From e29fe77b4578c67e6d719e87e56833342797d7af Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 12 Oct 2015 11:15:38 +1100 Subject: [PATCH] FEATURE: make trust level for message sending configurable - add min_trust_to_send_messages site setting (default 1) to allow admins to configure when messages can be sent between members --- config/locales/server.en.yml | 4 +++- config/site_settings.yml | 3 +++ lib/guardian.rb | 2 +- lib/guardian/post_guardian.rb | 2 +- spec/components/guardian_spec.rb | 20 +++++++++++++++++--- 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 0550f303e..6a77f12a0 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -837,7 +837,7 @@ en: summary_percent_filter: "When a user clicks 'Summarize This Topic', show the top % of posts" summary_max_results: "Maximum posts returned by 'Summary This Topic'" - enable_private_messages: "Allow trust level 1 users to create messages and reply to messages" + enable_private_messages: "Allow trust level 1 (configurable via min trust level to send messages) users to create messages and reply to messages" enable_long_polling: "Message bus used for notification can use long polling" long_polling_base_url: "Base URL used for long polling (when a CDN is serving dynamic content, be sure to set this to origin pull) eg: http://origin.site.com" @@ -1035,6 +1035,8 @@ en: min_trust_to_edit_wiki_post: "The minimum trust level required to edit post marked as wiki." + min_trust_to_send_messages: "The minimum trust level required to create new private messages." + newuser_max_links: "How many links a new user can add to a post." newuser_max_images: "How many images a new user can add to a post." newuser_max_attachments: "How many attachments a new user can add to a post." diff --git a/config/site_settings.yml b/config/site_settings.yml index 20addc4b4..0497d5d49 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -607,6 +607,9 @@ trust: min_trust_to_edit_wiki_post: default: 1 enum: 'TrustLevelSetting' + min_trust_to_send_messages: + default: 1 + enum: 'TrustLevelSetting' tl1_requires_topics_entered: 5 tl1_requires_read_posts: default: 30 diff --git a/lib/guardian.rb b/lib/guardian.rb index 6cc1e9e3f..3896a02c1 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -250,7 +250,7 @@ class Guardian # Can't send message to yourself is_not_me?(target) && # Have to be a basic level at least - @user.has_trust_level?(TrustLevel[1]) && + @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) && # PMs are enabled (SiteSetting.enable_private_messages || @user.username == SiteSetting.site_contact_username || diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb index d668803ab..2933cf194 100644 --- a/lib/guardian/post_guardian.rb +++ b/lib/guardian/post_guardian.rb @@ -30,7 +30,7 @@ module PostGuardian not(action_key == :like && is_my_own?(post)) && # new users can't notify_user because they are not allowed to send private messages - not(action_key == :notify_user && !@user.has_trust_level?(TrustLevel[1])) && + not(action_key == :notify_user && !@user.has_trust_level?(SiteSetting.min_trust_to_send_messages)) && # can't send private messages if they're disabled globally not(action_key == :notify_user && !SiteSetting.enable_private_messages) && diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 66430c8f8..92318aada 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -63,12 +63,20 @@ describe Guardian do end it "returns false for notify_user if private messages are disabled" do - SiteSetting.stubs(:enable_private_messages).returns(false) + SiteSetting.enable_private_messages = false user.trust_level = TrustLevel[2] expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_falsey end + it "returns false for notify_user if private messages are enabled but threshold not met" do + SiteSetting.enable_private_messages = true + SiteSetting.min_trust_to_send_messages = 2 + user.trust_level = TrustLevel[1] + expect(Guardian.new(user).post_can_act?(post, :notify_user)).to be_falsey + expect(Guardian.new(user).post_can_act?(post, :notify_moderators)).to be_truthy + end + describe "trust levels" do it "returns true for a new user liking something" do user.trust_level = TrustLevel[0] @@ -148,15 +156,21 @@ describe Guardian do expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy end + it "disallows pms to other users if trust level is not met" do + SiteSetting.min_trust_to_send_messages = TrustLevel[2] + user.trust_level = TrustLevel[1] + expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey + end + context "enable_private_messages is false" do - before { SiteSetting.stubs(:enable_private_messages).returns(false) } + before { SiteSetting.enable_private_messages = false } it "returns false if user is not the contact user" do expect(Guardian.new(user).can_send_private_message?(another_user)).to be_falsey end it "returns true for the contact user and system user" do - SiteSetting.stubs(:site_contact_username).returns(user.username) + SiteSetting.site_contact_username = user.username expect(Guardian.new(user).can_send_private_message?(another_user)).to be_truthy expect(Guardian.new(Discourse.system_user).can_send_private_message?(another_user)).to be_truthy end