[B] Allow unvalidated users to create private RG annotations

ManifoldScholar · Feb 23, 2024 · abca722 · abca722
1 parent ef030f8
commit abca722
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/api/app/authorizers/annotation_authorizer.rb b/api/app/authorizers/annotation_authorizer.rb
@@ -47,7 +47,10 @@ def readable_by?(user, _options = {})
 
   # Only public annotations need reputation to create.
   def requires_reputation_to_create?
-    annotation_is_public?
+    return true if annotation_is_public? && !annotation_in_reading_group?
+    return true if annotation_in_reading_group? && !reading_group_is_private?
+
+    false
   end
 
   def user_can_notate_text?(user)

diff --git a/api/spec/authorizers/annotation_authorizer_spec.rb b/api/spec/authorizers/annotation_authorizer_spec.rb
@@ -100,9 +100,24 @@
           subject.clear_email_confirmation!
         end
 
-        abilities = { create: false, read: true, update: false, delete: false }
+        abilities = { create: true, read: true, update: false, delete: false }
 
         the_subject_behaves_like "instance abilities", Annotation, abilities
+
+        context "when the subject is the resource creator" do
+          before do
+            FactoryBot.create(:reading_group_membership, reading_group: reading_group, user: creator)
+
+            reading_group.reload
+          end
+
+          let_it_be(:subject, refind: true) { creator }
+
+          abilities = { create: true, read: true, update: true, delete: true }
+
+          the_subject_behaves_like "instance abilities", Annotation, abilities
+        end
+
       end
     end