Trust level 4: add ability to edit any post and see edit history

This commit is contained in:
Neil Lalonde 2014-03-13 10:47:37 -04:00
parent 50cc7dedb0
commit 283dc7dd2d
8 changed files with 88 additions and 16 deletions

View file

@ -350,14 +350,7 @@ Discourse.Post = Discourse.Model.extend({
var topic = this.get('topic');
return !topic.isReplyDirectlyBelow(this);
}.property('reply_count'),
canViewEditHistory: function() {
return (Discourse.SiteSettings.edit_history_visible_to_public ||
(Discourse.User.current() &&
(Discourse.User.current().get('staff') || Discourse.User.current().get('id') === this.get('user_id'))));
}.property()
}.property('reply_count')
});
Discourse.Post.reopenClass({

View file

@ -55,7 +55,7 @@
<div class='topic-meta-data-inside'>
{{#if hasHistory}}
<div class='post-info edits'>
{{#if canViewEditHistory}}
{{#if can_view_edit_history}}
<a href='#' class="{{unbound historyHeat}}" {{action showHistory this}} title="{{i18n post.last_edited_on}} {{rawDate updated_at}}">
{{editCount}}
<i class='fa fa-pencil'></i>

View file

@ -178,6 +178,7 @@ class PostsController < ApplicationController
def revisions
post_revision = find_post_revision_from_params
guardian.ensure_can_see!(post_revision)
post_revision_serializer = PostRevisionSerializer.new(post_revision, scope: guardian, root: false)
render_json_dump(post_revision_serializer)
end

View file

@ -45,7 +45,8 @@ class PostSerializer < BasicPostSerializer
:deleted_at,
:deleted_by,
:user_deleted,
:edit_reason
:edit_reason,
:can_view_edit_history
def moderator?
@ -200,6 +201,10 @@ class PostSerializer < BasicPostSerializer
SiteSetting.enable_names?
end
def can_view_edit_history
scope.can_view_post_revisions?(object)
end
private
def post_actions

View file

@ -69,7 +69,7 @@ module PostGuardain
# Editing Method
def can_edit_post?(post)
is_staff? || (!post.topic.archived? && is_my_own?(post) && !post.user_deleted && !post.deleted_at && !post.edit_time_limit_expired?)
is_staff? || @user.has_trust_level?(:elder) || (!post.topic.archived? && is_my_own?(post) && !post.user_deleted && !post.deleted_at && !post.edit_time_limit_expired?)
end
# Deleting Methods
@ -111,8 +111,15 @@ module PostGuardain
def can_see_post_revision?(post_revision)
return false if post_revision.nil?
can_view_post_revisions?(post_revision.post)
end
def can_view_post_revisions?(post)
return false if post.nil?
return true if SiteSetting.edit_history_visible_to_public
authenticated? && (is_staff? || can_see_post?(post_revision.post))
authenticated? &&
(is_staff? || @user.has_trust_level?(:elder) || @user.id == post.user_id) &&
can_see_post?(post)
end
def can_vote?(post, opts={})

View file

@ -8,6 +8,7 @@ describe Guardian do
let(:moderator) { build(:moderator) }
let(:admin) { build(:admin) }
let(:leader) { build(:user, trust_level: 3) }
let(:elder) { build(:user, trust_level: 4) }
let(:another_admin) { build(:admin) }
let(:coding_horror) { build(:coding_horror) }
@ -259,7 +260,6 @@ describe Guardian do
end
describe 'a Post' do
let(:another_admin) { Fabricate(:admin) }
it 'correctly handles post visibility' do
post = Fabricate(:post)
@ -279,8 +279,43 @@ describe Guardian do
Guardian.new(user).can_see?(post).should be_false
Guardian.new(admin).can_see?(post).should be_true
end
end
describe 'a PostRevision' do
let(:post_revision) { Fabricate(:post_revision) }
context 'edit_history_visible_to_public is true' do
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(true) }
it 'is false for nil' do
Guardian.new.can_see?(nil).should be_false
end
it 'is true if not logged in' do
Guardian.new.can_see?(post_revision).should == true
end
it 'is true when logged in' do
Guardian.new(Fabricate(:user)).can_see?(post_revision).should == true
end
end
context 'edit_history_visible_to_public is false' do
before { SiteSetting.stubs(:edit_history_visible_to_public).returns(false) }
it 'is true for staff' do
Guardian.new(Fabricate(:admin)).can_see?(post_revision).should == true
Guardian.new(Fabricate(:moderator)).can_see?(post_revision).should == true
end
it 'is true for trust level 4' do
Guardian.new(Fabricate(:elder)).can_see?(post_revision).should == true
end
it 'is false for trust level lower than 4' do
Guardian.new(Fabricate(:leader)).can_see?(post_revision).should == false
end
end
end
end
@ -551,6 +586,10 @@ describe Guardian do
Guardian.new(admin).can_edit?(post).should be_true
end
it 'returns true as a trust level 4 user' do
Guardian.new(elder).can_edit?(post).should be_true
end
context 'post is older than post_edit_time_limit' do
let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 6.minutes.ago) }
before do

View file

@ -436,6 +436,12 @@ describe PostsController do
response.should be_forbidden
end
it "ensures regular user cannot see the revisions" do
u = log_in(:user)
xhr :get, :revisions, post_id: post_revision.post_id, revision: post_revision.number
response.should be_forbidden
end
it "ensures staff can see the revisions" do
log_in(:admin)
xhr :get, :revisions, post_id: post_revision.post_id, revision: post_revision.number
@ -444,11 +450,18 @@ describe PostsController do
it "ensures poster can see the revisions" do
user = log_in(:active_user)
pr = Fabricate(:post_revision, user: user)
post = Fabricate(:post, user: user)
pr = Fabricate(:post_revision, user: user, post: post)
xhr :get, :revisions, post_id: pr.post_id, revision: pr.number
response.should be_success
end
it "ensures trust level 4 can see the revisions" do
log_in(:elder)
xhr :get, :revisions, post_id: post_revision.post_id, revision: post_revision.number
response.should be_success
end
end
context "when edit history is visible to everyone" do

View file

@ -60,5 +60,19 @@ Fabricator(:active_user, from: :user) do
password 'myawesomepassword'
trust_level TrustLevel.levels[:basic]
active true
bio_raw "Don't as me about my dad!"
bio_raw "Don't ask me about my dad!"
end
Fabricator(:leader, from: :user) do
name 'Leader McLeaderman'
username { sequence(:username) { |i| "leader#{i}" } }
email { sequence(:email) { |i| "leader#{i}@leaderfun.com" } }
trust_level TrustLevel.levels[:leader]
end
Fabricator(:elder, from: :user) do
name 'Elder McElderson'
username { sequence(:username) { |i| "elder#{i}" } }
email { sequence(:email) { |i| "elder#{i}@elderfun.com" } }
trust_level TrustLevel.levels[:elder]
end