don't show tag groups if they're restricted to categories you can't access

This commit is contained in:
Neil Lalonde 2018-01-12 14:24:58 -05:00
parent ff2e8c1a51
commit 6d68275ef9
3 changed files with 55 additions and 1 deletions

View File

@ -30,7 +30,7 @@ class TagsController < ::ApplicationController
format.json do
if SiteSetting.tags_listed_by_group
grouped_tag_counts = TagGroup.order('name ASC').includes(:tags).map do |tag_group|
grouped_tag_counts = TagGroup.allowed(guardian).order('name ASC').includes(:tags).map do |tag_group|
{ id: tag_group.id, name: tag_group.name, tags: self.class.tag_counts_json(tag_group.tags) }
end

View File

@ -21,6 +21,19 @@ class TagGroup < ActiveRecord::Base
end
end
end
def self.allowed(guardian)
if guardian.is_staff?
TagGroup
else
category_permissions_filter = <<~SQL
id IN ( SELECT tag_group_id FROM category_tag_groups WHERE category_id IN (?))
OR id NOT IN (SELECT tag_group_id FROM category_tag_groups)
SQL
TagGroup.where(category_permissions_filter, guardian.allowed_category_ids)
end
end
end
# == Schema Information

View File

@ -0,0 +1,41 @@
require 'rails_helper'
describe TagGroup do
describe '#allowed' do
let(:user1) { Fabricate(:user) }
let(:user2) { Fabricate(:user) }
let(:admin) { Fabricate(:admin) }
let(:moderator) { Fabricate(:moderator) }
let(:group) { Fabricate(:group) }
let!(:public_tag_group) { Fabricate(:tag_group, name: 'Public', tag_names: ['public1']) }
let!(:private_tag_group) { Fabricate(:tag_group, name: 'Private', tag_names: ['privatetag1']) }
let!(:staff_tag_group) { Fabricate(:tag_group, name: 'Staff Talk', tag_names: ['stafftag1']) }
let!(:unrestricted_tag_group) { Fabricate(:tag_group, name: 'Unrestricted', tag_names: ['use-anywhere']) }
let!(:public_category) { Fabricate(:category, name: 'Public Category') }
let!(:private_category) { Fabricate(:private_category, group: group) }
let(:staff_category) { Fabricate(:category, name: 'Secret') }
before do
group.add(user2)
group.save!
staff_category.set_permissions(admins: :full)
staff_category.save!
private_category.set_permissions(staff: :full, group => :full)
private_category.save!
public_category.allowed_tag_groups = [public_tag_group.name]
private_category.allowed_tag_groups = [private_tag_group.name]
staff_category.allowed_tag_groups = [staff_tag_group.name]
end
it "returns correct groups based on category permissions" do
expect(TagGroup.allowed(Guardian.new(admin)).pluck(:name)).to match_array(TagGroup.pluck(:name))
expect(TagGroup.allowed(Guardian.new(moderator)).pluck(:name)).to match_array(TagGroup.pluck(:name))
expect(TagGroup.allowed(Guardian.new(user2)).pluck(:name)).to match_array([public_tag_group.name, unrestricted_tag_group.name, private_tag_group.name])
expect(TagGroup.allowed(Guardian.new(user1)).pluck(:name)).to match_array([public_tag_group.name, unrestricted_tag_group.name])
expect(TagGroup.allowed(Guardian.new(nil)).pluck(:name)).to match_array([public_tag_group.name, unrestricted_tag_group.name])
end
end
end