Tests for tag locking (publiclab#9772)

* added test for adding locked tag * admins can add locked tag test * test for admin can add locked tag * added test for moderator * made changes suggested in PR publiclab#9709
billymoroney1 · Dec 28, 2021 · 1b1702b · 1b1702b
1 parent a7b442d
commit 1b1702b
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 4 deletions.
diff --git a/app/controllers/tag_controller.rb b/app/controllers/tag_controller.rb
@@ -359,7 +359,7 @@ def delete
     node_tag = NodeTag.where(nid: params[:nid], tid: params[:tid]).first
     node = Node.where(nid: params[:nid]).first
     # only admins, mods, and tag authors can delete other peoples' tags
-    if node_tag.uid == current_user.uid || logged_in_as(['admin', 'moderator']) || (node.uid == current_user.uid && node_tag.name != "locked")
+    if (node_tag.uid == current_user.uid && !node.has_tag('locked')) || logged_in_as(['admin', 'moderator']) || (node.uid == current_user.uid && !node.has_tag('locked'))
 
       tag = Tag.joins(:node_tag)
                    .select('term_data.name')
@@ -385,8 +385,8 @@ def delete
           end
         end
       end
-    elsif node_tag.name == "locked"
-      flash[:error] = "Only admins can delete the locked tag."
+    elsif node.has_tag('locked')
+      flash[:error] = "Only admins can delete tags on locked pages."
       redirect_to Node.find_by(nid: params[:nid]).path
     else
       flash[:error] = I18n.t('tag_controller.must_own_tag_to_delete')

diff --git a/app/models/node.rb b/app/models/node.rb
@@ -1062,7 +1062,7 @@ def can_tag(tagname, user, errors = false)
       errors ? "Only admins may create raw pages." : false
     elsif tagname[0..4] == 'rsvp:' && user.username != one_split
       errors ? I18n.t('node.only_RSVP_for_yourself') : false
-    elsif tagname == 'locked' && user.role != 'admin'
+    elsif tagname == 'locked' && !user.can_moderate?
       errors ? I18n.t('node.only_admins_can_lock') : false
     elsif tagname == 'blog' && user.role != 'admin' && user.role != 'moderator'
       errors ? 'Only moderators or admins can use this tag.' : false

diff --git a/test/functional/tag_controller_test.rb b/test/functional/tag_controller_test.rb
@@ -48,6 +48,36 @@ def setup
     assert_response :success
   end
 
+  test 'normal users cannot add the locked tag' do
+    UserSession.create(users(:bob))
+    post :create,
+         params: {
+            name: 'locked',
+            nid: nodes(:one).nid
+         }
+    assert_equal 'Error: only admins can lock pages.', assigns[:output][:errors][0]
+  end
+
+  test 'admin can add the locked tag' do
+    UserSession.create(users(:admin))
+    post :create,
+         params: {
+            name: 'locked',
+            nid: nodes(:one).nid
+         }
+    assert nodes(:one).has_tag('locked')
+  end
+
+  test 'moderator can add the locked tag' do
+    UserSession.create(users(:moderator))
+    post :create,
+         params: {
+            name: 'locked',
+            nid: nodes(:one).nid
+         }
+    assert nodes(:one).has_tag('locked')
+  end
+
   test 'validate unused tag' do
     UserSession.create(users(:bob))