FIX: Correct assign user autocomplete logic

Previously we were only autocompleting users which were in the same group as the acting user.
2020-04-28 13:55:17 +01:00 · 2020-04-28 13:55:17 +01:00 · 07c13651c6
parent 71fe8a54c0
commit 07c13651c6
3 changed files with 7 additions and 5 deletions
--- a/app/controllers/discourse_assign/assign_controller.rb
+++ b/app/controllers/discourse_assign/assign_controller.rb
@ -24,7 +24,7 @@ module DiscourseAssign
        .limit(6)

      render json: {
-        assign_allowed_on_groups: current_user.visible_groups.assign_allowed_groups.pluck(:name),
+        assign_allowed_on_groups: Group.visible_groups(current_user).assign_allowed_groups.pluck(:name),
        suggestions: ActiveModel::ArraySerializer.new(users, scope: guardian, each_serializer: BasicUserSerializer)
      }
    end
--- a/assets/javascripts/discourse/templates/modal/assign-user.hbs
+++ b/assets/javascripts/discourse/templates/modal/assign-user.hbs
@ -4,7 +4,6 @@
  {{user-selector
      single=true
      allowAny=false
-      group="staff"
      groupMembersOf=allowedGroups
      excludeCurrentUser=false
      includeMentionableGroups=false
--- a/spec/requests/assign_controller_spec.rb
+++ b/spec/requests/assign_controller_spec.rb
@ -11,6 +11,7 @@ RSpec.describe DiscourseAssign::AssignController do
  let(:user) { Fabricate(:admin, groups: [default_allowed_group]) }
  let(:post) { Fabricate(:post) }
  let(:user2) { Fabricate(:active_user) }
+  let(:nonadmin) { Fabricate(:user, groups: [default_allowed_group]) }

  describe 'only allow users from allowed groups' do
    before { sign_in(user2) }
@ -56,9 +57,11 @@ RSpec.describe DiscourseAssign::AssignController do
      end

      it 'does include only visible assign_allowed_on_groups' do
-        visible_group = Fabricate(:group, members_visibility_level: Group.visibility_levels[:members])
-        visible_group.add(user)
-        invisible_group = Fabricate(:group, members_visibility_level: Group.visibility_levels[:members])
+        sign_in(nonadmin) # Need to use nonadmin to test. Admins can see all groups
+
+        visible_group = Fabricate(:group, visibility_level: Group.visibility_levels[:members])
+        visible_group.add(nonadmin)
+        invisible_group = Fabricate(:group, visibility_level: Group.visibility_levels[:members])

        SiteSetting.assign_allowed_on_groups = "#{visible_group.id}|#{invisible_group.id}"