Commit d844bdfc authored by azul's avatar azul

fix: page_term access_ids only for participations with access

We used to build access_ids from all user participations
rather than only the ones granting access.

This lead to pages showing up in page lists that the user
did not have access to anymore.

Only take into account user_participations with access level set
for the access ids. The other user participation serve to
track page visits, watch the page or star it.
parent 56da3848
......@@ -152,7 +152,7 @@ class Page < ApplicationRecord
before_save :clear_tag_cache
def clear_tag_cache
User.clear_tag_cache(user_ids) if @tags_changed
User.clear_tag_cache(user_participations.map(&:user_id)) if @tags_changed
end
#
......
......@@ -99,15 +99,14 @@ module Page::Users
# used for sphinx index
# e: why not just use the normal user_ids()? i guess the assumption is that
# user_participations will always be already loaded if we are saving the page.
# Plus it may be the first time we save the page. So
# user_participations may not exist in the database yet.
# We also only want user participations that actually grant access.
#
def user_ids
user_participations.collect(&:user_id)
user_participations.to_a.select(&:access).map(&:user_id)
end
# like users.with_access, but uses already included data
# def users_with_access
# user_participations.collect{|part| part.user if part.access }.compact
# end
# A contributor has actually modified the page in some way. A participant
# simply has a user_participation record, maybe they have never even seen
# the page.
......
......@@ -119,4 +119,54 @@ class GroupExpellTest < IntegrationTest
assert_no_content 'animals'
end
end
def test_do_not_list_group_pages_after_expel
# ensure everyone is a longterm member
Time.stub(:now, 2.weeks.from_now) do
@user = users(:blue)
page = create_page(owner: groups(:animals), title: 'animals secrets')
page.add(users(:kangaroo), star: true)
page.save!
login
visit '/animals'
click_on 'Members'
assert first('tr.even').has_content? 'Kangaroo!'
first('tr.even').click_on 'Remove'
logout
@user = users(:penguin)
login
visit '/animals'
click_on 'Members'
click_on 'Request to Remove Member is pending'
click_on 'Approve'
click_on 'Members'
assert_no_content 'Kangaroo!'
logout
@user = users(:kangaroo)
login
visit '/animals'
assert_no_content 'animals secrets'
end
end
def test_do_not_list_committee_pages_after_expel
page = create_page(owner: groups(:cold), title: 'cold colors secrets')
page.add(users(:penguin), star: true)
page.save!
@user = users(:penguin)
login
visit '/me'
assert_content 'cold colors secrets'
groups(:cold).remove_user! users(:penguin)
visit '/me'
assert_no_content 'cold colors secrets'
end
protected
def create_page(options = {})
defaults = { title: 'untitled page', public: false }
Page.create(defaults.merge(options))
end
end
......@@ -37,7 +37,7 @@ class TagSuggestionTest < JavascriptIntegrationTest
def test_tag_suggested_via_group_participations
tag_source_page = create_user_page tag_list: ['sharedtag']
tag_source_page.add [users(:dolphin), groups(:rainbow)]
tag_source_page.add [users(:dolphin), groups(:rainbow)], access: :edit
tag_source_page.save!
tag_me = create_user_page
tag_me.add [users(:dolphin), groups(:rainbow)], access: :edit
......
......@@ -5,12 +5,19 @@ require 'test_helper'
class Page::TermsTest < ActiveSupport::TestCase
def test_create
user = users(:blue)
page = DiscussionPage.create! title: 'hi', user: user
assert_equal Page.access_ids_for(user_ids: [user.id]).first,
page = DiscussionPage.create! title: 'hi', user: user, owner: user
assert_equal Page.access_ids_for(user_ids: [user.id]).join(' '),
page.page_terms.access_ids
assert page.page_terms.delta
end
def test_star_does_not_grant_access
page = DiscussionPage.create! title: 'hi', user: users(:blue), owner: groups(:rainbow)
page.add(users(:red), star: true)
assert_equal Page.access_ids_for(group_ids: [groups(:rainbow).id]).join(' '),
page.page_terms.access_ids
end
def test_destroy
user = users(:blue)
page = DiscussionPage.create! title: 'hi', user: user
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment