FEATURE: Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post (#21853)

Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post

spec/lib/guardian/post_guardian_spec.rb

@@ -1,32 +1,59 @@
 # frozen_string_literal: true
 
 RSpec.describe PostGuardian do
+  fab!(:groupless_user) { Fabricate(:user) }
   fab!(:user) { Fabricate(:user) }
   fab!(:anon) { Fabricate(:anonymous) }
   fab!(:admin) { Fabricate(:admin) }
-  fab!(:tl3_user) { Fabricate(:trust_level_3) }
-  fab!(:tl4_user) { Fabricate(:trust_level_4) }
   fab!(:moderator) { Fabricate(:moderator) }
+  fab!(:group) { Fabricate(:group) }
+  fab!(:group_user) { Fabricate(:group_user, group: group, user: user) }
   fab!(:category) { Fabricate(:category) }
   fab!(:topic) { Fabricate(:topic, category: category) }
   fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true) }
 
   describe "#can_see_hidden_post?" do
-    it "returns false for anonymous users" do
-      expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(false)
+    context "when the hidden_post_visible_groups contains everyone" do
+      before { SiteSetting.hidden_post_visible_groups = "#{Group::AUTO_GROUPS[:everyone]}" }
+
+      it "returns true for everyone" do
+        expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(true)
+        expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
+        expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
+        expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
+      end
     end
 
-    it "returns false for TL3 users" do
-      expect(Guardian.new(tl3_user).can_see_hidden_post?(hidden_post)).to eq(false)
+    context "when the post is a created by the user" do
+      fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true, user: user) }
+
+      before { SiteSetting.hidden_post_visible_groups = "" }
+
+      it "returns true for the author" do
+        SiteSetting.hidden_post_visible_groups = ""
+        expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
+      end
     end
 
-    it "returns true for TL4 users" do
-      expect(Guardian.new(tl4_user).can_see_hidden_post?(hidden_post)).to eq(true)
-    end
+    context "when the post is a created by another user" do
+      before { SiteSetting.hidden_post_visible_groups = "14|#{group.id}" }
 
-    it "returns true for staff users" do
-      expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
-      expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
+      it "returns true for staff users" do
+        expect(Guardian.new(admin).can_see_hidden_post?(hidden_post)).to eq(true)
+        expect(Guardian.new(moderator).can_see_hidden_post?(hidden_post)).to eq(true)
+      end
+
+      it "returns false for anonymous users" do
+        expect(Guardian.new(anon).can_see_hidden_post?(hidden_post)).to eq(false)
+      end
+
+      it "returns true if the user is in hidden_post_visible_groups" do
+        expect(Guardian.new(user).can_see_hidden_post?(hidden_post)).to eq(true)
+      end
+
+      it "returns false if the user is not in hidden_post_visible_groups" do
+        expect(Guardian.new(groupless_user).can_see_hidden_post?(hidden_post)).to eq(false)
+      end
     end
   end
 end

spec/requests/api/posts_spec.rb

@@ -131,6 +131,9 @@ RSpec.describe "posts" do
                        can_recover: {
                          type: :boolean,
                        },
+                       can_see_hidden_post: {
+                         type: :boolean,
+                       },
                        can_wiki: {
                          type: :boolean,
                        },

spec/requests/api/schemas/json/post_replies_response.json

@@ -119,6 +119,9 @@
       "can_recover": {
         "type": "boolean"
       },
+      "can_see_hidden_post": {
+        "type": "boolean"
+      },
       "can_wiki": {
         "type": "boolean"
       },
@@ -252,6 +255,7 @@
       "can_edit",
       "can_delete",
       "can_recover",
+      "can_see_hidden_post",
       "can_wiki",
       "user_title",
       "reply_to_user",

spec/requests/api/schemas/json/post_show_response.json

@@ -106,6 +106,9 @@
     "can_recover": {
       "type": "boolean"
     },
+    "can_see_hidden_post": {
+      "type": "boolean"
+    },
     "can_wiki": {
       "type": "boolean"
     },

spec/requests/api/schemas/json/post_update_response.json

@@ -110,6 +110,9 @@
         "can_recover": {
           "type": "boolean"
         },
+        "can_see_hidden_post": {
+          "type": "boolean"
+        },
         "can_wiki": {
           "type": "boolean"
         },

spec/requests/api/schemas/json/topic_create_response.json

@@ -121,6 +121,9 @@
     "can_recover": {
       "type": "boolean"
     },
+    "can_see_hidden_post": {
+      "type": "boolean"
+    },
     "can_wiki": {
       "type": "boolean"
     },

spec/requests/api/schemas/json/topic_show_response.json

@@ -117,6 +117,9 @@
                 "can_recover": {
                   "type": "boolean"
                 },
+                "can_see_hidden_post": {
+                  "type": "boolean"
+                },
                 "can_wiki": {
                   "type": "boolean"
                 },

spec/serializers/post_serializer_spec.rb

@@ -141,6 +141,13 @@ RSpec.describe PostSerializer do
         )
       end
 
+      it "includes if the user can see it" do
+        expect(serialized_post_for_user(Fabricate(:moderator))[:can_see_hidden_post]).to eq(true)
+        expect(serialized_post_for_user(Fabricate(:admin))[:can_see_hidden_post]).to eq(true)
+        expect(serialized_post_for_user(user)[:can_see_hidden_post]).to eq(true)
+        expect(serialized_post_for_user(Fabricate(:user))[:can_see_hidden_post]).to eq(false)
+      end
+
       it "shows the raw post only if authorized to see it" do
         expect(serialized_post_for_user(nil)[:raw]).to eq(nil)
         expect(serialized_post_for_user(Fabricate(:user))[:raw]).to eq(nil)