discourse/discourse-solved
1
0
Fork 0
mirror of https://github.com/discourse/discourse-solved.git synced 2025-03-07 18:29:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
discourse-solved/app/lib/guardian_extensions.rb
Osama Sayegh 77c07edf82
FIX: Don't allow TL4 users to unconditionally accept solutions (#305) 
A while ago the `accept_all_solutions_allowed_groups` setting was introduced to replace the `accept_all_solutions_trust_level` setting and to make the plugin more flexible by allowing admins to choose groups that are allowed to accept solutions instead of trust levels.

The new group-based setting includes the TL4 group by default. However, removing the TL4 group from the setting doesn't actually remove TL4 users permission to accept solution.

The reason for this bug is that the `can_accept_answer?` guardian method calls `can_perform_action_available_to_group_moderators?` which always allows TL4 users to perform category moderator actions:

56524f4bdf/lib/guardian/topic_guardian.rb (L342-L348)

This commit fixes the bug by checking if the user is a moderator on the topic's category (by calling the `is_category_group_moderator?` guardian method) instead of checking if the user can perform category moderator actions. In our case, `is_category_group_moderator?` is equivalent to `can_perform_action_available_to_group_moderators?` except for the TL4 check which is what we need.

Internal topic: t/134675.
2024-08-09 14:59:28 +03:00

37 lines
1.2 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
module DiscourseSolved
module GuardianExtensions
def allow_accepted_answers?(category_id, tag_names = [])
return true if SiteSetting.allow_solved_on_all_topics
if SiteSetting.enable_solved_tags.present? && tag_names.present?
allowed_tags = SiteSetting.enable_solved_tags.split("|")
is_allowed = (tag_names & allowed_tags).present?
return true if is_allowed
end
return false if category_id.blank?
if !::DiscourseSolved::AcceptedAnswerCache.allowed
::DiscourseSolved::AcceptedAnswerCache.reset_accepted_answer_cache
end
::DiscourseSolved::AcceptedAnswerCache.allowed.include?(category_id)
end
def can_accept_answer?(topic, post)
return false if !authenticated?
return false if !topic || !post || post.whisper?
return false if !allow_accepted_answers?(topic.category_id, topic.tags.map(&:name))
return true if is_staff?
if current_user.in_any_groups?(SiteSetting.accept_all_solutions_allowed_groups_map)
return true
end
return true if is_category_group_moderator?(topic.category)
topic.user_id == current_user.id && !topic.closed && SiteSetting.accept_solutions_topic_author
end
end
end
Reference in New Issue View Git Blame Copy Permalink