small topic/category guardians refactor

2024-11-23 23:58:31 -05:00 · 2016-06-27 14:36:57 +02:00 · 2016-06-27 14:36:57 +02:00 · 5eda2f43c6
commit 5eda2f43c6
parent ea46e5dd57
2 changed files with 9 additions and 25 deletions
--- a/lib/guardian/category_guardian.rb
+++ b/lib/guardian/category_guardian.rb
@ -45,9 +45,9 @@ module CategoryGuardian
  end
  def can_see_category?(category)
-    is_admin? ||
+    return true if is_admin?
-    !category.read_restricted ||
+    return true if !category.read_restricted
-    (@user.staged? && category.email_in.present? && category.email_in_allow_strangers) ||
+    return true if is_staged? && category.email_in.present? && category.email_in_allow_strangers
    secure_category_ids.include?(category.id)
  end
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@ -68,43 +68,27 @@ module TopicGuardian
  end
  def can_reply_as_new_topic?(topic)
-    authenticated? && topic && not(topic.private_message?) && @user.has_trust_level?(TrustLevel[1])
+    authenticated? && topic && !topic.private_message? && @user.has_trust_level?(TrustLevel[1])
  end
  def can_see_deleted_topics?
    is_staff?
  end
-  def can_see_topic?(topic)
+  def can_see_topic?(topic, hide_deleted=true)
    return false unless topic
    # Admins can see everything
    return true if is_admin?
-    # Deleted topics
+    return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?
    return false if topic.deleted_at && !can_see_deleted_topics?
    if topic.private_message?
-      return authenticated? &&
+      return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?
             topic.all_allowed_users.where(id: @user.id).exists?
    end
-    # not secure, or I can see it
+    can_see_category?(topic.category)
    !topic.read_restricted_category? || can_see_category?(topic.category)
  end
  def can_see_topic_if_not_deleted?(topic)
-    return false unless topic
+    can_see_topic?(topic, false)
    # Admins can see everything
    return true if is_admin?
    # Deleted topics
    # return false if topic.deleted_at && !can_see_deleted_topics?
    if topic.private_message?
      return authenticated? &&
        topic.all_allowed_users.where(id: @user.id).exists?
    end
    # not secure, or I can see it
    !topic.read_restricted_category? || can_see_category?(topic.category)
  end
  def filter_allowed_categories(records)