Merge remote-tracking branch 'origin/stable' into pkgr

Author: crohr

.travis.yml

@@ -5,10 +5,9 @@ env:
     - DISCOURSE_HOSTNAME=www.example.com
     - RUBY_GC_MALLOC_LIMIT=50000000
   matrix:
-    - "RAILS_MASTER=0 QUNIT_RUN=0"
-    - "RAILS_MASTER=1 QUNIT_RUN=0"
-    - "RAILS_MASTER=0 QUNIT_RUN=1"
-    - "RAILS_MASTER=1 QUNIT_RUN=1"
+    - "RAILS_MASTER=0 QUNIT_RUN=0 RUN_LINT=0"
+    - "RAILS_MASTER=0 QUNIT_RUN=1 RUN_LINT=0"
+    - "RAILS_MASTER=0 QUNIT_RUN=0 RUN_LINT=1"
 
 addons:
   postgresql: 9.5
@@ -20,14 +19,11 @@ addons:
     - jhead
 
 matrix:
-  allow_failures:
-    - env: "RAILS_MASTER=1 QUNIT_RUN=0"
-    - env: "RAILS_MASTER=1 QUNIT_RUN=1"
   fast_finish: true
 
 rvm:
-  - 2.4.1
-  - 2.3.3
+  - 2.4.2
+  - 2.3.4
 
 services:
   - redis-server
@@ -46,20 +42,32 @@ before_install:
   - git clone --depth=1 https://github.com/discourse/discourse-spoiler-alert.git plugins/discourse-spoiler-alert
   - git clone --depth=1 https://github.com/discourse/discourse-cakeday.git plugins/discourse-cakeday
   - git clone --depth=1 https://github.com/discourse/discourse-canned-replies.git plugins/discourse-canned-replies
-  - git clone --depth=1 https://github.com/discourse/discourse-slack-official.git plugins/discourse-slack-official
-  - yarn global add eslint@3 babel-eslint
-  - eslint app/assets/javascripts
-  - eslint --ext .es6 app/assets/javascripts
-  - eslint --ext .es6 test/javascripts
-  - eslint --ext .es6 plugins/**/assets/javascripts
-  - eslint test/javascripts
-
-before_script:
-  - bundle exec rake db:create db:migrate
+  - git clone --depth=1 https://github.com/discourse/discourse-chat-integration.git plugins/discourse-chat-integration
+  - git clone --depth=1 https://github.com/discourse/discourse-assign.git plugins/discourse-assign
+  - export PATH=$HOME/.yarn/bin:$PATH
 
 install:
   - bash -c "if [ '$RAILS_MASTER' == '1' ]; then bundle update --retry=3 --jobs=3 arel rails seed-fu; fi"
   - bash -c "if [ '$RAILS_MASTER' == '0' ]; then bundle install --without development --deployment --retry=3 --jobs=3; fi"
+  - bash -c "if [ '$RUN_LINT' == '1' ]; then yarn global add eslint babel-eslint; fi"
 
 script:
-  - bash -c "if [ '$QUNIT_RUN' == '0' ]; then bundle exec rspec && bundle exec rake plugin:spec; else bundle exec rake qunit:test['200000']; fi"
+  - |
+    bash -c "
+      if [ '$RUN_LINT' == '1' ]; then
+        bundle exec rubocop --parallel && \
+        eslint --ext .es6 app/assets/javascripts && \
+        eslint --ext .es6 test/javascripts && \
+        eslint --ext .es6 plugins/**/assets/javascripts && \
+        eslint --ext .es6 plugins/**/test/javascripts && \
+        eslint app/assets/javascripts test/javascripts
+      else
+        bundle exec rake db:create db:migrate
+
+        if [ '$QUNIT_RUN' == '1' ]; then
+          LOAD_PLUGINS=1 bundle exec rake qunit:test['400000']
+        else
+          bundle exec rspec && bundle exec rake plugin:spec
+        fi
+      fi
+    "

app/controllers/topics_controller.rb

@@ -471,7 +471,7 @@ def invite_group
     topic = Topic.find_by(id: params[:topic_id])
 
     if topic.private_message?
-      guardian.ensure_can_send_private_message!(group)
+      guardian.ensure_can_invite_group_to_private_message!(group, topic)
       topic.invite_group(current_user, group)
       render_json_dump BasicGroupSerializer.new(group, scope: guardian, root: 'group')
     else

lib/guardian.rb

@@ -269,6 +269,11 @@ def can_see_private_messages?(user_id)
     is_admin? || (authenticated? && @user.id == user_id)
   end
 
+  def can_invite_group_to_private_message?(group, topic)
+    can_see_topic?(topic) &&
+    can_send_private_message?(group)
+  end
+
   def can_send_private_message?(target)
     (target.is_a?(Group) || target.is_a?(User)) &&
     # User is authenticated

spec/controllers/topics_controller_spec.rb

@@ -1011,31 +1011,57 @@ def topics_controller_show_gen_perm_tests(expected, ctx)
   end
 
   describe 'invite_group' do
-    let :admins do
-      Group[:admins]
-    end
+    let(:admins) { Group[:admins] }
+    let(:pm) { Fabricate(:private_message_topic) }
 
-    let! :admin do
-      log_in :admin
+    def invite_group(topic, expected_status)
+      xhr :post, :invite_group, topic_id: topic.id, group: admins.name
+      expect(response.status).to eq(expected_status)
     end
 
     before do
-      admins.alias_level = Group::ALIAS_LEVELS[:everyone]
-      admins.save!
+      admins.update!(alias_level: Group::ALIAS_LEVELS[:everyone])
     end
 
-    it "disallows inviting a group to a topic" do
-      topic = Fabricate(:topic)
-      xhr :post, :invite_group, topic_id: topic.id, group: 'admins'
-      expect(response.status).to eq(422)
+    describe 'as an anon user' do
+      it 'should be forbidden' do
+        invite_group(pm, 403)
+      end
     end
 
-    it "allows inviting a group to a PM" do
-      topic = Fabricate(:private_message_topic)
-      xhr :post, :invite_group, topic_id: topic.id, group: 'admins'
+    describe 'as a normal user' do
+      let!(:user) { log_in }
 
-      expect(response.status).to eq(200)
-      expect(topic.allowed_groups.first.id).to eq(admins.id)
+      describe 'when user does not have permission to view the topic' do
+        it 'should be forbidden' do
+          invite_group(pm, 403)
+        end
+      end
+
+      describe 'when user has permission to view the topic' do
+        before do
+          pm.allowed_users << user
+        end
+
+        it 'should allow user to invite group to topic' do
+          invite_group(pm, 200)
+          expect(pm.allowed_groups.first.id).to eq(admins.id)
+        end
+      end
+    end
+
+    describe 'as an admin user' do
+      let!(:admin) { log_in(:admin) }
+
+      it "disallows inviting a group to a topic" do
+        topic = Fabricate(:topic)
+        invite_group(topic, 422)
+      end
+
+      it "allows inviting a group to a PM" do
+        invite_group(pm, 200)
+        expect(pm.allowed_groups.first.id).to eq(admins.id)
+      end
     end
   end
 

spec/models/invite_spec.rb

@@ -141,6 +141,7 @@
     let(:inviter) { group_private_topic.user }
 
     before do
+      group.add_owner(inviter)
       @invite = group_private_topic.invite_by_email(inviter, iceking)
     end