From 9ef724a065e81e9b22c76642b221dac33d6cdeea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Mon, 7 Nov 2016 18:14:28 +0100 Subject: [PATCH] FIX: self-onebox in read protected categories --- lib/onebox/engine/discourse_local_onebox.rb | 23 +++++++++++++++---- .../engine/discourse_local_onebox_spec.rb | 10 ++++---- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/lib/onebox/engine/discourse_local_onebox.rb b/lib/onebox/engine/discourse_local_onebox.rb index 37f7a487d75..34bc2789619 100644 --- a/lib/onebox/engine/discourse_local_onebox.rb +++ b/lib/onebox/engine/discourse_local_onebox.rb @@ -26,7 +26,7 @@ module Onebox case route[:controller] when "uploads" then upload_html(path) - when "topics" then topic_html(path, route) + when "topics" then topic_html(route) end end @@ -41,13 +41,14 @@ module Onebox end end - def topic_html(path, route) + def topic_html(route) link = "#{@url}" source_topic_id = @url[/[&?]source_topic_id=(\d+)/, 1].to_i + source_topic = Topic.find_by(id: source_topic_id) if source_topic_id > 0 if route[:post_number].present? && route[:post_number].to_i > 1 post = Post.find_by(topic_id: route[:topic_id], post_number: route[:post_number]) - return link if post.nil? || post.hidden || !Guardian.new.can_see?(post) + return link unless can_see_post?(post, source_topic) topic = post.topic slug = Slug.for(topic.title) @@ -63,7 +64,7 @@ module Onebox PrettyText.cook(quote, args) else topic = Topic.find_by(id: route[:topic_id]) - return link if topic.nil? || !Guardian.new.can_see?(topic) + return link unless can_see_topic?(topic, source_topic) first_post = topic.ordered_posts.first @@ -81,6 +82,20 @@ module Onebox end end + def can_see_post?(post, source_topic) + return false if post.nil? || post.hidden || post.trashed? || post.topic.nil? + Guardian.new.can_see_post?(post) || same_category?(post.topic.category, source_topic) + end + + def can_see_topic?(topic, source_topic) + return false if topic.nil? || topic.trashed? || topic.private_message? + Guardian.new.can_see_topic?(topic) || same_category?(topic.category, source_topic) + end + + def same_category?(category, source_topic) + source_topic.try(:category_id) == category.try(:id) + end + end end end diff --git a/spec/components/onebox/engine/discourse_local_onebox_spec.rb b/spec/components/onebox/engine/discourse_local_onebox_spec.rb index 90f9bf4534d..c3b015befc8 100644 --- a/spec/components/onebox/engine/discourse_local_onebox_spec.rb +++ b/spec/components/onebox/engine/discourse_local_onebox_spec.rb @@ -15,7 +15,7 @@ describe Onebox::Engine::DiscourseLocalOnebox do it "returns a link if not allowed to see the post" do url = "#{Discourse.base_url}#{post2.url}" - Guardian.any_instance.stubs(:can_see?).returns(false) + Guardian.any_instance.expects(:can_see_post?).returns(false) expect(Onebox.preview(url).to_s).to eq("#{url}") end @@ -46,9 +46,9 @@ describe Onebox::Engine::DiscourseLocalOnebox do expect(Onebox.preview(url).to_s).to eq("#{url}") end - it "returns a link if not allowed to see the post" do + it "returns a link if not allowed to see the topic" do url = topic.url - Guardian.any_instance.stubs(:can_see?).returns(false) + Guardian.any_instance.expects(:can_see_topic?).returns(false) expect(Onebox.preview(url).to_s).to eq("#{url}") end @@ -57,8 +57,7 @@ describe Onebox::Engine::DiscourseLocalOnebox do expect(Onebox.preview(topic.url).to_s).to match(/hamburger\.png/) end - it "returns some onebox goodness if post exists and can be seen" do - Guardian.any_instance.stubs(:can_see?).returns(true) + it "returns some onebox goodness if topic exists and can be seen" do html = Onebox.preview(topic.url).to_s expect(html).to include(topic.ordered_posts.first.user.username) expect(html).to include("
") @@ -101,7 +100,6 @@ describe Onebox::Engine::DiscourseLocalOnebox do it "returns some onebox goodness if post exists and can be seen" do url = "#{Discourse.base_url}#{post2.url}?source_topic_id=#{post2.topic_id+1}" - Guardian.any_instance.stubs(:can_see?).returns(true) html = Onebox.preview(url).to_s expect(html).to include(post2.excerpt) expect(html).to include(post2.topic.title)