IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: don't show contents of hidden posts when quoting the post and when replying as new topic. Also don't allow public to view edit history of hidden posts.

Browse Source
This commit is contained in:
Neil Lalonde
2014-04-15 12:48:49 -04:00
parent f0e8423445
commit 91bfd47419
3 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
spec/serializers/post_serializer_spec.rb
View File

@@ -75,4 +75,33 @@ describe PostSerializer do
end
end
context "a hidden post with add_raw enabled" do
let(:user) { Fabricate.build(:user) }
let(:raw) { "Offensive stuff here!" }
let(:post) { Fabricate.build(:post, raw: raw, user: user, hidden: true, hidden_reason_id: Post.hidden_reasons[:flag_threshold_reached]) }
def serialized_post_for_user(u)
s = PostSerializer.new(post, scope: Guardian.new(u), root: false)
s.add_raw = true
s.as_json
end
it "shows the raw post only if authorized to see it" do
serialized_post_for_user(user)[:raw].should == raw
serialized_post_for_user(nil)[:raw].should be_nil
serialized_post_for_user(Fabricate(:user))[:raw].should be_nil
serialized_post_for_user(Fabricate(:moderator))[:raw].should == raw
serialized_post_for_user(Fabricate(:admin))[:raw].should == raw
end
it "can view edit history only if authorized" do
serialized_post_for_user(user)[:can_view_edit_history].should == true
serialized_post_for_user(nil)[:can_view_edit_history].should == false
serialized_post_for_user(Fabricate(:user))[:can_view_edit_history].should == false
serialized_post_for_user(Fabricate(:moderator))[:can_view_edit_history].should == true
serialized_post_for_user(Fabricate(:admin))[:can_view_edit_history].should == true
end
end
end