public/once-campfire
1
0
Fork 0
mirror of https://github.com/basecamp/once-campfire.git synced 2026-05-04 18:01:02 +09:00
Code Issues Packages Projects Releases Wiki Activity

Enforce restriction to create new rooms

Browse Source
This commit is contained in:
David Heinemeier Hansson
2025-11-27 17:32:14 +01:00
parent f56e33e323
commit 15db4033bc
6 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/rooms/closeds_controller.rb
View File

@@ -3,6 +3,7 @@ class Rooms::ClosedsController < RoomsController
before_action :ensure_can_administer, only: %i[ update ]
before_action :remember_last_room_visited, only: :show
before_action :force_room_type, only: %i[ edit update ]
before_action :ensure_eligible_to_create_rooms, only: %i[ new create ]
DEFAULT_ROOM_NAME = "New room"

1
app/controllers/rooms/opens_controller.rb
View File

@@ -3,6 +3,7 @@ class Rooms::OpensController < RoomsController
before_action :ensure_can_administer, only: %i[ update ]
before_action :remember_last_room_visited, only: :show
before_action :force_room_type, only: %i[ edit update ]
before_action :ensure_eligible_to_create_rooms, only: %i[ new create ]
DEFAULT_ROOM_NAME = "New room"

6
app/controllers/rooms_controller.rb
View File

@@ -31,6 +31,12 @@ class RoomsController < ApplicationController
head :forbidden unless Current.user.can_administer?(@room)
end
def ensure_eligible_to_create_rooms
if Current.account.restrict_room_creation_to_administrators? && !Current.user.administrator?
head :forbidden
end
end
def find_messages
messages = @room.messages.with_creator.with_attachment_details.with_boosts

6
app/views/users/sidebars/show.html.erb
View File

@@ -36,8 +36,10 @@
<% end %>
</div>
<%= link_to new_rooms_open_path, class: "rooms__new-btn btn room align-center gap txt-reversed", aria: { label: "New Chat Room" } do %>
<%= image_tag "add.svg", size: 20, aria: { hidden: "true" }, style: "view-transition-name: new-room" %>
<% if Current.user.administrator? || !Current.account.restrict_room_creation_to_administrators? %>
<%= link_to new_rooms_open_path, class: "rooms__new-btn btn room align-center gap txt-reversed", aria: { label: "New Chat Room" } do %>
<%= image_tag "add.svg", size: 20, aria: { hidden: "true" }, style: "view-transition-name: new-room" %>
<% end %>
<% end %>
</div>

10
test/controllers/rooms/closeds_controller_test.rb
View File

@@ -29,6 +29,16 @@ class Rooms::ClosedsControllerTest < ActionDispatch::IntegrationTest
assert_redirected_to room_url(Room.last)
end
test "create forbidden by non-admin when account restricts creation to admins" do
accounts(:signal).restrict_room_creation_to_administrators = true
accounts(:signal).save!
sign_in :jz
post rooms_closeds_url, params: { room: { name: "My New Room" }, user_ids: [ users(:david).id, users(:kevin).id, users(:jason).id ] }
assert_response :forbidden
end
test "update with membership revisions" do
assert_difference -> { rooms(:designers).reload.users.count }, -1 do
put rooms_closed_url(rooms(:designers)), params: {

9
test/controllers/rooms/opens_controller_test.rb
View File

@@ -24,6 +24,15 @@ class Rooms::OpensControllerTest < ActionDispatch::IntegrationTest
assert_redirected_to room_url(Room.last)
end
test "create forbidden by non-admin when account restricts creation to admins" do
accounts(:signal).restrict_room_creation_to_administrators = true
accounts(:signal).save!
sign_in :jz
post rooms_opens_url, params: { room: { name: "My New Room" } }
assert_response :forbidden
end
test "only admins or creators can update" do
sign_in :jz