From 2838e1c3b50cc643fa45fbb3f07cc63cbaf978e5 Mon Sep 17 00:00:00 2001 From: Neil Lalonde Date: Mon, 10 Mar 2014 11:48:27 -0400 Subject: [PATCH] FIX: don't show option to flag with notify_user to trust level 0 users. they can't send private messages. --- lib/guardian/post_guardian.rb | 5 ++++- spec/components/guardian_spec.rb | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb index 4368f8be6..4d2e4873e 100644 --- a/lib/guardian/post_guardian.rb +++ b/lib/guardian/post_guardian.rb @@ -10,7 +10,7 @@ module PostGuardain already_did_flagging = taken.any? && (taken & PostActionType.flag_types.values).any? if authenticated? && post - # we always allow flagging - NOTE: this does not seem true, see specs. (MVH) + # we allow flagging for trust level 1 and higher (is_flag && @user.has_trust_level?(:basic) && not(already_did_flagging)) || # not a flagging action, and haven't done it already @@ -22,6 +22,9 @@ module PostGuardain # don't like your own stuff not(action_key == :like && is_my_own?(post)) && + # new users can't notify_user because they are not allowed to send private messages + not(action_key == :notify_user && !@user.has_trust_level?(:basic)) && + # no voting more than once on single vote topics not(action_key == :vote && opts[:voted_in_topic] && post.topic.has_meta_data_boolean?(:single_vote)) end diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 82c15c1e6..0f2ae761e 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -71,6 +71,11 @@ describe Guardian do user.trust_level = TrustLevel.levels[:new] Guardian.new(user).post_can_act?(post, :off_topic).should be_false end + + it "returns false for a new user flagging with notify_user" do + user.trust_level = TrustLevel.levels[:new] + Guardian.new(user).post_can_act?(post, :notify_user).should be_false # because new users can't send private messages + end end end