FIX: self-onebox in read protected categories

This commit is contained in:
Régis Hanol 2016-11-07 18:14:28 +01:00
parent bc2c6b0918
commit 9ef724a065
2 changed files with 23 additions and 10 deletions

View File

@ -26,7 +26,7 @@ module Onebox
case route[:controller]
when "uploads" then upload_html(path)
when "topics" then topic_html(path, route)
when "topics" then topic_html(route)
end
end
@ -41,13 +41,14 @@ module Onebox
end
end
def topic_html(path, route)
def topic_html(route)
link = "<a href='#{@url}'>#{@url}</a>"
source_topic_id = @url[/[&?]source_topic_id=(\d+)/, 1].to_i
source_topic = Topic.find_by(id: source_topic_id) if source_topic_id > 0
if route[:post_number].present? && route[:post_number].to_i > 1
post = Post.find_by(topic_id: route[:topic_id], post_number: route[:post_number])
return link if post.nil? || post.hidden || !Guardian.new.can_see?(post)
return link unless can_see_post?(post, source_topic)
topic = post.topic
slug = Slug.for(topic.title)
@ -63,7 +64,7 @@ module Onebox
PrettyText.cook(quote, args)
else
topic = Topic.find_by(id: route[:topic_id])
return link if topic.nil? || !Guardian.new.can_see?(topic)
return link unless can_see_topic?(topic, source_topic)
first_post = topic.ordered_posts.first
@ -81,6 +82,20 @@ module Onebox
end
end
def can_see_post?(post, source_topic)
return false if post.nil? || post.hidden || post.trashed? || post.topic.nil?
Guardian.new.can_see_post?(post) || same_category?(post.topic.category, source_topic)
end
def can_see_topic?(topic, source_topic)
return false if topic.nil? || topic.trashed? || topic.private_message?
Guardian.new.can_see_topic?(topic) || same_category?(topic.category, source_topic)
end
def same_category?(category, source_topic)
source_topic.try(:category_id) == category.try(:id)
end
end
end
end

View File

@ -15,7 +15,7 @@ describe Onebox::Engine::DiscourseLocalOnebox do
it "returns a link if not allowed to see the post" do
url = "#{Discourse.base_url}#{post2.url}"
Guardian.any_instance.stubs(:can_see?).returns(false)
Guardian.any_instance.expects(:can_see_post?).returns(false)
expect(Onebox.preview(url).to_s).to eq("<a href='#{url}'>#{url}</a>")
end
@ -46,9 +46,9 @@ describe Onebox::Engine::DiscourseLocalOnebox do
expect(Onebox.preview(url).to_s).to eq("<a href='#{url}'>#{url}</a>")
end
it "returns a link if not allowed to see the post" do
it "returns a link if not allowed to see the topic" do
url = topic.url
Guardian.any_instance.stubs(:can_see?).returns(false)
Guardian.any_instance.expects(:can_see_topic?).returns(false)
expect(Onebox.preview(url).to_s).to eq("<a href='#{url}'>#{url}</a>")
end
@ -57,8 +57,7 @@ describe Onebox::Engine::DiscourseLocalOnebox do
expect(Onebox.preview(topic.url).to_s).to match(/hamburger\.png/)
end
it "returns some onebox goodness if post exists and can be seen" do
Guardian.any_instance.stubs(:can_see?).returns(true)
it "returns some onebox goodness if topic exists and can be seen" do
html = Onebox.preview(topic.url).to_s
expect(html).to include(topic.ordered_posts.first.user.username)
expect(html).to include("<blockquote>")
@ -101,7 +100,6 @@ describe Onebox::Engine::DiscourseLocalOnebox do
it "returns some onebox goodness if post exists and can be seen" do
url = "#{Discourse.base_url}#{post2.url}?source_topic_id=#{post2.topic_id+1}"
Guardian.any_instance.stubs(:can_see?).returns(true)
html = Onebox.preview(url).to_s
expect(html).to include(post2.excerpt)
expect(html).to include(post2.topic.title)