FIX: Permission issues when editing topics

If a user can't create a topic in a category, they should'be be
able to edit topics.
This commit is contained in:
Robin Ward 2015-04-30 17:03:51 -04:00
parent 886cd41b15
commit f9069c350f
2 changed files with 10 additions and 2 deletions

View file

@ -29,7 +29,9 @@ module TopicGuardian
def can_edit_topic?(topic)
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
return false unless can_see?(topic)
return true if is_staff? || (!topic.private_message? && user.has_trust_level?(TrustLevel[3]))
return true if is_staff?
return true if (!topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic))
return false if topic.archived
is_my_own?(topic) && !topic.edit_time_limit_expired?
end

View file

@ -530,7 +530,6 @@ describe Guardian do
category.save
expect(Guardian.new(topic.user).can_create?(Post, topic)).to be_falsey
end
it "is false when not logged in" do
@ -889,6 +888,13 @@ describe Guardian do
it 'returns true at trust level 3' do
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true)
end
it "returns false when the category is read only" do
topic.category.set_permissions(everyone: :readonly)
topic.category.save
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
end
end
context 'private message' do