codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-23 23:58:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: logic for can_see_topic?

Browse source
This commit is contained in:
Sam 2014-08-05 14:37:28 +10:00
parent a4842dd039
commit 6eaaf6714c
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/guardian/topic_guardian.rb
View file

@ -59,10 +59,13 @@ module TopicGuardian
# Deleted topics
return false if topic.deleted_at && !can_see_deleted_topics?
if topic.private_message?
return authenticated? &&
topic.all_allowed_users.where(id: @user.id).exists?
end
# not secure, or I can see it
(not(topic.read_restricted_category?) || can_see_category?(topic.category)) &&
# not private, or I am allowed (or is staff)
(not(topic.private_message?) || (authenticated? && (is_admin? || topic.all_allowed_users.where(id: @user.id).exists?)))
!topic.read_restricted_category? || can_see_category?(topic.category)
end
end