Commit 7cd22328 authored by Steffen van Bergerem's avatar Steffen van Bergerem Committed by Benjamin Neff

Only allow conversation creation in controller with mututal contacts

parent 117b17e2
......@@ -35,7 +35,7 @@ class ConversationsController < ApplicationController
# This will have to be removed when mobile autocomplete is ported to Typeahead
recipients_param, column = [%i(contact_ids id), %i(person_ids person_id)].find {|param, _| params[param].present? }
if recipients_param
person_ids = current_user.contacts.where(column => params[recipients_param].split(",")).pluck(:person_id)
person_ids = current_user.contacts.mutual.where(column => params[recipients_param].split(",")).pluck(:person_id)
end
opts = params.require(:conversation).permit(:subject)
......
......@@ -272,6 +272,39 @@ describe ConversationsController, :type => :controller do
expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
end
end
context "with non-mutual contact" do
before do
@person1 = FactoryGirl.create(:person)
@person2 = FactoryGirl.create(:person)
alice.contacts.create!(receiving: false, sharing: true, person: @person2)
@person3 = FactoryGirl.create(:person)
alice.contacts.create!(receiving: true, sharing: false, person: @person3)
@hash = {
format: :js,
conversation: {subject: "secret stuff", text: "text debug"},
person_ids: [@person1.id, @person2.id, @person3.id]
}
end
it "does not create a conversation" do
count = Conversation.count
post :create, @hash
expect(Conversation.count).to eq(count)
end
it "does not create a message" do
count = Message.count
post :create, @hash
expect(Message.count).to eq(count)
end
it "responds with an error message" do
post :create, @hash
expect(response).not_to be_success
expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
end
end
end
context "mobile" do
......@@ -418,6 +451,42 @@ describe ConversationsController, :type => :controller do
post :create, @hash
expect(Message.count).to eq(count)
end
it "responds with an error message" do
post :create, @hash
expect(response).not_to be_success
expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
end
end
context "with non-mutual contact" do
before do
@contact1 = alice.contacts.create(receiving: false, sharing: true, person: FactoryGirl.create(:person))
@contact2 = alice.contacts.create(receiving: true, sharing: false, person: FactoryGirl.create(:person))
@hash = {
format: :js,
conversation: {subject: "secret stuff", text: "text debug"},
person_ids: [@contact1.id, @contact2.id]
}
end
it "does not create a conversation" do
count = Conversation.count
post :create, @hash
expect(Conversation.count).to eq(count)
end
it "does not create a message" do
count = Message.count
post :create, @hash
expect(Message.count).to eq(count)
end
it "responds with an error message" do
post :create, @hash
expect(response).not_to be_success
expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
end
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment