Skip to content

Commit

Permalink
fix: any user is able to remove best answers (#96)
Browse files Browse the repository at this point in the history 
* fix: any user is able to remove best answers

* Apply fixes from StyleCI

---------

Co-authored-by: StyleCI Bot <[email protected]>
  • Loading branch information
@imorland @StyleCIBot
imorland and StyleCIBot committed Jul 16, 2024
1 parent 492ef15 commit ca18880
Show file tree
Hide file tree
Showing 3 changed files with 88 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/BestAnswerRepository.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@ public function canSelectPostAsBestAnswer(User $user, Post $post): bool
return true;
}

public function canRemoveBestAnswer(User $user, Discussion $discussion): bool
{
return self::canSelectBestAnswer($user, $discussion);
}

public function tagEnabledForBestAnswer(Discussion $discussion): bool
{
$enabled = false;
Expand Down
4 changes: 4 additions & 0 deletions src/Listeners/SaveBestAnswerToDatabase.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,10 @@ public function handle(Saving $event)

protected function removeBestAnswer(Discussion $discussion, User $actor): void
{
if (!$this->bestAnswer->canRemoveBestAnswer($actor, $discussion)) {
throw new PermissionDeniedException();
}

/** @var Post|null $post */
$post = $discussion->bestAnswerPost;

Expand Down
79 changes: 79 additions & 0 deletions tests/integration/api/UnsetBestAnswerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public function setUp(): void
'users' => [
$this->normalUser(),
['id' => 3, 'username' => 'normal2', 'email' => '[email protected]', 'is_email_confirmed' => 1, 'best_answer_count' => 0],
['id' => 4, 'username' => 'moderator', 'email' => 'mod:machine.local', 'is_email_confirmed' => 1],
],
'tags' => [
['id' => 2, 'name' => 'Q&A', 'slug' => 'q-a', 'description' => 'Q&A description', 'color' => '#FF0000', 'position' => 0, 'parent_id' => null, 'is_restricted' => false, 'is_hidden' => false, 'is_qna' => true],
Expand All @@ -46,6 +47,13 @@ public function setUp(): void
'discussion_tag' => [
['discussion_id' => 1, 'tag_id' => 2],
],
'group_permission' => [
['permission' => 'discussion.selectBestAnswerOwnDiscussion', 'group_id' => 3],
['permission' => 'discussion.selectBestAnswerNotOwnDiscussion', 'group_id' => 4],
],
'group_user' => [
['user_id' => 4, 'group_id' => 4],
],
]);
}

Expand Down Expand Up @@ -140,4 +148,75 @@ public function user_can_unset_best_answer_in_own_discussion_and_select_a_differ
$attributes = $data['data']['attributes'];
$this->assertEquals(3, $attributes['hasBestAnswer'], 'Expected best answer post ID to be 3');
}

public function noPermissionUserProvider(): array
{
return [
[3],
];
}

public function withPermissionUserProvider(): array
{
return [
[2],
[4],
];
}

/**
* @test
*
* @dataProvider noPermissionUserProvider
*/
public function user_without_permission_cannot_unset_a_best_answer(int $userId)
{
$response = $this->send(
$this->request(
'PATCH',
'/api/discussions/1',
[
'json' => [
'data' => [
'attributes' => [
'bestAnswerPostId' => 0,
],
],

],
'authenticatedAs' => $userId,
],
)
);

$this->assertEquals(403, $response->getStatusCode());
}

/**
* @test
*
* @dataProvider withPermissionUserProvider
*/
public function user_with_permission_can_unset_a_best_answer(int $userId)
{
$response = $this->send(
$this->request(
'PATCH',
'/api/discussions/1',
[
'json' => [
'data' => [
'attributes' => [
'bestAnswerPostId' => 0,
],
],

],
'authenticatedAs' => $userId,
],
)
);

$this->assertEquals(200, $response->getStatusCode());
}
}

0 comments on commit ca18880

Please sign in to comment.