Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-06 03:39:06 +08:00
Code Packages Activity Actions
discourse/spec/lib/topic_localization_destroyer_spec.rb
Natalie Tay 71b96243e1
FIX: Also check if user can see post or topic prior to letting them localize it (#36749) 
There exists a `localization_guardian` that checks if a user can
localize based on settings like
- `content_localization_allowed_groups`
- `content_localization_allow_author_localization`

However, it missed out checking if the user can even see the model.

This commit fixes that by adding the checks. This issue was found as I was
adding a new model (`tags`) and discovered they were absent for the
older models.

This commit also introduces a small refactor that `.find`s the model first
on the controller and passes the object, so that the subsequent services
do not have to `.find` them again.
2025-12-18 02:12:58 +08:00

62 lines
2 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
describe TopicLocalizationDestroyer do
fab!(:user)
fab!(:group)
fab!(:topic)
fab!(:localization) { Fabricate(:topic_localization, topic:, locale: "ja") }
let(:locale) { "ja" }
before do
SiteSetting.content_localization_enabled = true
SiteSetting.content_localization_allowed_groups = group.id.to_s
group.add(user)
end
it "deletes the localization" do
expect { described_class.destroy(topic:, locale:, acting_user: user) }.to change {
TopicLocalization.count
}.by(-1)
expect { TopicLocalization.find(localization.id) }.to raise_error(ActiveRecord::RecordNotFound)
end
it "raises not found if the localization is missing" do
expect { described_class.destroy(topic:, locale: "nope", acting_user: user) }.to raise_error(
Discourse::NotFound,
)
end
it "raises permission error if user not in allowed groups" do
group.remove(user)
expect { described_class.destroy(topic:, locale:, acting_user: user) }.to raise_error(
Discourse::InvalidAccess,
)
end
context "with author localization" do
fab!(:author, :user)
fab!(:author_topic) { Fabricate(:topic, user: author) }
fab!(:author_localization) { Fabricate(:topic_localization, topic: author_topic, locale: "ja") }
before do
SiteSetting.content_localization_allow_author_localization = true
group.remove(author)
end
it "allows topic author to destroy localization for their own topic" do
expect {
described_class.destroy(topic: author_topic, locale: "ja", acting_user: author)
}.to change { TopicLocalization.count }.by(-1)
expect { TopicLocalization.find(author_localization.id) }.to raise_error(
ActiveRecord::RecordNotFound,
)
end
it "raises permission error if user is not the topic author" do
expect { described_class.destroy(topic:, locale:, acting_user: author) }.to raise_error(
Discourse::InvalidAccess,
)
end
end
end
View git blame Copy permalink