SECURITY: verify that inviter can invite new user to a topic

2025-02-25 18:55:32 -06:00 · 2017-10-09 15:52:41 +05:30
parent 59aeb0bc56
commit a2183c3f1d
4 changed files with 25 additions and 2 deletions
--- a/spec/models/invite_spec.rb
+++ b/spec/models/invite_spec.rb
@@ -141,6 +141,7 @@ describe Invite do
    let(:inviter) { group_private_topic.user }

    before do
+      group.add_owner(inviter)
      @invite = group_private_topic.invite_by_email(inviter, iceking)
    end

@@ -154,6 +155,13 @@ describe Invite do
        expect(@invite.groups).to eq([group])
      end
    end
+
+    it 'verifies that inviter is authorized to invite user to a topic' do
+      tl2_user = Fabricate(:user, trust_level: 2)
+
+      invite = group_private_topic.invite_by_email(tl2_user, 'foo@bar.com')
+      expect(invite.groups.count).to eq(0)
+    end
  end

  context 'an existing user' do