mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 09:36:19 -05:00
FIX: Permission issues when editing topics
If a user can't create a topic in a category, they should'be be able to edit topics.
This commit is contained in:
parent
886cd41b15
commit
f9069c350f
2 changed files with 10 additions and 2 deletions
|
@ -29,7 +29,9 @@ module TopicGuardian
|
|||
def can_edit_topic?(topic)
|
||||
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
|
||||
return false unless can_see?(topic)
|
||||
return true if is_staff? || (!topic.private_message? && user.has_trust_level?(TrustLevel[3]))
|
||||
return true if is_staff?
|
||||
return true if (!topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic))
|
||||
|
||||
return false if topic.archived
|
||||
is_my_own?(topic) && !topic.edit_time_limit_expired?
|
||||
end
|
||||
|
|
|
@ -530,7 +530,6 @@ describe Guardian do
|
|||
category.save
|
||||
|
||||
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
|
||||
|
||||
end
|
||||
|
||||
it "is false when not logged in" do
|
||||
|
@ -889,6 +888,13 @@ describe Guardian do
|
|||
it 'returns true at trust level 3' do
|
||||
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true)
|
||||
end
|
||||
|
||||
it "returns false when the category is read only" do
|
||||
topic.category.set_permissions(everyone: :readonly)
|
||||
topic.category.save
|
||||
|
||||
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'private message' do
|
||||
|
|
Loading…
Reference in a new issue