FIX: Allow anons to view votes if the voting_show_votes_on_profile setting is enabled (#75)

2022-01-11 16:10:55 -03:00 · 2022-01-11 16:10:55 -03:00 · 5011df324c
parent db6c8b4513
commit 5011df324c
2 changed files with 44 additions and 8 deletions
--- a/plugin.rb
+++ b/plugin.rb
@ -186,16 +186,22 @@ after_initialize do

    require_dependency 'list_controller'
    class ::ListController
+      skip_before_action :ensure_logged_in, only: %i[voted_by]
+
      def voted_by
-        unless SiteSetting.voting_show_votes_on_profile
-          render nothing: true, status: 404
+        if SiteSetting.voting_show_votes_on_profile
+          list_opts = build_topic_list_options
+          target_user = fetch_user_from_params(include_inactive: current_user.try(:staff?))
+          list = generate_list_for("voted_by", target_user, list_opts)
+          list.more_topics_url = url_for(construct_url_with(:next, list_opts))
+          list.prev_topics_url = url_for(construct_url_with(:prev, list_opts))
+          respond_with_list(list)
+        else
+          respond_to do |format|
+            format.html { render nothing: true, status: 404 }
+            format.json { render json: failed_json, status: 404 }
+          end
        end
-        list_opts = build_topic_list_options
-        target_user = fetch_user_from_params(include_inactive: current_user.try(:staff?))
-        list = generate_list_for("voted_by", target_user, list_opts)
-        list.more_topics_url = url_for(construct_url_with(:next, list_opts))
-        list.prev_topics_url = url_for(construct_url_with(:prev, list_opts))
-        respond_with_list(list)
      end
    end

--- a/spec/requests/lists_controller_spec.rb
+++ b/spec/requests/lists_controller_spec.rb
@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ListController do
+  fab!(:user) { Fabricate(:user) }
+  fab!(:topic) { Fabricate(:topic) }
+  # "topics/voted-by/:username"
+  before do
+    SiteSetting.voting_enabled = true
+  end
+
+  it "allow anons to view votes" do
+    DiscourseVoting::Vote.create!(user: user, topic: topic)
+
+    get "/topics/voted-by/#{user.username}.json"
+    topic_json = response.parsed_body.dig('topic_list', 'topics').first
+
+    expect(topic_json['id']).to eq(topic.id)
+  end
+
+  it "returns a 404 when we don't show votes on profiles" do
+    DiscourseVoting::Vote.create!(user: user, topic: topic)
+    SiteSetting.voting_show_votes_on_profile = false
+
+    get "/topics/voted-by/#{user.username}.json"
+
+    expect(response.status).to eq(404)
+  end
+end