From 8b8f0204826d9170fbe4488fad76d0bb261ab63b Mon Sep 17 00:00:00 2001
From: bri12416 <bri12416@esri.com>
Date: Wed, 6 Sep 2023 14:43:36 -0500
Subject: [PATCH] fix(hub-discussions): user can read channel if group is
 non-discussable

---
 .../src/utils/channel-permission.ts           | 10 +++++--
 .../test/utils/channel-permission.test.ts     | 27 +++++++++++++++++--
 2 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/packages/discussions/src/utils/channel-permission.ts b/packages/discussions/src/utils/channel-permission.ts
index b93bc9f5837..4194781e631 100644
--- a/packages/discussions/src/utils/channel-permission.ts
+++ b/packages/discussions/src/utils/channel-permission.ts
@@ -132,8 +132,14 @@ export class ChannelPermission {
     return groupAccessControls.some((permission) => {
       const group = userGroupsById[permission.key];
 
-      if (!group || !isGroupDiscussable(group)) {
-        return false;
+      if (action === ChannelAction.READ_POSTS) {
+        if (!group) {
+          return false;
+        }
+      } else {
+        if (!group || !isGroupDiscussable(group)) {
+          return false;
+        }
       }
 
       return (
diff --git a/packages/discussions/test/utils/channel-permission.test.ts b/packages/discussions/test/utils/channel-permission.test.ts
index 961eaf124af..d5c1b1c8527 100644
--- a/packages/discussions/test/utils/channel-permission.test.ts
+++ b/packages/discussions/test/utils/channel-permission.test.ts
@@ -1530,6 +1530,29 @@ describe("ChannelPermission class", () => {
 
         expect(channelPermission.canReadChannel(user)).toBe(false);
       });
+
+      it("returns true if user logged in and in non-discussable group", async () => {
+        const user = buildUser({
+          groups: [buildGroup("groupND", "member", [CANNOT_DISCUSS])],
+        });
+        const channelAcl = [
+          {
+            category: AclCategory.GROUP,
+            subCategory: AclSubCategory.MEMBER,
+            key: "groupND",
+            role: Role.READ, // members write
+          },
+          {
+            category: AclCategory.GROUP,
+            subCategory: AclSubCategory.ADMIN,
+            key: "groupND",
+            role: Role.READ, // members write
+          },
+        ] as IChannelAclPermission[];
+        const channelPermission = new ChannelPermission(channelAcl, "foo");
+
+        expect(channelPermission.canReadChannel(user)).toBe(true);
+      });
     });
 
     describe("Anonymous User Permissions", () => {
@@ -1766,7 +1789,7 @@ describe("ChannelPermission class", () => {
         expect(channelPermission.canReadChannel(user)).toBe(true);
       });
 
-      it("returns false if user is group member in permissions list but the group is not discussable", async () => {
+      it("returns true if user is group member in permissions list but the group is not discussable", async () => {
         const user = buildUser({
           orgId: orgId1,
           groups: [
@@ -1790,7 +1813,7 @@ describe("ChannelPermission class", () => {
 
         const channelPermission = new ChannelPermission(channelAcl, "foo");
 
-        expect(channelPermission.canReadChannel(user)).toBe(false);
+        expect(channelPermission.canReadChannel(user)).toBe(true);
       });
 
       it("returns false if user is group admin but group is not in permissions list", async () => {