1023 lines
41 KiB
Ruby
1023 lines
41 KiB
Ruby
require "spec_helper"
|
|
|
|
describe CommentsController do
|
|
include LoginMacros
|
|
include RedirectExpectationHelper
|
|
|
|
let(:comment) { create(:comment) }
|
|
let(:unreviewed_comment) { create(:comment, :unreviewed) }
|
|
|
|
before do
|
|
request.env["HTTP_REFERER"] = "/where_i_came_from"
|
|
end
|
|
|
|
describe "GET #new" do
|
|
it "errors if the commentable is not a valid tag" do
|
|
get :new, params: { tag_id: "Non existent tag" }
|
|
expect(flash[:error]).to eq "What did you want to comment on?"
|
|
end
|
|
|
|
it "renders the :new template if commentable is a valid admin post" do
|
|
admin_post = create(:admin_post, comment_permissions: :enable_all)
|
|
get :new, params: { admin_post_id: admin_post.id }
|
|
expect(response).to render_template("new")
|
|
expect(assigns(:name)).to eq(admin_post.title)
|
|
end
|
|
|
|
context "when the commentable is a valid tag" do
|
|
let(:fandom) { create(:fandom) }
|
|
|
|
context "when logged in as an admin" do
|
|
before { fake_login_admin(create(:admin)) }
|
|
|
|
it "redirects to root with notice prompting log out" do
|
|
get :new, params: { tag_id: fandom.name }
|
|
it_redirects_to_with_notice(root_path, "Please log out of your admin account first!")
|
|
end
|
|
end
|
|
|
|
context "when logged in as a tag wrangler" do
|
|
before { fake_login_known_user(create(:tag_wrangler)) }
|
|
|
|
it "renders the :new template" do
|
|
get :new, params: { tag_id: fandom.name }
|
|
expect(response).to render_template("new")
|
|
expect(assigns(:name)).to eq("Fandom")
|
|
end
|
|
end
|
|
|
|
context "when logged in as a random user" do
|
|
before { fake_login }
|
|
|
|
it "shows an error and redirects" do
|
|
get :new, params: { tag_id: fandom.name }
|
|
it_redirects_to_with_error(user_path(controller.current_user),
|
|
"Sorry, you don't have permission to " \
|
|
"access the page you were trying to " \
|
|
"reach.")
|
|
end
|
|
end
|
|
|
|
context "when logged out" do
|
|
before { fake_logout }
|
|
|
|
it "shows an error and redirects" do
|
|
get :new, params: { tag_id: fandom.name }
|
|
it_redirects_to_with_error(new_user_session_path,
|
|
"Sorry, you don't have permission to " \
|
|
"access the page you were trying to " \
|
|
"reach. Please log in.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "guest comments are turned on in admin settings" do
|
|
let(:work) { create(:work) }
|
|
let(:work_with_guest_comment_on) { create(:work, :guest_comments_on) }
|
|
let(:admin_setting) { AdminSetting.first || AdminSetting.create }
|
|
|
|
before do
|
|
admin_setting.update_attribute(:guest_comments_off, false)
|
|
end
|
|
|
|
it "does not allow guest comments" do
|
|
get :new, params: { work_id: work.id }
|
|
|
|
it_redirects_to_with_error(work_path(work),
|
|
"Sorry, this work doesn't allow non-Archive users to comment.")
|
|
end
|
|
|
|
it "allows guest comments when work has guest comments enabled" do
|
|
get :new, params: { work_id: work_with_guest_comment_on.id }
|
|
|
|
expect(response).to render_template(:new)
|
|
end
|
|
end
|
|
|
|
context "guest comments are turned off in admin settings" do
|
|
let(:work) { create(:work) }
|
|
let(:admin_setting) { AdminSetting.first || AdminSetting.create }
|
|
|
|
before do
|
|
admin_setting.update_attribute(:guest_comments_off, true)
|
|
end
|
|
|
|
[:enable_all, :disable_anon].each do |permissions|
|
|
context "when work comment permissions are #{permissions}" do
|
|
before do
|
|
work.update_attribute(:comment_permissions, permissions)
|
|
end
|
|
|
|
it "redirects logged out user with an error" do
|
|
get :new, params: { work_id: work.id }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, the Archive doesn't allow guests to comment right now.")
|
|
end
|
|
|
|
it "renders the :new template for logged in user" do
|
|
fake_login
|
|
get :new, params: { work_id: work.id }
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to render_template("new")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when work comment permissions are disable_all" do
|
|
before do
|
|
work.update_attribute(:comment_permissions, :disable_all)
|
|
end
|
|
|
|
it "redirects logged out user with an error" do
|
|
get :new, params: { work_id: work.id }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, the Archive doesn't allow guests to comment right now.")
|
|
end
|
|
|
|
it "redirects logged in user with an error" do
|
|
fake_login
|
|
get :new, params: { work_id: work.id }
|
|
it_redirects_to_with_error(work_path(work), "Sorry, this work doesn't allow comments.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when work comment permissions are enable_all" do
|
|
let(:work) { create(:work, :guest_comments_on) }
|
|
|
|
it "renders the :new template if commentable is a valid comment" do
|
|
comment = create(:comment, commentable: work)
|
|
get :new, params: { comment_id: comment.id }
|
|
expect(response).to render_template("new")
|
|
expect(assigns(:name)).to eq("Previous Comment")
|
|
end
|
|
|
|
it "shows an error and redirects if commentable is a frozen comment" do
|
|
comment = create(:comment, iced: true, commentable: work)
|
|
get :new, params: { comment_id: comment.id }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, you cannot reply to a frozen comment.")
|
|
end
|
|
|
|
it "shows an error and redirects if commentable is a hidden comment" do
|
|
comment = create(:comment, hidden_by_admin: true, commentable: work)
|
|
get :new, params: { comment_id: comment.id }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, you cannot reply to a hidden comment.")
|
|
end
|
|
end
|
|
|
|
shared_examples "guest cannot reply to a user with guest replies disabled" do
|
|
it "redirects guest with an error" do
|
|
get :new, params: { comment_id: comment.id }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, this user doesn't allow non-Archive users to reply to their comments.")
|
|
end
|
|
|
|
it "renders the :new template for logged in user" do
|
|
fake_login
|
|
get :new, params: { comment_id: comment.id }
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to render_template("new")
|
|
end
|
|
end
|
|
|
|
shared_examples "guest can reply to a user with guest replies disabled on user's work" do
|
|
it "renders the :new template for guest" do
|
|
get :new, params: { comment_id: comment.id }
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to render_template("new")
|
|
end
|
|
|
|
it "renders the :new template for logged in user" do
|
|
fake_login
|
|
get :new, params: { comment_id: comment.id }
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to render_template("new")
|
|
end
|
|
end
|
|
|
|
context "user has guest comment replies disabled" do
|
|
let(:user) do
|
|
user = create(:user)
|
|
user.preference.update!(guest_replies_off: true)
|
|
user
|
|
end
|
|
|
|
context "when commentable is an admin post" do
|
|
let(:comment) { create(:comment, :on_admin_post, pseud: user.default_pseud) }
|
|
|
|
it_behaves_like "guest cannot reply to a user with guest replies disabled"
|
|
end
|
|
|
|
context "when commentable is a tag" do
|
|
let(:comment) { create(:comment, :on_tag, pseud: user.default_pseud) }
|
|
|
|
it_behaves_like "guest cannot reply to a user with guest replies disabled"
|
|
end
|
|
|
|
context "when commentable is a work with guest comments enabled" do
|
|
let(:comment) { create(:comment, :on_work_with_guest_comments_on, pseud: user.default_pseud) }
|
|
|
|
it_behaves_like "guest cannot reply to a user with guest replies disabled"
|
|
end
|
|
|
|
context "when comment is on user's work with guest comments enabled" do
|
|
let(:work) { create(:work, :guest_comments_on, authors: [user.default_pseud]) }
|
|
let(:comment) { create(:comment, pseud: user.default_pseud, commentable: work.first_chapter) }
|
|
|
|
it_behaves_like "guest can reply to a user with guest replies disabled on user's work"
|
|
end
|
|
|
|
context "when commentable is user's co-creation" do
|
|
let(:work) { create(:work, :guest_comments_on, authors: [create(:user).default_pseud, user.default_pseud]) }
|
|
let(:comment) { create(:comment, pseud: user.default_pseud, commentable: work.first_chapter) }
|
|
|
|
it_behaves_like "guest can reply to a user with guest replies disabled on user's work"
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "POST #create" do
|
|
let(:anon_comment_attributes) do
|
|
attributes_for(:comment, :by_guest).slice(:name, :email, :comment_content)
|
|
end
|
|
|
|
context "when replying from the inbox" do
|
|
let!(:user) { create(:user) }
|
|
let!(:comment) { create(:comment) }
|
|
|
|
before do
|
|
fake_login_known_user(user)
|
|
request.env["HTTP_REFERER"] = user_inbox_path(user)
|
|
end
|
|
|
|
it "creates the reply and redirects to user inbox path" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "Hello fellow human!"
|
|
}
|
|
post :create, params: { comment_id: comment.id, comment: comment_attributes, filters: { date: "asc" } }
|
|
expect(response).to redirect_to(user_inbox_path(user, filters: { date: "asc" }))
|
|
expect(flash[:comment_notice]).to eq "Comment created!"
|
|
end
|
|
end
|
|
|
|
context "when the commentable is a valid tag" do
|
|
let(:fandom) { create(:fandom) }
|
|
|
|
context "when logged in as an admin" do
|
|
before { fake_login_admin(create(:admin)) }
|
|
|
|
it "redirects to root with notice prompting log out" do
|
|
post :create, params: { tag_id: fandom.name, comment: anon_comment_attributes }
|
|
it_redirects_to_with_notice(root_path, "Please log out of your admin account first!")
|
|
comment = Comment.last
|
|
expect(comment).to eq nil
|
|
end
|
|
end
|
|
|
|
context "when logged in as a tag wrangler" do
|
|
before { fake_login_known_user(create(:tag_wrangler)) }
|
|
|
|
it "posts the comment and shows it in context" do
|
|
post :create, params: { tag_id: fandom.name, comment: anon_comment_attributes }
|
|
comment = Comment.last
|
|
expect(comment.commentable).to eq fandom
|
|
expect(comment.name).to eq anon_comment_attributes[:name]
|
|
expect(comment.email).to eq anon_comment_attributes[:email]
|
|
expect(comment.comment_content).to include anon_comment_attributes[:comment_content]
|
|
path = comments_path(tag_id: fandom.to_param,
|
|
anchor: "comment_#{comment.id}")
|
|
expect(response).to redirect_to path
|
|
end
|
|
end
|
|
|
|
context "when logged in as a random user" do
|
|
before { fake_login }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { tag_id: fandom.name, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(user_path(controller.current_user),
|
|
"Sorry, you don't have permission to " \
|
|
"access the page you were trying to " \
|
|
"reach.")
|
|
end
|
|
end
|
|
|
|
context "when logged out" do
|
|
before { fake_logout }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { tag_id: fandom.name, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(new_user_session_path,
|
|
"Sorry, you don't have permission to " \
|
|
"access the page you were trying to " \
|
|
"reach. Please log in.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when the commentable is a work" do
|
|
context "when the work is restricted" do
|
|
let(:work) { create(:work, restricted: true) }
|
|
|
|
it "redirects to the login page" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
it_redirects_to(new_user_session_path(restricted_commenting: true))
|
|
end
|
|
end
|
|
|
|
context "when the work has all comments disabled" do
|
|
let(:work) { create(:work, comment_permissions: :disable_all) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(work_path(work),
|
|
"Sorry, this work doesn't allow comments.")
|
|
end
|
|
|
|
it "sets flash_is_set to bypass caching" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
expect(cookies[:flash_is_set]).to eq("1")
|
|
end
|
|
end
|
|
|
|
context "when the work has anonymous comments disabled" do
|
|
let(:work) { create(:work, comment_permissions: :disable_anon) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(work_path(work),
|
|
"Sorry, this work doesn't allow non-Archive users to comment.")
|
|
end
|
|
|
|
it "sets flash_is_set to bypass caching" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
expect(cookies[:flash_is_set]).to eq("1")
|
|
end
|
|
end
|
|
|
|
context "when logged in as an admin" do
|
|
let(:work) { create(:work, :guest_comments_on) }
|
|
|
|
before { fake_login_admin(create(:admin)) }
|
|
|
|
it "redirects to root with notice prompting log out" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_notice(root_path, "Please log out of your admin account first!")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when the commentable is an admin post" do
|
|
context "where all comments are disabled" do
|
|
let(:admin_post) { create(:admin_post, comment_permissions: :disable_all) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { admin_post_id: admin_post.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(admin_post_path(admin_post),
|
|
"Sorry, this news post doesn't allow comments.")
|
|
end
|
|
end
|
|
|
|
context "where anonymous comments are disabled" do
|
|
let(:admin_post) { create(:admin_post, comment_permissions: :disable_anon) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { admin_post_id: admin_post.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(admin_post_path(admin_post),
|
|
"Sorry, this news post doesn't allow non-Archive users to comment.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when the commentable is a comment" do
|
|
context "on a parent work" do
|
|
context "where all comments are disabled" do
|
|
let(:work) { create(:work, comment_permissions: :disable_all) }
|
|
let(:comment) { create(:comment, commentable: work.first_chapter) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(work_path(work),
|
|
"Sorry, this work doesn't allow comments.")
|
|
end
|
|
end
|
|
|
|
context "where anonymous comments are disabled" do
|
|
let(:work) { create(:work, comment_permissions: :disable_anon) }
|
|
let(:comment) { create(:comment, commentable: work.first_chapter) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(work_path(work),
|
|
"Sorry, this work doesn't allow non-Archive users to comment.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "on an admin post" do
|
|
context "where all comments are disabled" do
|
|
let(:admin_post) { create(:admin_post, comment_permissions: :disable_all) }
|
|
let(:comment) { create(:comment, commentable: admin_post) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(admin_post_path(admin_post),
|
|
"Sorry, this news post doesn't allow comments.")
|
|
end
|
|
end
|
|
|
|
context "where anonymous comments are disabled" do
|
|
let(:admin_post) { create(:admin_post, comment_permissions: :disable_anon) }
|
|
let(:comment) { create(:comment, commentable: admin_post) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error(admin_post_path(admin_post),
|
|
"Sorry, this news post doesn't allow non-Archive users to comment.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "with guest comments enabled" do
|
|
let(:work_with_guest_comment_on) { create(:work, :guest_comments_on) }
|
|
|
|
context "when the commentable is frozen" do
|
|
let(:comment) { create(:comment, iced: true, commentable: work_with_guest_comment_on) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, you cannot reply to a frozen comment.")
|
|
end
|
|
end
|
|
|
|
context "when the commentable is hidden" do
|
|
let(:comment) { create(:comment, hidden_by_admin: true, commentable: work_with_guest_comment_on) }
|
|
|
|
it "shows an error and redirects" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, you cannot reply to a hidden comment.")
|
|
end
|
|
end
|
|
|
|
context "when the commentable is spam" do
|
|
let(:spam_comment) { create(:comment, commentable: work_with_guest_comment_on) }
|
|
|
|
before { spam_comment.update_attribute(:approved, false) }
|
|
|
|
it "shows an error and redirects if commentable is a comment marked as spam" do
|
|
post :create, params: { comment_id: spam_comment.id, comment: anon_comment_attributes }
|
|
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, you can't reply to a comment that has been marked as spam.")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "guest comments are turned on in admin settings" do
|
|
let(:work) { create(:work, :guest_comments_on) }
|
|
let(:admin_setting) { AdminSetting.first || AdminSetting.create }
|
|
|
|
before do
|
|
admin_setting.update_attribute(:guest_comments_off, false)
|
|
end
|
|
|
|
it "allows guest comments when work has guest comments enabled" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
|
|
expect(flash[:error]).to be_nil
|
|
end
|
|
end
|
|
|
|
context "guest comments are turned off in admin settings" do
|
|
let(:work) { create(:work) }
|
|
let(:user) { create(:user) }
|
|
let(:admin_setting) { AdminSetting.first || AdminSetting.create }
|
|
|
|
before do
|
|
admin_setting.update_attribute(:guest_comments_off, true)
|
|
end
|
|
|
|
[:enable_all, :disable_anon].each do |permissions|
|
|
context "when work comment permissions are #{permissions}" do
|
|
before do
|
|
work.update_attribute(:comment_permissions, permissions)
|
|
end
|
|
|
|
it "redirects logged out user with an error" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, the Archive doesn't allow guests to comment right now.")
|
|
end
|
|
|
|
it "redirects logged in user to the comment on the commentable without an error" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "Hello fellow human!"
|
|
}
|
|
fake_login_known_user(user)
|
|
post :create, params: { work_id: work.id, comment: comment_attributes }
|
|
comment = Comment.last
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to redirect_to(chapter_path(comment.commentable, show_comments: true, view_full_work: false, anchor: "comment_#{comment.id}"))
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when work comment permissions are disable_all" do
|
|
before do
|
|
work.update_attribute(:comment_permissions, :disable_all)
|
|
end
|
|
|
|
it "redirects logged out user with an error" do
|
|
post :create, params: { work_id: work.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, the Archive doesn't allow guests to comment right now.")
|
|
end
|
|
|
|
it "redirects logged in user with an error" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "Hello fellow human!"
|
|
}
|
|
fake_login_known_user(user)
|
|
post :create, params: { work_id: work.id, comment: comment_attributes }
|
|
it_redirects_to_with_error(work_path(work), "Sorry, this work doesn't allow comments.")
|
|
end
|
|
end
|
|
end
|
|
|
|
shared_examples "guest cannot reply to a user with guest replies disabled" do
|
|
it "redirects guest with an error" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
it_redirects_to_with_error("/where_i_came_from", "Sorry, this user doesn't allow non-Archive users to reply to their comments.")
|
|
end
|
|
|
|
it "redirects logged in user without an error" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "Hello fellow human!"
|
|
}
|
|
fake_login_known_user(user)
|
|
post :create, params: { comment_id: comment.id, comment: comment_attributes }
|
|
expect(flash[:error]).to be_nil
|
|
end
|
|
end
|
|
|
|
shared_examples "guest can reply to a user with guest replies disabled on user's work" do
|
|
it "redirects guest without an error" do
|
|
post :create, params: { comment_id: comment.id, comment: anon_comment_attributes }
|
|
expect(flash[:error]).to be_nil
|
|
end
|
|
|
|
it "redirects logged in user without an error" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "Hello fellow human!"
|
|
}
|
|
fake_login_known_user(user)
|
|
post :create, params: { comment_id: comment.id, comment: comment_attributes }
|
|
expect(flash[:error]).to be_nil
|
|
end
|
|
end
|
|
|
|
context "user has guest comment replies disabled" do
|
|
let(:user) do
|
|
user = create(:user)
|
|
user.preference.update!(guest_replies_off: true)
|
|
user
|
|
end
|
|
|
|
context "when commentable is an admin post" do
|
|
let(:comment) { create(:comment, :on_admin_post, pseud: user.default_pseud) }
|
|
|
|
it_behaves_like "guest cannot reply to a user with guest replies disabled"
|
|
end
|
|
|
|
context "when commentable is a tag" do
|
|
let(:comment) { create(:comment, :on_tag, pseud: user.default_pseud) }
|
|
|
|
it_behaves_like "guest cannot reply to a user with guest replies disabled"
|
|
end
|
|
|
|
context "when commentable is a work with guest comments enabled" do
|
|
let(:comment) { create(:comment, :on_work_with_guest_comments_on, pseud: user.default_pseud) }
|
|
|
|
it_behaves_like "guest cannot reply to a user with guest replies disabled"
|
|
end
|
|
|
|
context "when comment is on user's work with guest comments enabled" do
|
|
let(:work) { create(:work, :guest_comments_on, authors: [user.default_pseud]) }
|
|
let(:comment) { create(:comment, pseud: user.default_pseud, commentable: work.first_chapter) }
|
|
|
|
it_behaves_like "guest can reply to a user with guest replies disabled on user's work"
|
|
end
|
|
|
|
context "when commentable is user's co-creation with guest comments enabled" do
|
|
let(:work) { create(:work, :guest_comments_on, authors: [create(:user).default_pseud, user.default_pseud]) }
|
|
let(:comment) { create(:comment, pseud: user.default_pseud, commentable: work.first_chapter) }
|
|
|
|
it_behaves_like "guest can reply to a user with guest replies disabled on user's work"
|
|
end
|
|
end
|
|
|
|
context "with unusual user agents" do
|
|
let(:work) { create(:work) }
|
|
let(:user) { create(:user) }
|
|
|
|
context "when the user agent is very long" do
|
|
before do
|
|
request.env["HTTP_USER_AGENT"] = "Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0" * 10
|
|
end
|
|
|
|
it "creates the comment with a truncated user agent" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "I love this!"
|
|
}
|
|
fake_login_known_user(user)
|
|
post :create, params: { work_id: work.id, comment: comment_attributes }
|
|
comment = assigns[:comment]
|
|
it_redirects_to_with_comment_notice(chapter_path(comment.commentable, show_comments: true, view_full_work: false, anchor: "comment_#{comment.id}"), "Comment created!")
|
|
expect(comment.user_agent.length).to eq(500)
|
|
end
|
|
end
|
|
|
|
context "when no user agent is set" do
|
|
before do
|
|
request.env["HTTP_USER_AGENT"] = nil
|
|
end
|
|
|
|
it "creates the comment with no user agent" do
|
|
comment_attributes = {
|
|
pseud_id: user.default_pseud_id,
|
|
comment_content: "I love this!"
|
|
}
|
|
fake_login_known_user(user)
|
|
post :create, params: { work_id: work.id, comment: comment_attributes }
|
|
comment = assigns[:comment]
|
|
it_redirects_to_with_comment_notice(chapter_path(comment.commentable, show_comments: true, view_full_work: false, anchor: "comment_#{comment.id}"), "Comment created!")
|
|
expect(comment.user_agent).to be_nil
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "DELETE #destroy" do
|
|
context "when logged in as the owner of the unreviewed comment" do
|
|
before { fake_login_known_user(unreviewed_comment.pseud.user) }
|
|
|
|
it "deletes the comment and redirects to referer with a notice" do
|
|
delete :destroy, params: { id: unreviewed_comment.id }
|
|
expect do
|
|
unreviewed_comment.reload
|
|
end.to raise_exception(ActiveRecord::RecordNotFound)
|
|
it_redirects_to_with_notice("/where_i_came_from", "Comment deleted.")
|
|
end
|
|
|
|
it "redirects and gives an error if the comment could not be deleted" do
|
|
allow_any_instance_of(Comment).to receive(:destroy_or_mark_deleted).and_return(false)
|
|
delete :destroy, params: { id: unreviewed_comment.id }
|
|
expect(unreviewed_comment.reload).to be_present
|
|
expect(response).to redirect_to(chapter_path(unreviewed_comment.commentable, show_comments: true, anchor: "comment_#{unreviewed_comment.id}"))
|
|
expect(flash[:comment_error]).to eq "We couldn't delete that comment."
|
|
end
|
|
end
|
|
|
|
context "when comment is a guest reply to user who turns off guest replies afterwards" do
|
|
let(:comment) { create(:comment, :on_admin_post) }
|
|
let(:reply) do
|
|
reply = create(:comment, :by_guest, commentable: comment)
|
|
comment.user.preference.update!(guest_replies_off: true)
|
|
reply
|
|
end
|
|
|
|
it "deletes the reply and redirects with success message" do
|
|
admin = create(:admin)
|
|
admin.update!(roles: ["superadmin"])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: reply.id }
|
|
|
|
it_redirects_to_with_comment_notice(
|
|
admin_post_path(reply.ultimate_parent, show_comments: true, anchor: "comment_#{comment.id}"),
|
|
"Comment deleted."
|
|
)
|
|
expect do
|
|
reply.reload
|
|
end.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
|
|
context "when comment is frozen" do
|
|
context "when ultimate parent is an AdminPost" do
|
|
let(:comment) { create(:comment, :on_admin_post, iced: true) }
|
|
|
|
context "when logged out" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(comment, "Sorry, you don't have permission to access the page you were trying to reach. Please log in.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
context "when logged in as an admin" do
|
|
let(:admin) { create(:admin) }
|
|
|
|
context "with no role" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
admin.update!(roles: [])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
%w[superadmin board board_assistants_team communications elections legal policy_and_abuse support].each do |admin_role|
|
|
context "with role #{admin_role}" do
|
|
it "destroys comment and redirects with success message" do
|
|
admin.update!(roles: [admin_role])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(admin_post_path(comment.ultimate_parent, show_comments: true, anchor: :comments))
|
|
expect { comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when logged in as a user" do
|
|
context "when user does not own comment" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
fake_login
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(comment, "Sorry, you don't have permission to access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
context "when user owns comment" do
|
|
it "destroys comment and redirects with success message" do
|
|
fake_login_known_user(comment.pseud.user)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(admin_post_path(comment.ultimate_parent, show_comments: true, anchor: :comments))
|
|
expect { comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when ultimate parent is a Tag" do
|
|
let(:comment) { create(:comment, :on_tag, iced: true) }
|
|
|
|
context "when logged out" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(new_user_session_path, "Sorry, you don't have permission to access the page you were trying to reach. Please log in.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
context "when logged in as an admin" do
|
|
let(:admin) { create(:admin) }
|
|
authorized_roles = %w[superadmin board legal policy_and_abuse support]
|
|
|
|
context "with no role" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
admin.update!(roles: [])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(root_path, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
(Admin::VALID_ROLES - authorized_roles).each do |admin_role|
|
|
context "with role #{admin_role}" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
admin.update!(roles: [admin_role])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(root_path, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
end
|
|
|
|
authorized_roles.each do |admin_role|
|
|
context "with the #{admin_role} role" do
|
|
it "destroys comment and redirects with success message" do
|
|
admin.update!(roles: [admin_role])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(comments_path(tag_id: comment.ultimate_parent, anchor: :comments))
|
|
expect { comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when logged in as a user" do
|
|
context "when user does not have tag wrangler role" do
|
|
context "when user does not own comment" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
fake_login
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(user_path(controller.current_user), "Sorry, you don't have permission to access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
context "when user owns comment" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
fake_login_known_user(comment.pseud.user)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(user_path(comment.pseud.user), "Sorry, you don't have permission to access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when user has tag wrangler role" do
|
|
let(:tag_wrangler) { create(:user, roles: [Role.new(name: "tag_wrangler")]) }
|
|
let(:frozen_wrangler_comment) { create(:comment, :on_tag, iced: true, pseud: tag_wrangler.pseuds.first) }
|
|
|
|
context "when user does not own comment" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
fake_login_known_user(tag_wrangler)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(comment, "Sorry, you don't have permission to access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
context "when user owns comment" do
|
|
it "destroys comment and redirects with success message" do
|
|
fake_login_known_user(tag_wrangler)
|
|
delete :destroy, params: { id: frozen_wrangler_comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(comments_path(tag_id: frozen_wrangler_comment.ultimate_parent, anchor: :comments))
|
|
expect { frozen_wrangler_comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when ultimate parent is a Work" do
|
|
let(:comment) { create(:comment, iced: true) }
|
|
|
|
context "when logged out" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(comment, "Sorry, you don't have permission to access the page you were trying to reach. Please log in.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
|
|
context "when Work is restricted" do
|
|
context "when commentable is a comment" do
|
|
let(:work) { comment.ultimate_parent }
|
|
|
|
before { work.update!(restricted: true) }
|
|
|
|
it "redirects to the login page" do
|
|
delete :destroy, params: { id: comment.id }
|
|
it_redirects_to(new_user_session_path(restricted_commenting: true))
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when logged in as an admin" do
|
|
let(:admin) { create(:admin) }
|
|
authorized_roles = %w[superadmin board legal policy_and_abuse support]
|
|
|
|
context "with no role" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
admin.update!(roles: [])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(root_path, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
(Admin::VALID_ROLES - authorized_roles).each do |admin_role|
|
|
context "with role #{admin_role}" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
admin.update!(roles: [admin_role])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(root_path, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
end
|
|
|
|
authorized_roles.each do |admin_role|
|
|
context "with the #{admin_role} role" do
|
|
it "destroys comment and redirects with success message" do
|
|
admin.update!(roles: [admin_role])
|
|
fake_login_admin(admin)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(work_path(comment.ultimate_parent, show_comments: true, anchor: :comments))
|
|
expect { comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when logged in as a user" do
|
|
context "when user does not own comment" do
|
|
it "doesn't destroy comment and redirects with error" do
|
|
fake_login
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
it_redirects_to_with_error(comment, "Sorry, you don't have permission to access the page you were trying to reach.")
|
|
expect { comment.reload }.not_to raise_exception
|
|
end
|
|
end
|
|
|
|
context "when user owns comment" do
|
|
it "destroys comment and redirects with success message" do
|
|
fake_login_known_user(comment.pseud.user)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(work_path(comment.ultimate_parent, show_comments: true, anchor: :comments))
|
|
expect { comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
|
|
context "when user owns work" do
|
|
it "destroys comment and redirects with success message" do
|
|
fake_login_known_user(comment.ultimate_parent.pseuds.first.user)
|
|
delete :destroy, params: { id: comment.id }
|
|
|
|
expect(flash[:comment_notice]).to eq("Comment deleted.")
|
|
it_redirects_to_simple(work_path(comment.ultimate_parent, show_comments: true, anchor: :comments))
|
|
expect { comment.reload }.to raise_exception(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "GET #show" do
|
|
it "redirects to root path if logged in user does not have permission to access comment" do
|
|
fake_login
|
|
get :show, params: { id: unreviewed_comment.id }
|
|
it_redirects_to_with_error(root_path, "Sorry, that comment is currently in moderation.")
|
|
end
|
|
end
|
|
|
|
describe "GET #index" do
|
|
it "redirects to 404 when not logged in as admin" do
|
|
get :index
|
|
|
|
it_redirects_to_simple("/404")
|
|
end
|
|
|
|
it "redirects to 404 when logged in as admin" do
|
|
fake_login_admin(create(:admin))
|
|
|
|
get :index
|
|
|
|
it_redirects_to_simple("/404")
|
|
end
|
|
|
|
context "denies access for work that isn't visible to user" do
|
|
subject { get :index, params: { work_id: work } }
|
|
let(:success) { expect(response).to render_template("index") }
|
|
let(:success_admin) { success }
|
|
|
|
include_examples "denies access for work that isn't visible to user"
|
|
end
|
|
|
|
context "denies access for restricted work to guest" do
|
|
let(:work) { create(:work, restricted: true) }
|
|
|
|
it "redirects with an error" do
|
|
get :index, params: { work_id: work }
|
|
it_redirects_to(new_user_session_path(restricted_commenting: true))
|
|
end
|
|
end
|
|
end
|
|
end
|