IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Restrict unlisted topic creation (#19259)

Browse Source
This commit is contained in:
Selase Krakani
2022-12-01 10:26:35 +00:00
committed by GitHub
parent 9513e7be6d
commit 0ce38bd7bc
6 changed files with 128 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
spec/lib/topic_creator_spec.rb
View File

@@ -518,5 +518,27 @@ RSpec.describe TopicCreator do
expect(topic.external_id).to eq('external_id')
end
end
context "when invisible/unlisted" do
let(:unlisted_attrs) { valid_attrs.merge(visible: false) }
it "throws an exception for a non-staff user" do
expect do
TopicCreator.create(user, Guardian.new(user), unlisted_attrs)
end.to raise_error(ActiveRecord::Rollback)
end
it "is invalid for a non-staff user" do
expect(TopicCreator.new(user, Guardian.new(user), unlisted_attrs).valid?).to eq(false)
end
it "creates unlisted topic for an admin" do
expect(TopicCreator.create(admin, Guardian.new(admin), unlisted_attrs)).to be_valid
end
it "is valid for an admin" do
expect(TopicCreator.new(admin, Guardian.new(admin), unlisted_attrs).valid?).to eq(true)
end
end
end
end