diff --git a/app/assets/javascripts/discourse/views/topic-footer-buttons.js.es6 b/app/assets/javascripts/discourse/views/topic-footer-buttons.js.es6 index 6061b4cd9..c985e78f5 100644 --- a/app/assets/javascripts/discourse/views/topic-footer-buttons.js.es6 +++ b/app/assets/javascripts/discourse/views/topic-footer-buttons.js.es6 @@ -22,7 +22,7 @@ export default Discourse.ContainerView.extend({ if (Discourse.User.current()) { if (!topic.get('isPrivateMessage')) { // We hide some controls from private messages - if (this.get('topic.details.can_invite_to') && (!this.get('topic.category.read_restricted') || Discourse.User.currentProp('admin'))) { + if (this.get('topic.details.can_invite_to')) { this.attachViewClass(InviteReplyButton); } this.attachViewClass(StarButton); diff --git a/lib/guardian.rb b/lib/guardian.rb index 426325127..f35837889 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -200,9 +200,9 @@ class Guardian end def can_invite_to?(object, group_ids=nil) - can_see?(object) && - can_invite_to_forum? && - ( group_ids.blank? || is_admin? ) + can_invite = can_see?(object) && can_invite_to_forum? && ( group_ids.blank? || is_admin? ) + can_invite = can_invite && ( !object.category.read_restricted || is_admin? ) if object.is_a?(Topic) + can_invite end def can_bulk_invite_to_forum?(user) diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index e73e2e48e..81c6c884a 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -241,9 +241,13 @@ describe Guardian do end describe 'can_invite_to?' do + let(:group) { Fabricate(:group) } + let(:category) { Fabricate(:category, read_restricted: true) } let(:topic) { Fabricate(:topic) } + let(:private_topic) { Fabricate(:topic, category: category) } let(:user) { topic.user } let(:moderator) { Fabricate(:moderator) } + let(:admin) { Fabricate(:admin) } it 'handles invitation correctly' do Guardian.new(nil).can_invite_to?(topic).should be_false @@ -268,6 +272,14 @@ describe Guardian do Guardian.new(user).can_invite_to?(topic).should be_false end + it 'returns false for normal user on private topic' do + Guardian.new(user).can_invite_to?(private_topic).should be_false + end + + it 'returns true for admin on private topic' do + Guardian.new(admin).can_invite_to?(private_topic).should be_true + end + end describe 'can_see?' do @@ -1757,4 +1769,3 @@ describe Guardian do end end end -