codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-23 15:48:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

small topic/category guardians refactor

Browse source
This commit is contained in:
Régis Hanol 2016-06-27 14:36:57 +02:00
parent ea46e5dd57
commit 5eda2f43c6
2 changed files with 9 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/guardian/category_guardian.rb
View file

@ -45,9 +45,9 @@ module CategoryGuardian
end
def can_see_category?(category)
is_admin? ||
!category.read_restricted ||
(@user.staged? && category.email_in.present? && category.email_in_allow_strangers) ||
return true if is_admin?
return true if !category.read_restricted
return true if is_staged? && category.email_in.present? && category.email_in_allow_strangers
secure_category_ids.include?(category.id)
end

28
lib/guardian/topic_guardian.rb
View file

@ -68,43 +68,27 @@ module TopicGuardian
end
def can_reply_as_new_topic?(topic)
authenticated? && topic && not(topic.private_message?) && @user.has_trust_level?(TrustLevel[1])
authenticated? && topic && !topic.private_message? && @user.has_trust_level?(TrustLevel[1])
end
def can_see_deleted_topics?
is_staff?
end
def can_see_topic?(topic)
def can_see_topic?(topic, hide_deleted=true)
return false unless topic
# Admins can see everything
return true if is_admin?
# Deleted topics
return false if topic.deleted_at && !can_see_deleted_topics?
return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?
if topic.private_message?
return authenticated? &&
topic.all_allowed_users.where(id: @user.id).exists?
return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?
end
# not secure, or I can see it
!topic.read_restricted_category? || can_see_category?(topic.category)
can_see_category?(topic.category)
end
def can_see_topic_if_not_deleted?(topic)
return false unless topic
# Admins can see everything
return true if is_admin?
# Deleted topics
# return false if topic.deleted_at && !can_see_deleted_topics?
if topic.private_message?
return authenticated? &&
topic.all_allowed_users.where(id: @user.id).exists?
end
# not secure, or I can see it
!topic.read_restricted_category? || can_see_category?(topic.category)
can_see_topic?(topic, false)
end
def filter_allowed_categories(records)