First working version

app/controllers/custom_wizard/steps.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-class CustomWizard::StepsController < ::ApplicationController
+class CustomWizard::StepsController < ::CustomWizard::WizardClientController
   before_action :ensure_can_update
 
   def update
@@ -21,7 +21,7 @@ class CustomWizard::StepsController < ::ApplicationController
 
     if updater.success?
       wizard_id = update_params[:wizard_id]
-      builder = CustomWizard::Builder.new(wizard_id, current_user)
+      builder = CustomWizard::Builder.new(wizard_id, current_user, guest_id)
       @wizard = builder.build(force: true)
 
       current_step = @wizard.find_step(update[:step_id])
@@ -84,7 +84,6 @@ class CustomWizard::StepsController < ::ApplicationController
   private
 
   def ensure_can_update
-    @builder = CustomWizard::Builder.new(update_params[:wizard_id], current_user)
     raise Discourse::InvalidParameters.new(:wizard_id) if @builder.template.nil?
     raise Discourse::InvalidAccess.new if !@builder.wizard || !@builder.wizard.can_access?
 

app/controllers/custom_wizard/wizard.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
-class CustomWizard::WizardController < ::ApplicationController
-  before_action :ensure_plugin_enabled
-
+class CustomWizard::WizardController < ::CustomWizard::WizardClientController
   def show
     if wizard.present?
       render json: CustomWizard::WizardSerializer.new(wizard, scope: guardian, root: false).as_json, status: 200
@@ -34,19 +32,8 @@ class CustomWizard::WizardController < ::ApplicationController
 
   def wizard
     @wizard ||= begin
-      builder = CustomWizard::Builder.new(params[:wizard_id].underscore, current_user)
-      return nil unless builder.present?
-      opts = {}
-      opts[:reset] = params[:reset]
-      builder.build(opts, params)
-    end
-  end
-
-  private
-
-  def ensure_plugin_enabled
-    unless SiteSetting.custom_wizard_enabled
-      redirect_to path("/")
+      return nil unless @builder.present?
+      @builder.build({ reset: params[:reset] }, params)
     end
   end
 end

app/controllers/custom_wizard/wizard_client.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+class CustomWizard::WizardClientController < ::ApplicationController
+  before_action :ensure_plugin_enabled
+  before_action :set_builder
+
+  private
+
+  def ensure_plugin_enabled
+    unless SiteSetting.custom_wizard_enabled
+      redirect_to path("/")
+    end
+  end
+
+  def guest_id
+    return nil if current_user.present?
+    cookies[:custom_wizard_guest_id] ||= CustomWizard::Wizard.generate_guest_id
+    cookies[:custom_wizard_guest_id]
+  end
+
+  def set_builder
+    @builder = CustomWizard::Builder.new(params[:wizard_id].underscore, current_user, guest_id)
+  end
+end

app/serializers/custom_wizard/submission_serializer.rb

@@ -2,12 +2,15 @@
 class CustomWizard::SubmissionSerializer < ApplicationSerializer
   attributes :id,
              :fields,
-             :submitted_at
-
-  has_one :user, serializer: ::BasicUserSerializer, embed: :objects
+             :submitted_at,
+             :user
 
   def include_user?
-    object.user.present?
+    object.wizard.user.present?
+  end
+
+  def user
+    ::BasicUserSerializer.new(object.wizard.user).as_json
   end
 
   def fields

assets/javascripts/discourse/lib/wizard-schema.js.es6

@@ -209,7 +209,7 @@ const action = {
 const filters = {
   allow_guests: {
     action: {
-      type: ['route_to']
+      type: ['route_to', 'send_message']
     }
   }
 }

config/locales/server.en.yml

@@ -53,7 +53,8 @@ en:
       after_signup_after_time: "You can't use 'after time' and 'after signup' on the same wizard."
       after_time: "After time setting is invalid."
       liquid_syntax_error: "Liquid syntax error in %{attribute}: %{message}"
-      subscription: "%{type} %{property} is subscription only" 
+      subscription: "%{type} %{property} is subscription only"
+      allow_guests: "%{object_id} is not permitted when allow_guests is enabled"
 
   site_settings:
     custom_wizard_enabled: "Enable custom wizards."

lib/custom_wizard/action.rb

@@ -10,7 +10,6 @@ class CustomWizard::Action
     create_topic
     update_profile
     open_composer
-    send_message
     watch_categories
     add_to_group
   ]
@@ -91,7 +90,6 @@ class CustomWizard::Action
   end
 
   def send_message
-
     if action['required'].present?
       required = CustomWizard::Mapper.new(
         inputs: action['required'],
@@ -138,13 +136,14 @@ class CustomWizard::Action
 
       params[:archetype] = Archetype.private_message
 
-      creator = PostCreator.new(user, params)
+      poster = @wizard.allow_guests ? Discourse.system_user : user
+      creator = PostCreator.new(poster, params)
       post = creator.create
 
       if creator.errors.present?
         messages = creator.errors.full_messages.join(" ")
         log_error("failed to create message", messages)
-      elsif action['skip_redirect'].blank?
+      elsif user && action['skip_redirect'].blank?
         @submission.redirect_on_complete = post.topic.url
       end
 
@@ -778,10 +777,12 @@ class CustomWizard::Action
   end
 
   def save_log
+    username = user ? user.username : @wizard.actor_id
+
     CustomWizard::Log.create(
       @wizard.id,
       action['type'],
-      user.username,
+      username,
       @log.join('; ')
     )
   end

lib/custom_wizard/builder.rb

@@ -2,10 +2,10 @@
 class CustomWizard::Builder
   attr_accessor :wizard, :updater, :template
 
-  def initialize(wizard_id, user = nil)
+  def initialize(wizard_id, user = nil, guest_id = nil)
     @template = CustomWizard::Template.create(wizard_id)
     return nil if @template.nil?
-    @wizard = CustomWizard::Wizard.new(template.data, user)
+    @wizard = CustomWizard::Wizard.new(template.data, user, guest_id)
   end
 
   def self.sorted_handlers
@@ -182,7 +182,7 @@ class CustomWizard::Builder
     if field_template['description'].present?
       params[:description] = mapper.interpolate(
         field_template['description'],
-        user: @wizard.user.present?,
+        user: @wizard.user,
         value: true,
         wizard: true,
         template: true
@@ -192,7 +192,7 @@ class CustomWizard::Builder
     if field_template['preview_template'].present?
       preview_template = mapper.interpolate(
         field_template['preview_template'],
-        user: @wizard.user.present?,
+        user: @wizard.user,
         value: true,
         wizard: true,
         template: true
@@ -204,7 +204,7 @@ class CustomWizard::Builder
     if field_template['placeholder'].present?
       params[:placeholder] = mapper.interpolate(
         field_template['placeholder'],
-        user: @wizard.user.present?,
+        user: @wizard.user,
         value: true,
         wizard: true,
         template: true
@@ -248,7 +248,7 @@ class CustomWizard::Builder
     if step_template['description']
       step.description = mapper.interpolate(
         step_template['description'],
-        user: @wizard.user.present?,
+        user: @wizard.user,
         value: true,
         wizard: true,
         template: true

lib/custom_wizard/mapper.rb

@@ -203,6 +203,8 @@ class CustomWizard::Mapper
   end
 
   def map_user_field(value)
+    return nil unless user
+
     if value.include?(User::USER_FIELD_PREFIX)
       user.custom_fields[value]
     elsif PROFILE_FIELDS.include?(value)

lib/custom_wizard/step_updater.rb

@@ -5,8 +5,7 @@ class CustomWizard::StepUpdater
   attr_accessor :refresh_required, :result
   attr_reader :step, :submission
 
-  def initialize(current_user, wizard, step, submission)
-    @current_user = current_user
+  def initialize(wizard, step, submission)
     @wizard = wizard
     @step = step
     @refresh_required = false
@@ -22,9 +21,9 @@ class CustomWizard::StepUpdater
 
       @step.updater.call(self)
 
-      UserHistory.create(
-        action: UserHistory.actions[:custom_wizard_step],
-        acting_user_id: @current_user.id,
+      CustomWizard::UserHistory.create(
+        action: CustomWizard::UserHistory.actions[:step],
+        actor_id: @wizard.actor_id,
         context: @wizard.id,
         subject: @step.id
       )

lib/custom_wizard/submission.rb

@@ -7,8 +7,6 @@ class CustomWizard::Submission
   META ||= %w(updated_at submitted_at route_to redirect_on_complete redirect_to)
 
   attr_reader :id,
-              :user,
-              :user_id,
               :wizard
 
   attr_accessor :fields,
@@ -18,15 +16,8 @@ class CustomWizard::Submission
     class_eval { attr_accessor attr }
   end
 
-  def initialize(wizard, data = {}, user_id = nil)
+  def initialize(wizard, data = {})
     @wizard = wizard
-    @user_id = user_id
-
-    if user_id
-      @user = User.find_by(id: user_id)
-    else
-      @user = wizard.user
-    end
 
     data = (data || {}).with_indifferent_access
     @id = data['id'] || SecureRandom.hex(12)
@@ -44,13 +35,13 @@ class CustomWizard::Submission
     return nil unless wizard.save_submissions
     validate
 
-    submission_list = self.class.list(wizard, user_id: user.id)
+    submission_list = self.class.list(wizard)
     submissions = submission_list.submissions.select { |submission| submission.id != self.id }
     self.updated_at = Time.now.iso8601
     submissions.push(self)
 
     submission_data = submissions.map { |submission| data_to_save(submission)  }
-    PluginStore.set("#{wizard.id}_#{KEY}", user.id, submission_data)
+    PluginStore.set("#{wizard.id}_#{KEY}", wizard.actor_id, submission_data)
   end
 
   def validate
@@ -93,25 +84,21 @@ class CustomWizard::Submission
     data
   end
 
-  def self.get(wizard, user_id)
-    data = PluginStore.get("#{wizard.id}_#{KEY}", user_id).last
-    new(wizard, data, user_id)
+  def self.get(wizard)
+    data = PluginStore.get("#{wizard.id}_#{KEY}", wizard.actor_id).last
+    new(wizard, data)
   end
 
   def remove
     if present?
-      user_id = @user.id
-      wizard_id = @wizard.id
-      submission_id = @id
-      data = PluginStore.get("#{wizard_id}_#{KEY}", user_id)
-      data.delete_if { |sub| sub["id"] == submission_id }
-      PluginStore.set("#{wizard_id}_#{KEY}", user_id, data)
+      data = PluginStore.get("#{@wizard.id}_#{KEY}", wizard.actor_id)
+      data.delete_if { |sub| sub["id"] == @id }
+      PluginStore.set("#{@wizard.id}_#{KEY}", wizard.actor_id, data)
     end
   end
 
   def self.cleanup_incomplete_submissions(wizard)
-    user_id = wizard.user.id
-    all_submissions = list(wizard, user_id: user_id)
+    all_submissions = list(wizard)
     sorted_submissions = all_submissions.submissions.sort_by do |submission|
       zero_epoch_time = DateTime.strptime("0", '%s')
       [
@@ -129,12 +116,12 @@ class CustomWizard::Submission
     end
 
     valid_data = valid_submissions.map { |submission| submission.data_to_save(submission) }
-    PluginStore.set("#{wizard.id}_#{KEY}", user_id, valid_data)
+    PluginStore.set("#{wizard.id}_#{KEY}", wizard.actor_id, valid_data)
   end
 
-  def self.list(wizard, user_id: nil, order_by: nil, page: nil)
+  def self.list(wizard, order_by: nil, page: nil)
     params = { plugin_name: "#{wizard.id}_#{KEY}" }
-    params[:key] = user_id if user_id.present?
+    params[:key] = wizard.actor_id if wizard.actor_id
 
     query = PluginStoreRow.where(params)
     result = OpenStruct.new(submissions: [], total: nil)
@@ -142,7 +129,7 @@ class CustomWizard::Submission
     query.each do |record|
       if (submission_data = ::JSON.parse(record.value)).any?
         submission_data.each do |data|
-          result.submissions.push(new(wizard, data, record.key))
+          result.submissions.push(new(wizard, data))
         end
       end
     end

lib/custom_wizard/subscription.rb

@@ -137,7 +137,6 @@ class CustomWizard::Subscription
   end
 
   def business?
-    return true
     @subscription.product_id === BUSINESS_PRODUCT_ID
   end
 

lib/custom_wizard/template.rb

@@ -23,7 +23,6 @@ class CustomWizard::Template
     normalize_data
     validate_data
     prepare_data
-
     return false if errors.any?
 
     ActiveRecord::Base.transaction do

lib/custom_wizard/user_history.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+UserHistory.actions[:custom_wizard_step] = 1000
+
+class CustomWizard::UserHistory
+  def self.where(actor_id: nil, action: nil, context: nil, subject: nil)
+    ::UserHistory.where(where_opts(actor_id, action, context, subject))
+  end
+
+  def self.create(actor_id: nil, action: nil, context: nil, subject: nil)
+    ::UserHistory.create(create_opts(actor_id, action, context, subject))
+  end
+
+  def self.create!(actor_id: nil, action: nil, context: nil, subject: nil)
+    ::UserHistory.create!(create_opts(actor_id, action, context, subject))
+  end
+
+  def self.actions
+    @actions ||=
+      Enum.new(
+        step: UserHistory.actions[:custom_wizard_step]
+      )
+  end
+
+  def self.where_opts(actor_id, action, context, subject)
+    opts = {
+      context: context
+    }
+    opts[:action] = action if action
+    opts[:subject] = subject if subject
+    add_actor(opts, actor_id)
+  end
+
+  def self.create_opts(actor_id, action, context, subject)
+    opts = {
+      action: action,
+      context: context
+    }
+    opts[:subject] = subject if subject
+    add_actor(opts, actor_id)
+  end
+
+  def self.add_actor(opts, actor_id)
+    acting_user_id = actor_id
+
+    if actor_id.is_a?(String) && actor_id.include?(CustomWizard::Wizard::GUEST_ID_PREFIX)
+      opts[:acting_user_id] = Discourse.system_user.id
+      opts[:details] = actor_id
+    else
+      opts[:acting_user_id] = actor_id
+    end
+
+    opts
+  end
+end

lib/custom_wizard/validators/template.rb

@@ -83,7 +83,7 @@ class CustomWizard::TemplateValidator
 
   def validate_action(action)
     if @data[:allow_guests] && CustomWizard::Action::REQUIRES_USER.include?(action[:type])
-      errors.add :base, I18n.t("wizard.validation.conflict", wizard_id: action[:id])
+      errors.add :base, I18n.t("wizard.validation.allow_guests", object_id: action[:id])
     end
   end
 

lib/custom_wizard/wizard.rb

@@ -4,8 +4,6 @@ require_dependency 'wizard/field'
 require_dependency 'wizard/step_updater'
 require_dependency 'wizard/builder'
 
-UserHistory.actions[:custom_wizard_step] = 1000
-
 class CustomWizard::Wizard
   include ActiveModel::SerializerSupport
 
@@ -32,13 +30,21 @@ class CustomWizard::Wizard
                 :actions,
                 :action_ids,
                 :user,
+                :guest_id,
                 :submissions,
                 :template
 
   attr_reader   :all_step_ids
 
-  def initialize(attrs = {}, user = nil)
-    @user = user
+  GUEST_ID_PREFIX ||= "guest"
+
+  def initialize(attrs = {}, user = nil, guest_id = nil)
+    if user
+      @user = user
+    elsif guest_id
+      @guest_id = guest_id
+    end
+
     attrs = attrs.with_indifferent_access
 
     @id = attrs['id']
@@ -83,6 +89,10 @@ class CustomWizard::Wizard
     @template = attrs
   end
 
+  def actor_id
+    user ? user.id : guest_id
+  end
+
   def cast_bool(val)
     val.nil? ? false : ActiveRecord::Type::Boolean.new.cast(val)
   end
@@ -143,17 +153,16 @@ class CustomWizard::Wizard
   end
 
   def last_completed_step_id
-    if user && unfinished? && last_completed_step = ::UserHistory.where(
-        acting_user_id: user.id,
-        action: ::UserHistory.actions[:custom_wizard_step],
-        context: id,
-        subject: all_step_ids
-      ).order("created_at").last
+    return nil unless actor_id && unfinished?
 
-      last_completed_step.subject
-    else
-      nil
-    end
+    last_completed_step = CustomWizard::UserHistory.where(
+      actor_id: actor_id,
+      action: CustomWizard::UserHistory.actions[:step],
+      context: id,
+      subject: all_step_ids
+    ).order("created_at").last
+
+    last_completed_step&.subject
   end
 
   def find_step(step_id)
@@ -163,15 +172,15 @@ class CustomWizard::Wizard
   def create_updater(step_id, submission)
     step = @steps.find { |s| s.id == step_id }
     wizard = self
-    CustomWizard::StepUpdater.new(user, wizard, step, submission)
+    CustomWizard::StepUpdater.new(wizard, step, submission)
   end
 
   def unfinished?
-    return nil if !user
+    return nil unless actor_id
 
-    most_recent = ::UserHistory.where(
-      acting_user_id: user.id,
-      action: ::UserHistory.actions[:custom_wizard_step],
+    most_recent = CustomWizard::UserHistory.where(
+      actor_id: actor_id,
+      action: CustomWizard::UserHistory.actions[:step],
       context: id,
     ).distinct.order('updated_at DESC').first
 
@@ -185,11 +194,11 @@ class CustomWizard::Wizard
   end
 
   def completed?
-    return nil if !user
+    return nil unless actor_id
 
-    history = ::UserHistory.where(
-      acting_user_id: user.id,
-      action: ::UserHistory.actions[:custom_wizard_step],
+    history = CustomWizard::UserHistory.where(
+      actor_id: actor_id,
+      action: CustomWizard::UserHistory.actions[:step],
       context: id
     )
 
@@ -202,6 +211,7 @@ class CustomWizard::Wizard
   end
 
   def permitted?
+    return nil unless actor_id
     return true if allow_guests
     return false unless user
     return true if user.admin? || permitted.blank?
@@ -230,6 +240,7 @@ class CustomWizard::Wizard
   end
 
   def can_access?
+    return nil unless actor_id
     return true if allow_guests
     return false unless user
     return true if user.admin
@@ -237,9 +248,11 @@ class CustomWizard::Wizard
   end
 
   def reset
-    ::UserHistory.create(
-      action: ::UserHistory.actions[:custom_wizard_step],
-      acting_user_id: user.id,
+    return nil unless actor_id
+
+    CustomWizard::UserHistory.create(
+      action: CustomWizard::UserHistory.actions[:step],
+      actor_id: actor_id,
       context: id,
       subject: "reset"
     )
@@ -267,8 +280,7 @@ class CustomWizard::Wizard
   end
 
   def submissions
-    return nil unless user.present?
-    @submissions ||= CustomWizard::Submission.list(self, user_id: user.id).submissions
+    @submissions ||= CustomWizard::Submission.list(self).submissions
   end
 
   def current_submission
@@ -304,15 +316,17 @@ class CustomWizard::Wizard
   end
 
   def remove_user_redirect
+    return unless user.present?
+
     if id == user.redirect_to_wizard
       user.custom_fields.delete('redirect_to_wizard')
       user.save_custom_fields(true)
     end
   end
 
-  def self.create(wizard_id, user = nil)
+  def self.create(wizard_id, user = nil, guest_id = nil)
     if template = CustomWizard::Template.find(wizard_id)
-      new(template.to_h, user)
+      new(template.to_h, user, guest_id)
     else
       false
     end
@@ -384,4 +398,8 @@ class CustomWizard::Wizard
       false
     end
   end
+
+  def self.generate_guest_id
+    "#{self::GUEST_ID_PREFIX}_#{SecureRandom.hex(12)}"
+  end
 end

plugin.rb

@@ -41,6 +41,7 @@ after_initialize do
     ../app/controllers/custom_wizard/admin/logs.rb
     ../app/controllers/custom_wizard/admin/manager.rb
     ../app/controllers/custom_wizard/admin/custom_fields.rb
+    ../app/controllers/custom_wizard/wizard_client.rb
     ../app/controllers/custom_wizard/wizard.rb
     ../app/controllers/custom_wizard/steps.rb
     ../app/controllers/custom_wizard/realtime_validations.rb
@@ -65,6 +66,7 @@ after_initialize do
     ../lib/custom_wizard/subscription.rb
     ../lib/custom_wizard/template.rb
     ../lib/custom_wizard/wizard.rb
+    ../lib/custom_wizard/user_history.rb
     ../lib/custom_wizard/api/api.rb
     ../lib/custom_wizard/api/authorization.rb
     ../lib/custom_wizard/api/endpoint.rb

spec/components/custom_wizard/action_spec.rb

@@ -76,8 +76,8 @@ describe CustomWizard::Action do
       updater.update
 
       expect(updater.success?).to eq(true)
-      expect(UserHistory.where(
-        acting_user_id: user.id,
+      expect(CustomWizard::UserHistory.where(
+        actor_id: user.id,
         context: "super_mega_fun_wizard",
         subject: "step_3"
       ).exists?).to eq(true)
@@ -285,6 +285,28 @@ describe CustomWizard::Action do
       expect(topic.first.allowed_groups.map(&:name)).to include('cool_group', 'cool_group_1')
       expect(post.exists?).to eq(true)
     end
+
+    it "send_message works with allow_guests enabled" do
+      wizard_template["allow_guests"] = true
+      wizard_template.delete("actions")
+      wizard_template['actions'] = [send_message]
+      update_template(wizard_template)
+
+      User.create(username: 'angus1', email: "angus1@email.com")
+
+      wizard = CustomWizard::Builder.new(wizard_template["id"], nil, CustomWizard::Wizard.generate_guest_id).build
+      wizard.create_updater(wizard.steps[0].id, {}).update
+      updater = wizard.create_updater(wizard.steps[1].id, {})
+      updater.update
+
+      topic = Topic.where(archetype: Archetype.private_message, title: "Message title")
+      post = Post.where(topic_id: topic.pluck(:id))
+
+      expect(topic.exists?).to eq(true)
+      expect(topic.first.topic_allowed_users.first.user.username).to eq('angus1')
+      expect(topic.first.topic_allowed_users.second.user.username).to eq(Discourse.system_user.username)
+      expect(post.exists?).to eq(true)
+    end
   end
 
   context "business subscription actions" do

spec/components/custom_wizard/builder_spec.rb

@@ -80,14 +80,11 @@ describe CustomWizard::Builder do
 
       it 'returns no steps if user has completed it' do
         @template[:steps].each do |step|
-          UserHistory.create!(
-            {
-              action: UserHistory.actions[:custom_wizard_step],
-              acting_user_id: user.id,
-              context: @template[:id]
-            }.merge(
-              subject: step[:id]
-            )
+          CustomWizard::UserHistory.create!(
+            action: CustomWizard::UserHistory.actions[:step],
+            actor_id: user.id,
+            context: @template[:id],
+            subject: step[:id]
           )
         end
 

spec/components/custom_wizard/submission_spec.rb

@@ -4,6 +4,7 @@ describe CustomWizard::Submission do
   fab!(:user) { Fabricate(:user) }
   fab!(:user2) { Fabricate(:user) }
   let(:template_json) { get_wizard_fixture("wizard") }
+  let(:guest_id) { CustomWizard::Wizard.generate_guest_id }
 
   before do
     CustomWizard::Template.save(template_json, skip_jobs: true)
@@ -13,10 +14,20 @@ describe CustomWizard::Submission do
 
   it "saves a user's submission" do
     expect(
-      described_class.get(@wizard, user.id).fields["step_1_field_1"]
+      described_class.get(@wizard).fields["step_1_field_1"]
     ).to eq("I am user submission")
   end
 
+  it "saves a guest's submission" do
+    CustomWizard::Template.save(template_json, skip_jobs: true)
+    @wizard = CustomWizard::Wizard.create(template_json["id"], nil, guest_id)
+    described_class.new(@wizard, step_1_field_1: "I am guest submission").save
+
+    expect(
+      described_class.get(@wizard).fields["step_1_field_1"]
+    ).to eq("I am guest submission")
+  end
+
   describe "#list" do
     before do
       freeze_time Time.now
@@ -37,14 +48,17 @@ describe CustomWizard::Submission do
     end
 
     it "list submissions by wizard" do
+      @wizard.user = nil
       expect(described_class.list(@wizard).total).to eq(@count + 2)
     end
 
     it "list submissions by wizard and user" do
-      expect(described_class.list(@wizard, user_id: user.id).total).to eq(@count + 1)
+      @wizard.user = user
+      expect(described_class.list(@wizard).total).to eq(@count + 1)
     end
 
     it "paginates submission lists" do
+      @wizard.user = nil
       expect(described_class.list(@wizard, page: 1).submissions.size).to eq((@count + 2) - CustomWizard::Submission::PAGE_LIMIT)
     end
 
@@ -59,7 +73,7 @@ describe CustomWizard::Submission do
       described_class.new(@wizard, step_1_field_1: "I am the second submission").save
       builder = CustomWizard::Builder.new(@wizard.id, @wizard.user)
       builder.build
-      submissions = described_class.list(@wizard, user_id: @wizard.user.id).submissions
+      submissions = described_class.list(@wizard).submissions
 
       expect(submissions.length).to eq(1)
       expect(submissions.first.fields["step_1_field_1"]).to eq("I am the second submission")
@@ -75,7 +89,7 @@ describe CustomWizard::Submission do
       PluginStore.set("#{@wizard.id}_submissions", @wizard.user.id, sub_data)
       builder = CustomWizard::Builder.new(@wizard.id, @wizard.user)
       builder.build
-      submissions = described_class.list(@wizard, user_id: @wizard.user.id).submissions
+      submissions = described_class.list(@wizard).submissions
 
       expect(submissions.length).to eq(1)
       expect(submissions.first.fields["step_1_field_1"]).to eq("I am the second submission")
@@ -92,7 +106,7 @@ describe CustomWizard::Submission do
 
       builder = CustomWizard::Builder.new(@wizard.id, @wizard.user)
       builder.build
-      submissions = described_class.list(@wizard, user_id: @wizard.user.id).submissions
+      submissions = described_class.list(@wizard).submissions
 
       expect(submissions.length).to eq(1)
       expect(submissions.first.fields["step_1_field_1"]).to eq("I am the third submission")

spec/components/custom_wizard/wizard_spec.rb

@@ -21,10 +21,10 @@ describe CustomWizard::Wizard do
     @wizard.update!
   end
 
-  def progress_step(step_id, acting_user: user, wizard: @wizard)
-    UserHistory.create(
-      action: UserHistory.actions[:custom_wizard_step],
-      acting_user_id: acting_user.id,
+  def progress_step(step_id, actor_id: user.id, wizard: @wizard)
+    CustomWizard::UserHistory.create(
+      action: CustomWizard::UserHistory.actions[:step],
+      actor_id: actor_id,
       context: wizard.id,
       subject: step_id
     )
@@ -158,9 +158,9 @@ describe CustomWizard::Wizard do
     it "lets a permitted user access a complete wizard with multiple submissions" do
       append_steps
 
-      progress_step("step_1", acting_user: trusted_user)
-      progress_step("step_2", acting_user: trusted_user)
-      progress_step("step_3", acting_user: trusted_user)
+      progress_step("step_1", actor_id: trusted_user.id)
+      progress_step("step_2", actor_id: trusted_user.id)
+      progress_step("step_3", actor_id: trusted_user.id)
 
       @permitted_template["multiple_submissions"] = true
 
@@ -172,9 +172,9 @@ describe CustomWizard::Wizard do
     it "does not let an unpermitted user access a complete wizard without multiple submissions" do
       append_steps
 
-      progress_step("step_1", acting_user: trusted_user)
-      progress_step("step_2", acting_user: trusted_user)
-      progress_step("step_3", acting_user: trusted_user)
+      progress_step("step_1", actor_id: trusted_user.id)
+      progress_step("step_2", actor_id: trusted_user.id)
+      progress_step("step_3", actor_id: trusted_user.id)
 
       @permitted_template['multiple_submissions'] = false
 

spec/requests/custom_wizard/steps_controller_spec.rb

@@ -12,6 +12,40 @@ describe CustomWizard::StepsController do
     CustomWizard::Template.save(wizard_template, skip_jobs: true)
   end
 
+  context "with guest" do
+    it "does not perform a step update" do
+      put '/w/super-mega-fun-wizard/steps/step_1.json', params: {
+        fields: {
+          step_1_field_1: "Text input"
+        }
+      }
+      expect(response.status).to eq(403)
+    end
+
+    context "with allow_guests enabled" do
+      before do
+        new_template = wizard_template.dup
+        new_template["allow_guests"] = true
+        new_template.delete("actions")
+        result = CustomWizard::Template.save(new_template, skip_jobs: true)
+      end
+
+      it "performs a step update" do
+        put '/w/super-mega-fun-wizard/steps/step_1.json', params: {
+          fields: {
+            step_1_field_1: "Text input"
+          }
+        }
+        expect(response.status).to eq(200)
+        expect(response.parsed_body['wizard']['start']).to eq("step_2")
+
+        wizard_id = response.parsed_body['wizard']['id']
+        wizard = CustomWizard::Wizard.create(wizard_id, nil, cookies[:custom_wizard_guest_id])
+        expect(wizard.current_submission.fields['step_1_field_1']).to eq("Text input")
+      end
+    end
+  end
+
   context "with user" do
     before do
       sign_in(user)