Merge pull request #1404 from ZogStriP/admin-can-always-upload-a-file

staff can always upload a file
This commit is contained in:
Robin Ward 2013-09-09 08:55:47 -07:00
commit 360b8e32ca
7 changed files with 35 additions and 9 deletions

View file

@ -194,7 +194,8 @@ Discourse.Utilities = {
@method validateUploadedFile
@param {File} file The file to be uploaded
@param {string} type The type of the file
@param {string} type The type of the upload (image, attachment)
@returns true whenever the upload is valid
**/
validateUploadedFile: function(file, type) {
// check that the uploaded file is authorized
@ -205,7 +206,7 @@ Discourse.Utilities = {
}
// ensures that new users can upload a file
if (Discourse.User.currentProp('trust_level') === 0 && Discourse.SiteSettings['newuser_max_' + type + 's'] === 0) {
if (!Discourse.User.current().isAllowedToUploadAFile(type)) {
bootbox.alert(I18n.t('post.errors.' + type + '_upload_not_allowed_for_new_user'));
return false;
}

View file

@ -11,7 +11,7 @@ Discourse.Draft = Discourse.Model.extend({});
Discourse.Draft.reopenClass({
clear: function(key, sequence) {
return Discourse.ajax("/draft", {
return Discourse.ajax("/draft.json", {
type: 'DELETE',
data: {
draft_key: key,
@ -21,20 +21,20 @@ Discourse.Draft.reopenClass({
},
get: function(key) {
return Discourse.ajax('/draft', {
return Discourse.ajax('/draft.json', {
data: { draft_key: key },
dataType: 'json'
});
},
getLocal: function(key, current) {
var local;
// TODO: implement this
return current;
},
save: function(key, sequence, data) {
data = typeof data === "string" ? data : JSON.stringify(data);
return Discourse.ajax("/draft", {
return Discourse.ajax("/draft.json", {
type: 'POST',
data: {
draft_key: key,

View file

@ -276,6 +276,19 @@ Discourse.User = Discourse.Model.extend({
type: 'PUT',
data: { use_uploaded_avatar: useUploadedAvatar }
});
},
/**
Determines whether the current user is allowed to upload a file.
@method isAllowedToUploadAFile
@param {string} type The type of the upload (image, attachment)
@returns true if the current user is allowed to upload a file
**/
isAllowedToUploadAFile: function(type) {
return this.get('staff') ||
this.get('trust_level') > 0 ||
Discourse.SiteSettings['newuser_max_' + type + 's'] > 0;
}
});

View file

@ -24,7 +24,6 @@ test("uploading one file", function() {
test("new user cannot upload images", function() {
Discourse.SiteSettings.newuser_max_images = 0;
this.stub(Discourse.User, 'currentProp').withArgs("trust_level").returns(0);
this.stub(bootbox, "alert");
ok(!validUpload([{name: "image.png"}]));
@ -33,7 +32,6 @@ test("new user cannot upload images", function() {
test("new user cannot upload attachments", function() {
Discourse.SiteSettings.newuser_max_attachments = 0;
this.stub(Discourse.User, 'currentProp').withArgs("trust_level").returns(0);
this.stub(bootbox, "alert");
ok(!validUpload([{name: "roman.txt"}]));
@ -52,6 +50,7 @@ test("ensures an authorized upload", function() {
test("prevents files that are too big from being uploaded", function() {
var image = { name: "image.png", size: 10 * 1024 };
Discourse.SiteSettings.max_image_size_kb = 5;
Discourse.User.currentProp("trust_level", 1);
this.stub(bootbox, "alert");
ok(!validUpload([image]));
@ -70,6 +69,7 @@ var dummyBlob = function() {
};
test("allows valid uploads to go through", function() {
Discourse.User.currentProp("trust_level", 1);
Discourse.SiteSettings.max_image_size_kb = 15;
this.stub(bootbox, "alert");

View file

@ -0,0 +1,2 @@
/*jshint maxlen:10000000 */
Discourse.URL_FIXTURES["/draft.json"] = {};

File diff suppressed because one or more lines are too long

View file

@ -16,4 +16,12 @@ test('searchContext', function() {
var user = Discourse.User.create({id: 1, username: 'EvilTrout'});
deepEqual(user.get('searchContext'), {type: 'user', id: 'eviltrout', user: user}, "has a search context");
});
});
test("isAllowedToUploadAFile", function() {
var user = Discourse.User.create({ trust_level: 0, admin: true });
ok(user.isAllowedToUploadAFile("image"), "admin can always upload a file");
user.setProperties({ admin: false, moderator: true });
ok(user.isAllowedToUploadAFile("image"), "moderator can always upload a file");
});