truthy
end
it 'wont allow an admin to grant it to an already moderator' do
expect(Guardian.new(admin).can_grant_moderation?(moderator)).to be_falsey
end
it "allows an admin to grant a regular user access" do
expect(Guardian.new(admin).can_grant_moderation?(user)).to be_truthy
end
end
context 'can_revoke_moderation?' do
it "wont allow a non logged in user to revoke an moderator's access" do
expect(Guardian.new.can_revoke_moderation?(moderator)).to be_falsey
end
it "wont allow a regular user to revoke an moderator's access" do
expect(Guardian.new(user).can_revoke_moderation?(moderator)).to be_falsey
end
it 'wont allow a moderator to revoke their own moderator' do
expect(Guardian.new(moderator).can_revoke_moderation?(moderator)).to be_falsey
end
it "allows an admin to revoke a moderator's access" do
expect(Guardian.new(admin).can_revoke_moderation?(moderator)).to be_truthy
end
it "allows an admin to revoke a moderator's access from self" do
admin.moderator = true
expect(Guardian.new(admin).can_revoke_moderation?(admin)).to be_truthy
end
it "does not allow revoke from non moderators" do
expect(Guardian.new(admin).can_revoke_moderation?(admin)).to be_falsey
end
end
context "can_see_invite_details?" do
it 'is false without a logged in user' do
expect(Guardian.new(nil).can_see_invite_details?(user)).to be_falsey
end
it 'is false without a user to look at' do
expect(Guardian.new(user).can_see_invite_details?(nil)).to be_falsey
end
it 'is true when looking at your own invites' do
expect(Guardian.new(user).can_see_invite_details?(user)).to be_truthy
end
end
context "can_access_forum?" do
let(:unapproved_user) { Fabricate.build(:user) }
context "when must_approve_users is false" do
before do
SiteSetting.stubs(:must_approve_users?).returns(false)
end
it "returns true for a nil user" do
expect(Guardian.new(nil).can_access_forum?).to be_truthy
end
it "returns true for an unapproved user" do
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
end
end
context 'when must_approve_users is true' do
before do
SiteSetting.stubs(:must_approve_users?).returns(true)
end
it "returns false for a nil user" do
expect(Guardian.new(nil).can_access_forum?).to be_falsey
end
it "returns false for an unapproved user" do
expect(Guardian.new(unapproved_user).can_access_forum?).to be_falsey
end
it "returns true for an admin user" do
unapproved_user.admin = true
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
end
it "returns true for an approved user" do
unapproved_user.approved = true
expect(Guardian.new(unapproved_user).can_access_forum?).to be_truthy
end
end
end
describe "can_delete_user?" do
it "is false without a logged in user" do
expect(Guardian.new(nil).can_delete_user?(user)).to be_falsey
end
it "is false without a user to look at" do
expect(Guardian.new(admin).can_delete_user?(nil)).to be_falsey
end
it "is false for regular users" do
expect(Guardian.new(user).can_delete_user?(coding_horror)).to be_falsey
end
context "delete myself" do
let(:myself) { Fabricate(:user, created_at: 6.months.ago) }
subject { Guardian.new(myself).can_delete_user?(myself) }
it "is true to delete myself and I have never made a post" do
expect(subject).to be_truthy
end
it "is true to delete myself and I have only made 1 post" do
myself.stubs(:post_count).returns(1)
expect(subject).to be_truthy
end
it "is false to delete myself and I have made 2 posts" do
myself.stubs(:post_count).returns(2)
expect(subject).to be_falsey
end
end
shared_examples "can_delete_user examples" do
it "is true if user is not an admin and has never posted" do
expect(Guardian.new(actor).can_delete_user?(Fabricate.build(:user, created_at: 100.days.ago))).to be_truthy
end
it "is true if user is not an admin and first post is not too old" do
user = Fabricate.build(:user, created_at: 100.days.ago)
user.stubs(:first_post_created_at).returns(9.days.ago)
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
expect(Guardian.new(actor).can_delete_user?(user)).to be_truthy
end
it "is false if user is an admin" do
expect(Guardian.new(actor).can_delete_user?(another_admin)).to be_falsey
end
it "is false if user's first post is too old" do
user = Fabricate.build(:user, created_at: 100.days.ago)
user.stubs(:first_post_created_at).returns(11.days.ago)
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
expect(Guardian.new(actor).can_delete_user?(user)).to be_falsey
end
end
context "for moderators" do
let(:actor) { moderator }
include_examples "can_delete_user examples"
end
context "for admins" do
let(:actor) { admin }
include_examples "can_delete_user examples"
end
end
describe "can_delete_all_posts?" do
it "is false without a logged in user" do
expect(Guardian.new(nil).can_delete_all_posts?(user)).to be_falsey
end
it "is false without a user to look at" do
expect(Guardian.new(admin).can_delete_all_posts?(nil)).to be_falsey
end
it "is false for regular users" do
expect(Guardian.new(user).can_delete_all_posts?(coding_horror)).to be_falsey
end
shared_examples "can_delete_all_posts examples" do
it "is true if user has no posts" do
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
expect(Guardian.new(actor).can_delete_all_posts?(Fabricate(:user, created_at: 100.days.ago))).to be_truthy
end
it "is true if user's first post is newer than delete_user_max_post_age days old" do
user = Fabricate(:user, created_at: 100.days.ago)
user.stubs(:first_post_created_at).returns(9.days.ago)
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
expect(Guardian.new(actor).can_delete_all_posts?(user)).to be_truthy
end
it "is false if user's first post is older than delete_user_max_post_age days old" do
user = Fabricate(:user, created_at: 100.days.ago)
user.stubs(:first_post_created_at).returns(11.days.ago)
SiteSetting.stubs(:delete_user_max_post_age).returns(10)
expect(Guardian.new(actor).can_delete_all_posts?(user)).to be_falsey
end
it "is false if user is an admin" do
expect(Guardian.new(actor).can_delete_all_posts?(admin)).to be_falsey
end
it "is true if number of posts is small" do
u = Fabricate(:user, created_at: 1.day.ago)
u.stubs(:post_count).returns(1)
SiteSetting.stubs(:delete_all_posts_max).returns(10)
expect(Guardian.new(actor).can_delete_all_posts?(u)).to be_truthy
end
it "is false if number of posts is not small" do
u = Fabricate(:user, created_at: 1.day.ago)
u.stubs(:post_count).returns(11)
SiteSetting.stubs(:delete_all_posts_max).returns(10)
expect(Guardian.new(actor).can_delete_all_posts?(u)).to be_falsey
end
end
context "for moderators" do
let(:actor) { moderator }
include_examples "can_delete_all_posts examples"
end
context "for admins" do
let(:actor) { admin }
include_examples "can_delete_all_posts examples"
end
end
describe "can_anonymize_user?" do
it "is false without a logged in user" do
expect(Guardian.new(nil).can_anonymize_user?(user)).to be_falsey
end
it "is false without a user to look at" do
expect(Guardian.new(admin).can_anonymize_user?(nil)).to be_falsey
end
it "is false for a regular user" do
expect(Guardian.new(user).can_anonymize_user?(coding_horror)).to be_falsey
end
it "is false for myself" do
expect(Guardian.new(user).can_anonymize_user?(user)).to be_falsey
end
it "is true for admin anonymizing a regular user" do
expect(Guardian.new(admin).can_anonymize_user?(user)).to eq(true)
end
it "is true for moderator anonymizing a regular user" do
expect(Guardian.new(moderator).can_anonymize_user?(user)).to eq(true)
end
it "is false for admin anonymizing an admin" do
expect(Guardian.new(admin).can_anonymize_user?(Fabricate(:admin))).to be_falsey
end
it "is false for admin anonymizing a moderator" do
expect(Guardian.new(admin).can_anonymize_user?(Fabricate(:moderator))).to be_falsey
end
it "is false for moderator anonymizing an admin" do
expect(Guardian.new(moderator).can_anonymize_user?(admin)).to be_falsey
end
it "is false for moderator anonymizing a moderator" do
expect(Guardian.new(moderator).can_anonymize_user?(Fabricate(:moderator))).to be_falsey
end
end
describe 'can_grant_title?' do
it 'is false without a logged in user' do
expect(Guardian.new(nil).can_grant_title?(user)).to be_falsey
end
it 'is false for regular users' do
expect(Guardian.new(user).can_grant_title?(user)).to be_falsey
end
it 'is true for moderators' do
expect(Guardian.new(moderator).can_grant_title?(user)).to be_truthy
end
it 'is true for admins' do
expect(Guardian.new(admin).can_grant_title?(user)).to be_truthy
end
it 'is false without a user to look at' do
expect(Guardian.new(admin).can_grant_title?(nil)).to be_falsey
end
end
describe 'can_change_trust_level?' do
it 'is false without a logged in user' do
expect(Guardian.new(nil).can_change_trust_level?(user)).to be_falsey
end
it 'is false for regular users' do
expect(Guardian.new(user).can_change_trust_level?(user)).to be_falsey
end
it 'is true for moderators' do
expect(Guardian.new(moderator).can_change_trust_level?(user)).to be_truthy
end
it 'is true for admins' do
expect(Guardian.new(admin).can_change_trust_level?(user)).to be_truthy
end
end
describe "can_edit_username?" do
it "is false without a logged in user" do
expect(Guardian.new(nil).can_edit_username?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
it "is false for regular users to edit another user's username" do
expect(Guardian.new(build(:user)).can_edit_username?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
shared_examples "staff can always change usernames" do
it "is true for moderators" do
expect(Guardian.new(moderator).can_edit_username?(user)).to be_truthy
end
it "is true for admins" do
expect(Guardian.new(admin).can_edit_username?(user)).to be_truthy
end
end
context 'for a new user' do
let(:target_user) { Fabricate(:user, created_at: 1.minute.ago) }
include_examples "staff can always change usernames"
it "is true for the user to change their own username" do
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_truthy
end
end
context 'for an old user' do
before do
SiteSetting.stubs(:username_change_period).returns(3)
end
let(:target_user) { Fabricate(:user, created_at: 4.days.ago) }
context 'with no posts' do
include_examples "staff can always change usernames"
it "is true for the user to change their own username" do
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_truthy
end
end
context 'with posts' do
before { target_user.stubs(:post_count).returns(1) }
include_examples "staff can always change usernames"
it "is false for the user to change their own username" do
expect(Guardian.new(target_user).can_edit_username?(target_user)).to be_falsey
end
end
end
context 'when editing is disabled in preferences' do
before do
SiteSetting.stubs(:username_change_period).returns(0)
end
include_examples "staff can always change usernames"
it "is false for the user to change their own username" do
expect(Guardian.new(user).can_edit_username?(user)).to be_falsey
end
end
context 'when SSO username override is active' do
before do
SiteSetting.stubs(:enable_sso).returns(true)
SiteSetting.stubs(:sso_overrides_username).returns(true)
end
it "is false for admins" do
expect(Guardian.new(admin).can_edit_username?(admin)).to be_falsey
end
it "is false for moderators" do
expect(Guardian.new(moderator).can_edit_username?(moderator)).to be_falsey
end
it "is false for users" do
expect(Guardian.new(user).can_edit_username?(user)).to be_falsey
end
end
end
describe "can_edit_email?" do
context 'when allowed in settings' do
before do
SiteSetting.stubs(:email_editable?).returns(true)
end
it "is false when not logged in" do
expect(Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
it "is false for regular users to edit another user's email" do
expect(Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
it "is true for a regular user to edit their own email" do
expect(Guardian.new(user).can_edit_email?(user)).to be_truthy
end
it "is true for moderators" do
expect(Guardian.new(moderator).can_edit_email?(user)).to be_truthy
end
it "is true for admins" do
expect(Guardian.new(admin).can_edit_email?(user)).to be_truthy
end
end
context 'when not allowed in settings' do
before do
SiteSetting.stubs(:email_editable?).returns(false)
end
it "is false when not logged in" do
expect(Guardian.new(nil).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
it "is false for regular users to edit another user's email" do
expect(Guardian.new(build(:user)).can_edit_email?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
it "is false for a regular user to edit their own email" do
expect(Guardian.new(user).can_edit_email?(user)).to be_falsey
end
it "is false for admins" do
expect(Guardian.new(admin).can_edit_email?(user)).to be_falsey
end
it "is false for moderators" do
expect(Guardian.new(moderator).can_edit_email?(user)).to be_falsey
end
end
context 'when SSO email override is active' do
before do
SiteSetting.stubs(:enable_sso).returns(true)
SiteSetting.stubs(:sso_overrides_email).returns(true)
end
it "is false for admins" do
expect(Guardian.new(admin).can_edit_email?(admin)).to be_falsey
end
it "is false for moderators" do
expect(Guardian.new(moderator).can_edit_email?(moderator)).to be_falsey
end
it "is false for users" do
expect(Guardian.new(user).can_edit_email?(user)).to be_falsey
end
end
end
describe 'can_edit_name?' do
it 'is false without a logged in user' do
expect(Guardian.new(nil).can_edit_name?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
it "is false for regular users to edit another user's name" do
expect(Guardian.new(build(:user)).can_edit_name?(build(:user, created_at: 1.minute.ago))).to be_falsey
end
context 'for a new user' do
let(:target_user) { build(:user, created_at: 1.minute.ago) }
it 'is true for the user to change their own name' do
expect(Guardian.new(target_user).can_edit_name?(target_user)).to be_truthy
end
it 'is true for moderators' do
expect(Guardian.new(moderator).can_edit_name?(user)).to be_truthy
end
it 'is true for admins' do
expect(Guardian.new(admin).can_edit_name?(user)).to be_truthy
end
end
context 'when name is disabled in preferences' do
before do
SiteSetting.stubs(:enable_names).returns(false)
end
it 'is false for the user to change their own name' do
expect(Guardian.new(user).can_edit_name?(user)).to be_falsey
end
it 'is false for moderators' do
expect(Guardian.new(moderator).can_edit_name?(user)).to be_falsey
end
it 'is false for admins' do
expect(Guardian.new(admin).can_edit_name?(user)).to be_falsey
end
end
context 'when name is enabled in preferences' do
before do
SiteSetting.stubs(:enable_names).returns(true)
end
context 'when SSO is disabled' do
before do
SiteSetting.stubs(:enable_sso).returns(false)
SiteSetting.stubs(:sso_overrides_name).returns(false)
end
it 'is true for admins' do
expect(Guardian.new(admin).can_edit_name?(admin)).to be_truthy
end
it 'is true for moderators' do
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_truthy
end
it 'is true for users' do
expect(Guardian.new(user).can_edit_name?(user)).to be_truthy
end
end
context 'when SSO is enabled' do
before do
SiteSetting.stubs(:enable_sso).returns(true)
end
context 'when SSO name override is active' do
before do
SiteSetting.stubs(:sso_overrides_name).returns(true)
end
it 'is false for admins' do
expect(Guardian.new(admin).can_edit_name?(admin)).to be_falsey
end
it 'is false for moderators' do
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_falsey
end
it 'is false for users' do
expect(Guardian.new(user).can_edit_name?(user)).to be_falsey
end
end
context 'when SSO name override is not active' do
before do
SiteSetting.stubs(:sso_overrides_name).returns(false)
end
it 'is true for admins' do
expect(Guardian.new(admin).can_edit_name?(admin)).to be_truthy
end
it 'is true for moderators' do
expect(Guardian.new(moderator).can_edit_name?(moderator)).to be_truthy
end
it 'is true for users' do
expect(Guardian.new(user).can_edit_name?(user)).to be_truthy
end
end
end
end
end
describe 'can_wiki?' do
let(:post) { build(:post, created_at: 1.minute.ago) }
it 'returns false for regular user' do
expect(Guardian.new(coding_horror).can_wiki?(post)).to be_falsey
end
it "returns false when user does not satisfy trust level but owns the post" do
own_post = Fabricate(:post, user: trust_level_2)
expect(Guardian.new(trust_level_2).can_wiki?(own_post)).to be_falsey
end
it "returns false when user satisfies trust level but tries to wiki someone else's post" do
SiteSetting.min_trust_to_allow_self_wiki = 2
expect(Guardian.new(trust_level_2).can_wiki?(post)).to be_falsey
end
it 'returns true when user satisfies trust level and owns the post' do
SiteSetting.min_trust_to_allow_self_wiki = 2
own_post = Fabricate(:post, user: trust_level_2)
expect(Guardian.new(trust_level_2).can_wiki?(own_post)).to be_truthy
end
it 'returns true for admin user' do
expect(Guardian.new(admin).can_wiki?(post)).to be_truthy
end
it 'returns true for trust_level_4 user' do
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
end
context 'post is older than post_edit_time_limit' do
let(:old_post) { build(:post, user: trust_level_2, created_at: 6.minutes.ago) }
before do
SiteSetting.min_trust_to_allow_self_wiki = 2
SiteSetting.post_edit_time_limit = 5
end
it 'returns false when user satisfies trust level and owns the post' do
expect(Guardian.new(trust_level_2).can_wiki?(old_post)).to be_falsey
end
it 'returns true for admin user' do
expect(Guardian.new(admin).can_wiki?(old_post)).to be_truthy
end
it 'returns true for trust_level_4 user' do
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
end
end
end
describe "Tags" do
context "tagging disabled" do
before do
SiteSetting.tagging_enabled = false
end
it "can_create_tag returns false" do
expect(Guardian.new(admin).can_create_tag?).to be_falsey
end
it "can_admin_tags returns false" do
expect(Guardian.new(admin).can_admin_tags?).to be_falsey
end
it "can_admin_tag_groups returns false" do
expect(Guardian.new(admin).can_admin_tag_groups?).to be_falsey
end
end
context "tagging is enabled" do
before do
SiteSetting.tagging_enabled = true
SiteSetting.min_trust_to_create_tag = 3
SiteSetting.min_trust_level_to_tag_topics = 1
end
describe "can_create_tag" do
it "returns false if trust level is too low" do
expect(Guardian.new(trust_level_2).can_create_tag?).to be_falsey
end
it "returns true if trust level is high enough" do
expect(Guardian.new(trust_level_3).can_create_tag?).to be_truthy
end
it "returns true for staff" do
expect(Guardian.new(admin).can_create_tag?).to be_truthy
expect(Guardian.new(moderator).can_create_tag?).to be_truthy
end
end
describe "can_tag_topics" do
it "returns false if trust level is too low" do
expect(Guardian.new(Fabricate(:user, trust_level: 0)).can_tag_topics?).to be_falsey
end
it "returns true if trust level is high enough" do
expect(Guardian.new(Fabricate(:user, trust_level: 1)).can_tag_topics?).to be_truthy
end
it "returns true for staff" do
expect(Guardian.new(admin).can_tag_topics?).to be_truthy
expect(Guardian.new(moderator).can_tag_topics?).to be_truthy
end
end
end
end
end