mirror of
https://github.com/discourse/discourse.git
synced 2024-11-29 04:03:57 -06:00
Merge branch 'master' of github.com:discourse/discourse
This commit is contained in:
commit
47638ffea4
@ -101,18 +101,8 @@ const NavItem = Discourse.Model.extend({
|
||||
});
|
||||
|
||||
const ExtraNavItem = NavItem.extend({
|
||||
href: Ember.computed({
|
||||
set(key, value) {
|
||||
let customHref;
|
||||
NavItem.customNavItemHrefs.forEach(function(cb) {
|
||||
customHref = cb.call(this, this);
|
||||
if (customHref) {
|
||||
return false;
|
||||
}
|
||||
}, this);
|
||||
return customHref || value;
|
||||
}
|
||||
}),
|
||||
@computed("href")
|
||||
href: href => href,
|
||||
|
||||
customFilter: null
|
||||
});
|
||||
@ -189,6 +179,11 @@ NavItem.reopenClass({
|
||||
return item.customFilter.call(this, category, args);
|
||||
});
|
||||
|
||||
extraItems.forEach(item => {
|
||||
if (!item.customHref) return;
|
||||
item.set("href", item.customHref.call(this, category, args));
|
||||
});
|
||||
|
||||
return items.concat(extraItems);
|
||||
}
|
||||
});
|
||||
|
@ -117,6 +117,8 @@ class CategoriesController < ApplicationController
|
||||
end
|
||||
|
||||
def show
|
||||
guardian.ensure_can_see!(@category)
|
||||
|
||||
if Category.topic_create_allowed(guardian).where(id: @category.id).exists?
|
||||
@category.permission = CategoryGroup.permission_types[:full]
|
||||
end
|
||||
|
@ -188,6 +188,33 @@ describe CategoriesController do
|
||||
end
|
||||
end
|
||||
|
||||
context '#show' do
|
||||
before do
|
||||
category.set_permissions(admins: :full)
|
||||
category.save!
|
||||
end
|
||||
|
||||
it "requires the user to be logged in" do
|
||||
get "/c/#{category.id}/show.json"
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
||||
describe "logged in" do
|
||||
it "raises an exception if they don't have permission to see it" do
|
||||
admin.update!(admin: false)
|
||||
sign_in(admin)
|
||||
get "/c/#{category.id}/show.json"
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
||||
it "renders category for users that have permission" do
|
||||
sign_in(admin)
|
||||
get "/c/#{category.id}/show.json"
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context '#destroy' do
|
||||
it "requires the user to be logged in" do
|
||||
delete "/categories/category.json"
|
||||
|
Loading…
Reference in New Issue
Block a user