mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-23 15:48:43 -05:00
FIX: staged users weren't able to reply in restricted categories
This commit is contained in:
parent
74e93d2260
commit
800081f606
5 changed files with 53 additions and 50 deletions
|
@ -60,32 +60,21 @@ class Category < ActiveRecord::Base
|
|||
has_many :category_tag_groups, dependent: :destroy
|
||||
has_many :tag_groups, through: :category_tag_groups
|
||||
|
||||
scope :latest, ->{ order('topic_count desc') }
|
||||
scope :latest, -> { order('topic_count DESC') }
|
||||
|
||||
scope :secured, ->(guardian = nil) {
|
||||
scope :secured, -> (guardian = nil) {
|
||||
ids = guardian.secure_category_ids if guardian
|
||||
if ids.present?
|
||||
where("NOT categories.read_restricted or categories.id in (:cats)", cats: ids).references(:categories)
|
||||
where("NOT categories.read_restricted OR categories.id IN (:cats)", cats: ids).references(:categories)
|
||||
else
|
||||
where("NOT categories.read_restricted").references(:categories)
|
||||
end
|
||||
}
|
||||
|
||||
scope :topic_create_allowed, ->(guardian) {
|
||||
if guardian.anonymous?
|
||||
where("1=0")
|
||||
else
|
||||
scoped_to_permissions(guardian, [:full])
|
||||
end
|
||||
}
|
||||
|
||||
scope :post_create_allowed, ->(guardian) {
|
||||
if guardian.anonymous?
|
||||
where("1=0")
|
||||
else
|
||||
scoped_to_permissions(guardian, [:create_post, :full])
|
||||
end
|
||||
}
|
||||
TOPIC_CREATION_PERMISSIONS ||= [:full]
|
||||
POST_CREATION_PERMISSIONS ||= [:create_post, :full]
|
||||
scope :topic_create_allowed, -> (guardian) { scoped_to_permissions(guardian, TOPIC_CREATION_PERMISSIONS) }
|
||||
scope :post_create_allowed, -> (guardian) { scoped_to_permissions(guardian, POST_CREATION_PERMISSIONS) }
|
||||
|
||||
delegate :post_template, to: 'self.class'
|
||||
|
||||
|
@ -98,7 +87,7 @@ class Category < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def self.scoped_to_permissions(guardian, permission_types)
|
||||
if guardian && guardian.is_admin?
|
||||
if guardian.try(:is_admin?)
|
||||
all
|
||||
elsif !guardian || guardian.anonymous?
|
||||
if permission_types.include?(:readonly)
|
||||
|
@ -107,28 +96,19 @@ class Category < ActiveRecord::Base
|
|||
where("1 = 0")
|
||||
end
|
||||
else
|
||||
permission_types = permission_types.map{ |permission_type|
|
||||
CategoryGroup.permission_types[permission_type]
|
||||
}
|
||||
where("categories.id in (
|
||||
SELECT cg.category_id FROM category_groups cg
|
||||
WHERE permission_type in (:permissions) AND
|
||||
(
|
||||
group_id IN (
|
||||
SELECT g.group_id FROM group_users g where g.user_id = :user_id
|
||||
)
|
||||
)
|
||||
)
|
||||
OR
|
||||
categories.id in (
|
||||
SELECT cg.category_id FROM category_groups cg
|
||||
WHERE permission_type in (:permissions) AND group_id = :everyone
|
||||
)
|
||||
OR
|
||||
categories.id NOT in (SELECT cg.category_id FROM category_groups cg)
|
||||
", permissions: permission_types,
|
||||
user_id: guardian.user.id,
|
||||
everyone: Group[:everyone].id)
|
||||
permissions = permission_types.map { |p| CategoryGroup.permission_types[p] }
|
||||
where("(:staged AND LENGTH(COALESCE(email_in, '')) > 0 AND email_in_allow_strangers)
|
||||
OR categories.id NOT IN (SELECT category_id FROM category_groups)
|
||||
OR categories.id IN (
|
||||
SELECT category_id
|
||||
FROM category_groups
|
||||
WHERE permission_type IN (:permissions)
|
||||
AND (group_id = :everyone OR group_id IN (SELECT group_id FROM group_users WHERE user_id = :user_id))
|
||||
)",
|
||||
staged: guardian.is_staged?,
|
||||
permissions: permissions,
|
||||
user_id: guardian.user.id,
|
||||
everyone: Group[:everyone].id)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -139,14 +119,13 @@ class Category < ActiveRecord::Base
|
|||
.group("topics.category_id")
|
||||
.visible.to_sql
|
||||
|
||||
Category.exec_sql <<SQL
|
||||
Category.exec_sql <<-SQL
|
||||
UPDATE categories c
|
||||
SET topic_count = x.topic_count,
|
||||
post_count = x.post_count
|
||||
FROM (#{topics_with_post_count}) x
|
||||
WHERE x.category_id = c.id AND
|
||||
(c.topic_count <> x.topic_count OR c.post_count <> x.post_count)
|
||||
|
||||
SET topic_count = x.topic_count,
|
||||
post_count = x.post_count
|
||||
FROM (#{topics_with_post_count}) x
|
||||
WHERE x.category_id = c.id
|
||||
AND (c.topic_count <> x.topic_count OR c.post_count <> x.post_count)
|
||||
SQL
|
||||
|
||||
# Yes, there are a lot of queries happening below.
|
||||
|
|
|
@ -78,6 +78,10 @@ class Guardian
|
|||
)
|
||||
end
|
||||
|
||||
def is_staged?
|
||||
@user.staged?
|
||||
end
|
||||
|
||||
# Can the user see the object?
|
||||
def can_see?(obj)
|
||||
if obj
|
||||
|
|
|
@ -76,7 +76,6 @@ module PostGuardian
|
|||
|
||||
# Creating Method
|
||||
def can_create_post?(parent)
|
||||
|
||||
(!SpamRule::AutoBlock.block?(@user) || (!!parent.try(:private_message?) && parent.allowed_users.include?(@user))) && (
|
||||
!parent ||
|
||||
!parent.category ||
|
||||
|
|
|
@ -107,8 +107,9 @@ describe Email::Receiver do
|
|||
context "reply" do
|
||||
|
||||
let(:reply_key) { "4f97315cc828096c9cb34c6f1a0d6fe8" }
|
||||
let(:category) { Fabricate(:category) }
|
||||
let(:user) { Fabricate(:user, email: "discourse@bar.com") }
|
||||
let(:topic) { create_topic(user: user) }
|
||||
let(:topic) { create_topic(category: category, user: user) }
|
||||
let(:post) { create_post(topic: topic, user: user) }
|
||||
let!(:email_log) { Fabricate(:email_log, reply_key: reply_key, user: user, topic: topic, post: post) }
|
||||
|
||||
|
@ -214,6 +215,17 @@ describe Email::Receiver do
|
|||
expect { process(:auto_generated_unblocked) }.to change { topic.posts.count }
|
||||
end
|
||||
|
||||
it "allows staged users to reply to a restricted category" do
|
||||
user.update_columns(staged: true)
|
||||
|
||||
category.email_in = "category@bar.com"
|
||||
category.email_in_allow_strangers = true
|
||||
category.set_permissions(Group[:trust_level_4] => :full)
|
||||
category.save
|
||||
|
||||
expect { process(:staged_reply_restricted) }.to change { topic.posts.count }
|
||||
end
|
||||
|
||||
describe 'Unsubscribing via email' do
|
||||
let(:last_email) { ActionMailer::Base.deliveries.last }
|
||||
|
||||
|
|
9
spec/fixtures/emails/staged_reply_restricted.eml
vendored
Normal file
9
spec/fixtures/emails/staged_reply_restricted.eml
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
Return-Path: <discourse@bar.com>
|
||||
From: Foo Bar <discourse@bar.com>
|
||||
To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
|
||||
Date: Fri, 15 Jun 2016 00:12:43 +0100
|
||||
Message-ID: <54@foo.bar.mail>
|
||||
Mime-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
|
||||
This is a reply from a staged user in a topic in a restricted category.
|
Loading…
Reference in a new issue