mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-23 15:48:43 -05:00
Trust level 4: add ability to edit any post and see edit history
This commit is contained in:
parent
50cc7dedb0
commit
283dc7dd2d
8 changed files with 88 additions and 16 deletions
|
@ -350,14 +350,7 @@ Discourse.Post = Discourse.Model.extend({
|
|||
var topic = this.get('topic');
|
||||
return !topic.isReplyDirectlyBelow(this);
|
||||
|
||||
}.property('reply_count'),
|
||||
|
||||
canViewEditHistory: function() {
|
||||
return (Discourse.SiteSettings.edit_history_visible_to_public ||
|
||||
(Discourse.User.current() &&
|
||||
(Discourse.User.current().get('staff') || Discourse.User.current().get('id') === this.get('user_id'))));
|
||||
}.property()
|
||||
|
||||
}.property('reply_count')
|
||||
});
|
||||
|
||||
Discourse.Post.reopenClass({
|
||||
|
|
|
@ -55,7 +55,7 @@
|
|||
<div class='topic-meta-data-inside'>
|
||||
{{#if hasHistory}}
|
||||
<div class='post-info edits'>
|
||||
{{#if canViewEditHistory}}
|
||||
{{#if can_view_edit_history}}
|
||||
<a href='#' class="{{unbound historyHeat}}" {{action showHistory this}} title="{{i18n post.last_edited_on}} {{rawDate updated_at}}">
|
||||
{{editCount}}
|
||||
<i class='fa fa-pencil'></i>
|
||||
|
|
|
@ -178,6 +178,7 @@ class PostsController < ApplicationController
|
|||
|
||||
def revisions
|
||||
post_revision = find_post_revision_from_params
|
||||
guardian.ensure_can_see!(post_revision)
|
||||
post_revision_serializer = PostRevisionSerializer.new(post_revision, scope: guardian, root: false)
|
||||
render_json_dump(post_revision_serializer)
|
||||
end
|
||||
|
|
|
@ -45,7 +45,8 @@ class PostSerializer < BasicPostSerializer
|
|||
:deleted_at,
|
||||
:deleted_by,
|
||||
:user_deleted,
|
||||
:edit_reason
|
||||
:edit_reason,
|
||||
:can_view_edit_history
|
||||
|
||||
|
||||
def moderator?
|
||||
|
@ -200,6 +201,10 @@ class PostSerializer < BasicPostSerializer
|
|||
SiteSetting.enable_names?
|
||||
end
|
||||
|
||||
def can_view_edit_history
|
||||
scope.can_view_post_revisions?(object)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def post_actions
|
||||
|
|
|
@ -69,7 +69,7 @@ module PostGuardain
|
|||
|
||||
# Editing Method
|
||||
def can_edit_post?(post)
|
||||
is_staff? || (!post.topic.archived? && is_my_own?(post) && !post.user_deleted && !post.deleted_at && !post.edit_time_limit_expired?)
|
||||
is_staff? || @user.has_trust_level?(:elder) || (!post.topic.archived? && is_my_own?(post) && !post.user_deleted && !post.deleted_at && !post.edit_time_limit_expired?)
|
||||
end
|
||||
|
||||
# Deleting Methods
|
||||
|
@ -111,8 +111,15 @@ module PostGuardain
|
|||
|
||||
def can_see_post_revision?(post_revision)
|
||||
return false if post_revision.nil?
|
||||
can_view_post_revisions?(post_revision.post)
|
||||
end
|
||||
|
||||
def can_view_post_revisions?(post)
|
||||
return false if post.nil?
|
||||
return true if SiteSetting.edit_history_visible_to_public
|
||||
authenticated? && (is_staff? || can_see_post?(post_revision.post))
|
||||
authenticated? &&
|
||||
(is_staff? || @user.has_trust_level?(:elder) || @user.id == post.user_id) &&
|
||||
can_see_post?(post)
|
||||
end
|
||||
|
||||
def can_vote?(post, opts={})
|
||||
|
|
|
@ -8,6 +8,7 @@ describe Guardian do
|
|||
let(:moderator) { build(:moderator) }
|
||||
let(:admin) { build(:admin) }
|
||||
let(:leader) { build(:user, trust_level: 3) }
|
||||
let(:elder) { build(:user, trust_level: 4) }
|
||||
let(:another_admin) { build(:admin) }
|
||||
let(:coding_horror) { build(:coding_horror) }
|
||||
|
||||
|
@ -259,7 +260,6 @@ describe Guardian do
|
|||
end
|
||||
|
||||
describe 'a Post' do
|
||||
|
||||
let(:another_admin) { Fabricate(:admin) }
|
||||
it 'correctly handles post visibility' do
|
||||
post = Fabricate(:post)
|
||||
|
@ -279,8 +279,43 @@ describe Guardian do
|
|||
Guardian.new(user).can_see?(post).should be_false
|
||||
Guardian.new(admin).can_see?(post).should be_true
|
||||
end
|
||||
end
|
||||
|
||||
describe 'a PostRevision' do
|
||||
let(:post_revision) { Fabricate(:post_revision) }
|
||||
|
||||
context 'edit_history_visible_to_public is true' do
|
||||
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(true) }
|
||||
|
||||
it 'is false for nil' do
|
||||
Guardian.new.can_see?(nil).should be_false
|
||||
end
|
||||
|
||||
it 'is true if not logged in' do
|
||||
Guardian.new.can_see?(post_revision).should == true
|
||||
end
|
||||
|
||||
it 'is true when logged in' do
|
||||
Guardian.new(Fabricate(:user)).can_see?(post_revision).should == true
|
||||
end
|
||||
end
|
||||
|
||||
context 'edit_history_visible_to_public is false' do
|
||||
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(false) }
|
||||
|
||||
it 'is true for staff' do
|
||||
Guardian.new(Fabricate(:admin)).can_see?(post_revision).should == true
|
||||
Guardian.new(Fabricate(:moderator)).can_see?(post_revision).should == true
|
||||
end
|
||||
|
||||
it 'is true for trust level 4' do
|
||||
Guardian.new(Fabricate(:elder)).can_see?(post_revision).should == true
|
||||
end
|
||||
|
||||
it 'is false for trust level lower than 4' do
|
||||
Guardian.new(Fabricate(:leader)).can_see?(post_revision).should == false
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -551,6 +586,10 @@ describe Guardian do
|
|||
Guardian.new(admin).can_edit?(post).should be_true
|
||||
end
|
||||
|
||||
it 'returns true as a trust level 4 user' do
|
||||
Guardian.new(elder).can_edit?(post).should be_true
|
||||
end
|
||||
|
||||
context 'post is older than post_edit_time_limit' do
|
||||
let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 6.minutes.ago) }
|
||||
before do
|
||||
|
|
|
@ -431,7 +431,13 @@ describe PostsController do
|
|||
|
||||
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(false) }
|
||||
|
||||
it "ensures anonymous can not see the revisions" do
|
||||
it "ensures anonymous cannot see the revisions" do
|
||||
xhr :get, :revisions, post_id: post_revision.post_id, revision: post_revision.number
|
||||
response.should be_forbidden
|
||||
end
|
||||
|
||||
it "ensures regular user cannot see the revisions" do
|
||||
u = log_in(:user)
|
||||
xhr :get, :revisions, post_id: post_revision.post_id, revision: post_revision.number
|
||||
response.should be_forbidden
|
||||
end
|
||||
|
@ -444,11 +450,18 @@ describe PostsController do
|
|||
|
||||
it "ensures poster can see the revisions" do
|
||||
user = log_in(:active_user)
|
||||
pr = Fabricate(:post_revision, user: user)
|
||||
post = Fabricate(:post, user: user)
|
||||
pr = Fabricate(:post_revision, user: user, post: post)
|
||||
xhr :get, :revisions, post_id: pr.post_id, revision: pr.number
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it "ensures trust level 4 can see the revisions" do
|
||||
log_in(:elder)
|
||||
xhr :get, :revisions, post_id: post_revision.post_id, revision: post_revision.number
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
context "when edit history is visible to everyone" do
|
||||
|
|
|
@ -60,5 +60,19 @@ Fabricator(:active_user, from: :user) do
|
|||
password 'myawesomepassword'
|
||||
trust_level TrustLevel.levels[:basic]
|
||||
active true
|
||||
bio_raw "Don't as me about my dad!"
|
||||
bio_raw "Don't ask me about my dad!"
|
||||
end
|
||||
|
||||
Fabricator(:leader, from: :user) do
|
||||
name 'Leader McLeaderman'
|
||||
username { sequence(:username) { |i| "leader#{i}" } }
|
||||
email { sequence(:email) { |i| "leader#{i}@leaderfun.com" } }
|
||||
trust_level TrustLevel.levels[:leader]
|
||||
end
|
||||
|
||||
Fabricator(:elder, from: :user) do
|
||||
name 'Elder McElderson'
|
||||
username { sequence(:username) { |i| "elder#{i}" } }
|
||||
email { sequence(:email) { |i| "elder#{i}@elderfun.com" } }
|
||||
trust_level TrustLevel.levels[:elder]
|
||||
end
|
Loading…
Reference in a new issue