IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

test post invisibility for unauthenticated users

Browse Source
This commit is contained in:
Moriz Wahl 2022-10-04 02:28:42 +02:00
parent 32d3c5e904
commit 4331c73414
2 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/schema/resolvers/helpers/filterInvisiblePosts.js
View File

@ -4,7 +4,8 @@ const getInvisiblePosts = async (context) => {
const session = context.driver.session() const session = context.driver.session()
const readTxResultPromise = await session.readTransaction(async (transaction) => { const readTxResultPromise = await session.readTransaction(async (transaction) => {
let cypher = '' let cypher = ''
if (context.user) { const { user } = context
if (user && user.id) {
cypher = ` cypher = `
MATCH (post:Post)<-[:CANNOT_SEE]-(user:User { id: $userId }) MATCH (post:Post)<-[:CANNOT_SEE]-(user:User { id: $userId })
RETURN collect(post.id) AS invisiblePostIds` RETURN collect(post.id) AS invisiblePostIds`
@ -14,7 +15,9 @@ const getInvisiblePosts = async (context) => {
WHERE NOT group.groupType = 'public' WHERE NOT group.groupType = 'public'
RETURN collect(post.id) AS invisiblePostIds` RETURN collect(post.id) AS invisiblePostIds`
} }
const invisiblePostIdsResponse = await transaction.run(cypher, { userId: context.user.id }) const invisiblePostIdsResponse = await transaction.run(cypher, {
userId: user ? user.id : null,
})
return invisiblePostIdsResponse.records.map((record) => record.get('invisiblePostIds')) return invisiblePostIdsResponse.records.map((record) => record.get('invisiblePostIds'))
}) })
try { try {

45
backend/src/schema/resolvers/postsInGroups.spec.js
View File

@ -359,6 +359,51 @@ describe('Posts in Groups', () => {
describe('visibility of posts', () => { describe('visibility of posts', () => {
describe('query post by ID', () => { describe('query post by ID', () => {
describe('without authentication', () => {
beforeEach(async () => {
authenticatedUser = null
})
it('shows a post of the public group', async () => {
await expect(
query({ query: postQuery(), variables: { id: 'post-to-public-group' } }),
).resolves.toMatchObject({
data: {
Post: expect.arrayContaining([
{
id: 'post-to-public-group',
title: 'A post to a public group',
content: 'I am posting into a public group as a member of the group',
},
]),
},
errors: undefined,
})
})
it('does not show a post of a closed group', async () => {
await expect(
query({ query: postQuery(), variables: { id: 'post-to-closed-group' } }),
).resolves.toMatchObject({
data: {
Post: [],
},
errors: undefined,
})
})
it('does not show a post of a hidden group', async () => {
await expect(
query({ query: postQuery(), variables: { id: 'post-to-hidden-group' } }),
).resolves.toMatchObject({
data: {
Post: [],
},
errors: undefined,
})
})
})
describe('without membership of group', () => { describe('without membership of group', () => {
beforeEach(async () => { beforeEach(async () => {
authenticatedUser = await anyUser.toJson() authenticatedUser = await anyUser.toJson()