IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 08:57:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

DEV: Add test to ensure /categories/search doesn't return secret categories (#27469)

Browse Source
This commit is contained in:
Daniel Waterworth 2024-06-13 12:17:15 -05:00 committed by GitHub
parent 93c2ae585c
commit a1d881f625
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
spec/requests/categories_controller_spec.rb
View File

@ -1433,5 +1433,14 @@ RSpec.describe CategoriesController do
expect(category["has_children"]).to eq(true)
expect(category["subcategory_count"]).to eq(1)
end
it "doesn't expose secret categories" do
category.update!(read_restricted: true)
post "/categories/search.json", params: { term: "" }
expect(response.status).to eq(200)
expect(response.parsed_body["categories"].map { |c| c["id"] }).not_to include(category.id)
end
end
end