Implement hidden permission groups (#2129)

Only users that have the new `viewHiddenGroups` permissions will be able to see these groups. You might want this when you want to give certain users special permissions, but don't want to make your authorization scheme public to regular users. Co-authored-by: luceos <daniel+github@klabbers.email>
2025-07-30 21:20:24 +02:00 · 2020-04-21 11:49:53 -04:00
parent df8f73bd3d
commit 6e8884f190
13 changed files with 130 additions and 7 deletions
--- a/tests/integration/api/groups/ListTest.php
+++ b/tests/integration/api/groups/ListTest.php
@@ -9,15 +9,37 @@

 namespace Flarum\Tests\integration\api\groups;

-use Flarum\Group\Group;
+use Flarum\Tests\integration\RetrievesAuthorizedUsers;
 use Flarum\Tests\integration\TestCase;
+use Illuminate\Support\Arr;

 class ListTest extends TestCase
 {
+    use RetrievesAuthorizedUsers;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->prepareDatabase([
+            'users' => [
+                $this->adminUser(),
+                $this->normalUser(),
+            ],
+            'groups' => [
+                $this->adminGroup(),
+                $this->hiddenGroup()
+            ],
+            'group_user' => [
+                ['user_id' => 1, 'group_id' => 1],
+            ],
+        ]);
+    }
+
    /**
     * @test
     */
-    public function shows_index_for_guest()
+    public function shows_limited_index_for_guest()
    {
        $response = $this->send(
            $this->request('GET', '/api/groups')
@@ -26,6 +48,35 @@ class ListTest extends TestCase
        $this->assertEquals(200, $response->getStatusCode());
        $data = json_decode($response->getBody()->getContents(), true);

-        $this->assertEquals(Group::count(), count($data['data']));
+        $this->assertEquals(['1'], Arr::pluck($data['data'], 'id'));
+    }
+
+    /**
+     * @test
+     */
+    public function shows_index_for_admin()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups', [
+                'authenticatedAs' => 1,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        $this->assertEquals(['1', '10'], Arr::pluck($data['data'], 'id'));
+    }
+
+    protected function hiddenGroup(): array
+    {
+        return [
+            'id' => 10,
+            'name_singular' => 'Hidden',
+            'name_plural' => 'Ninjas',
+            'color' => null,
+            'icon' => 'fas fa-wrench',
+            'is_hidden' => 1
+        ];
    }
 }