Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-01 13:20:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #8998, allow guests to use write api to post/reply

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-11-29 15:43:40 -05:00
parent 5a137a0dd6
commit 3cd0c9a476
2 changed files with 54 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/write/topics.js
View File

@@ -10,8 +10,8 @@ const setupApiRoute = routeHelpers.setupApiRoute;
module.exports = function () {
const middlewares = [middleware.authenticate];
setupApiRoute(router, 'post', '/', [...middlewares, middleware.checkRequired.bind(null, ['cid', 'title', 'content'])], controllers.write.topics.create);
setupApiRoute(router, 'post', '/:tid', [...middlewares, middleware.checkRequired.bind(null, ['content']), middleware.assert.topic], controllers.write.topics.reply);
setupApiRoute(router, 'post', '/', [middleware.authenticateOrGuest, middleware.checkRequired.bind(null, ['cid', 'title', 'content'])], controllers.write.topics.create);
setupApiRoute(router, 'post', '/:tid', [middleware.authenticateOrGuest, middleware.checkRequired.bind(null, ['content']), middleware.assert.topic], controllers.write.topics.reply);
setupApiRoute(router, 'delete', '/:tid', [...middlewares], controllers.write.topics.purge);
setupApiRoute(router, 'put', '/:tid/state', [...middlewares], controllers.write.topics.restore);

52
test/topics.js
View File

@@ -5,6 +5,7 @@ const assert = require('assert');
const validator = require('validator');
const nconf = require('nconf');
const request = require('request');
const util = require('util');
const db = require('./mocks/databasemock');
const topics = require('../src/topics');
@@ -18,6 +19,11 @@ const helpers = require('./helpers');
const socketPosts = require('../src/socket.io/posts');
const socketTopics = require('../src/socket.io/topics');
const requestType = util.promisify(function (type, url, opts, cb) {
request[type](url, opts, (err, res, body) => cb(err, { res: res, body: body }));
});
describe('Topic\'s', function () {
var topic;
var categoryObj;
@@ -111,6 +117,52 @@ describe('Topic\'s', function () {
done();
});
});
it('should fail to post a topic as guest if no privileges', async function () {
const categoryObj = await categories.create({
name: 'Test Category',
description: 'Test category created by testing script',
});
const result = await requestType('post', nconf.get('url') + '/api/v3/topics', {
form: {
title: 'just a title',
cid: categoryObj.cid,
content: 'content for the main post',
},
json: true,
});
assert.strictEqual(result.body.status.message, '[[error:no-privileges]]');
});
it('should post a topic as guest if guest group has privileges', async function () {
const categoryObj = await categories.create({
name: 'Test Category',
description: 'Test category created by testing script',
});
await privileges.categories.give(['groups:topics:create'], categoryObj.cid, 'guests');
await privileges.categories.give(['groups:topics:reply'], categoryObj.cid, 'guests');
const result = await requestType('post', nconf.get('url') + '/api/v3/topics', {
form: {
title: 'just a title',
cid: categoryObj.cid,
content: 'content for the main post',
},
json: true,
});
assert.strictEqual(result.body.status.code, 'ok');
assert.strictEqual(result.body.response.title, 'just a title');
assert.strictEqual(result.body.response.user.username, '[[global:guest]]');
const replyResult = await requestType('post', nconf.get('url') + '/api/v3/topics/' + result.body.response.tid, {
form: {
content: 'a reply by guest',
},
json: true,
});
assert.strictEqual(replyResult.body.response.content, 'a reply by guest');
});
});
describe('.reply', function () {