Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/lib/guardian/topic_guardian.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

281 lines
9.1 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-02 18:17:27 -04:00
# frozen_string_literal: true
DEV: Correct typos and spelling mistakes (#12812) Over the years we accrued many spelling mistakes in the code base. This PR attempts to fix spelling mistakes and typos in all areas of the code that are extremely safe to change - comments - test descriptions - other low risk areas
2021-05-20 21:43:47 -04:00
#mixin for all guardian methods dealing with topic permissions
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
module TopicGuardian
FEATURE: Allow user to leave a PM.
2017-10-10 04:26:56 -04:00
def can_remove_allowed_users?(topic, target_user = nil)
is_staff? ||
FIX: Guardian#can_remove_allowed_users? shouldn't break for ownerless topics A topic can outlive its original author. TopicGuardian should still work in this situation.
2020-06-19 05:04:05 -04:00
(topic.user == @user && @user.has_trust_level?(TrustLevel[2])) ||
FEATURE: Allow user to leave a PM.
2017-10-10 04:26:56 -04:00
(
topic.allowed_users.count > 1 &&
topic.user != target_user &&
!!(target_user && user == target_user)
)
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
FEATURE: Flag count in post menu This change shows a notification number besides the flag icon in the post menu if there is reviewable content associated with the post. Additionally, if there is pending stuff to review, the icon has a red background. We have also removed the list of links below a post with the flag status. A reviewer is meant to click the number beside the flag icon to view the flags. As a consequence of losing those links, we've removed the ability to undo or ignore flags below a post.
2019-05-03 14:26:37 -04:00
def can_review_topic?(topic)
return false if anonymous? || topic.nil?
return true if is_staff?
FIX: Hide a post's pending flag count from TL4 users. (#13129) They can't see the review queue, so there's no reason to show a button with the post's pending flag count in the post controls.
2021-05-25 22:58:00 -04:00
is_category_group_moderator?(topic.category)
end
def can_moderate_topic?(topic)
return false if anonymous? || topic.nil?
return true if is_staff?
FEATURE: TL4 & category moderators can merge posts (#12843) This gives TL4 users and category moderators the ability to merge posts in topics they have moderation privileges.
2021-04-27 12:24:27 -04:00
can_perform_action_available_to_group_moderators?(topic)
FEATURE: Flag count in post menu This change shows a notification number besides the flag icon in the post menu if there is reviewable content associated with the post. Additionally, if there is pending stuff to review, the icon has a red background. We have also removed the list of links below a post with the flag status. A reviewer is meant to click the number beside the flag icon to view the flags. As a consequence of losing those links, we've removed the ability to undo or ignore flags below a post.
2019-05-03 14:26:37 -04:00
end
FEATURE: Shared Drafts This feature can be enabled by choosing a destination for the `shared drafts category` site setting. * Staff members can create shared drafts, choosing a destination category for the topic when it is published. * Shared Drafts can be viewed in their category, or above the topic list for the destination category where it will end up. * When the shared draft is ready, it can be published to the appropriate category by clicking a button on the topic view. * When published, Drafts change their timestamps to the current time, and any edits to the original post are removed.
2018-03-13 15:59:12 -04:00
def can_create_shared_draft?
FIX: Existing shared drafts should be accessible (#11915) Disabling shared drafts used to leave topics in an inconsistent state where they were not displayed as shared drafts and thus there was no way of publishing them. Moreover, they were accessible just to users who have permissions to create shared drafts. This commit adds another permission check that is used for most operations and the old can_create_shared_draft? remains used just when creating a new shared draft.
2021-02-01 09:16:34 -05:00
SiteSetting.shared_drafts_enabled? && can_see_shared_draft?
end
FEATURE: Non-staff users can use shared drafts. (#11329) You can let non-staff users use shared drafts by modifying the `shared_drafts_min_trust_level` site setting. These users must have access to the shared draft category.
2020-12-03 09:07:57 -05:00
FIX: Existing shared drafts should be accessible (#11915) Disabling shared drafts used to leave topics in an inconsistent state where they were not displayed as shared drafts and thus there was no way of publishing them. Moreover, they were accessible just to users who have permissions to create shared drafts. This commit adds another permission check that is used for most operations and the old can_create_shared_draft? remains used just when creating a new shared draft.
2021-02-01 09:16:34 -05:00
def can_see_shared_draft?
DEV: Reuse code for TrustLevelAndStaffSetting (#15044) The code that checked this permission was duplicated everytime a new settings of this type was added. This commit changes the behavior of some functionality because some feature checks were bypassed for staff members.
2021-11-22 13:18:53 -05:00
@user.has_trust_level_or_staff?(SiteSetting.shared_drafts_min_trust_level)
FEATURE: Shared Drafts This feature can be enabled by choosing a destination for the `shared drafts category` site setting. * Staff members can create shared drafts, choosing a destination category for the topic when it is published. * Shared Drafts can be viewed in their category, or above the topic list for the destination category where it will end up. * When the shared draft is ready, it can be published to the appropriate category by clicking a button on the topic view. * When published, Drafts change their timestamps to the current time, and any edits to the original post are removed.
2018-03-13 15:59:12 -04:00
end
FIX: return an error if a user tries to whisper This commit fixes a bug where a user creates a whisper post via the api but is posted as a regular message because they don't have access to whisper. Now a 403 unauthorized will be returned instead of the whisper param just being ignored for regular users. Staff users should not be affected by this change. https://meta.discourse.org/t/a-whisper-is-posted-as-a-message-if-the-user-is-not-staff-moderator-admin-when-using-the-api/116601
2019-05-07 13:34:15 -04:00
def can_create_whisper?
FEATURE: whispers available for groups (#17170) Before, whispers were only available for staff members. Config has been changed to allow to configure privileged groups with access to whispers. Post migration was added to move from the old setting into the new one. I considered having a boolean column `whisperer` on user model similar to `admin/moderator` for performance reason. Finally, I decided to keep looking for groups as queries are only done for current user and didn't notice any N+1 queries.
2022-06-29 20:18:12 -04:00
@user.whisperer?
FIX: return an error if a user tries to whisper This commit fixes a bug where a user creates a whisper post via the api but is posted as a regular message because they don't have access to whisper. Now a 403 unauthorized will be returned instead of the whisper param just being ignored for regular users. Staff users should not be affected by this change. https://meta.discourse.org/t/a-whisper-is-posted-as-a-message-if-the-user-is-not-staff-moderator-admin-when-using-the-api/116601
2019-05-07 13:34:15 -04:00
end
FEATURE: whispers available for groups (#17170) Before, whispers were only available for staff members. Config has been changed to allow to configure privileged groups with access to whispers. Post migration was added to move from the old setting into the new one. I considered having a boolean column `whisperer` on user model similar to `admin/moderator` for performance reason. Finally, I decided to keep looking for groups as queries are only done for current user and didn't notice any N+1 queries.
2022-06-29 20:18:12 -04:00
def can_see_whispers?(_topic = nil)
@user.whisperer?
PERF: topic_view participant post count: don't send back ID list (#10210) On large topics, the cost of sending the entire post ID list back over to the database is signficant. Just have the DB recalculate the list of visible posts instead.
2020-07-13 21:42:09 -04:00
end
FEATURE: Shared Drafts This feature can be enabled by choosing a destination for the `shared drafts category` site setting. * Staff members can create shared drafts, choosing a destination category for the topic when it is published. * Shared Drafts can be viewed in their category, or above the topic list for the destination category where it will end up. * When the shared draft is ready, it can be published to the appropriate category by clicking a button on the topic view. * When published, Drafts change their timestamps to the current time, and any edits to the original post are removed.
2018-03-13 15:59:12 -04:00
def can_publish_topic?(topic, category)
FIX: Existing shared drafts should be accessible (#11915) Disabling shared drafts used to leave topics in an inconsistent state where they were not displayed as shared drafts and thus there was no way of publishing them. Moreover, they were accessible just to users who have permissions to create shared drafts. This commit adds another permission check that is used for most operations and the old can_create_shared_draft? remains used just when creating a new shared draft.
2021-02-01 09:16:34 -05:00
can_see_shared_draft? && can_see?(topic) && can_create_topic_on_category?(category)
FEATURE: Shared Drafts This feature can be enabled by choosing a destination for the `shared drafts category` site setting. * Staff members can create shared drafts, choosing a destination category for the topic when it is published. * Shared Drafts can be viewed in their category, or above the topic list for the destination category where it will end up. * When the shared draft is ready, it can be published to the appropriate category by clicking a button on the topic view. * When published, Drafts change their timestamps to the current time, and any edits to the original post are removed.
2018-03-13 15:59:12 -04:00
end
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
# Creating Methods
def can_create_topic?(parent)
Moderators should always be able to create topics too
2014-06-09 15:21:01 -04:00
is_staff? ||
FIX: admins should be able to create topics, even if min_trust_to_create_topic is higher than their trust level
2014-06-09 11:03:10 -04:00
(user &&
user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
FIX: do not allow creation of topic if there is no category available for posting (#7786)
2019-06-26 07:02:53 -04:00
can_create_post?(parent) &&
Category.topic_create_allowed(self).limit(1).count == 1)
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
def can_create_topic_on_category?(category)
SECURITY: ensure users have permission when moving categories
2018-03-01 20:13:04 -05:00
# allow for category to be a number as well
FIX: Couldn't move a topic into the uncategorized category.
2018-03-12 22:20:47 -04:00
category_id = Category === category ? category.id : category
SECURITY: ensure users have permission when moving categories
2018-03-01 20:13:04 -05:00
BUGFIX: make the system_user an elder (TL=4) Otherwise it won't be able to create topic when the `min_trust_to_create_topic` is > 0
2014-01-21 09:21:38 -05:00
can_create_topic?(nil) &&
SECURITY: ensure users have permission when moving categories
2018-03-01 20:13:04 -05:00
(!category || Category.topic_create_allowed(self).where(id: category_id).count == 1)
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
FEATURE: per-category approval settings (#5778) - disallow moving topics to a category that requires topic approval
2018-07-12 22:51:08 -04:00
def can_move_topic_to_category?(category)
category = Category === category ? category : Category.find(category || SiteSetting.uncategorized_category_id)
is_staff? || (can_create_topic_on_category?(category) && !category.require_topic_approval?)
end
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
def can_create_post_on_topic?(topic)
# No users can create posts on deleted topics
FIX: Don't enqueue posts if the user can't create them (ex: closed)
2016-09-09 12:15:56 -04:00
return false if topic.blank?
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
return false if topic.trashed?
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
return true if is_admin?
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
Allows mod posts to be created for category group moderators on closed/archived topics (#10399)
2020-08-10 15:21:01 -04:00
trusted = (authenticated? && user.has_trust_level?(TrustLevel[4])) || is_moderator? || can_perform_action_available_to_group_moderators?(topic)
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
(!(topic.closed? || topic.archived?) || trusted) && can_create_post?(topic)
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
# Editing Method
def can_edit_topic?(topic)
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:02 -04:00
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
FIX: People could retitle restricted topics Sort of a security fix but not really
2015-02-26 00:08:52 -05:00
return false unless can_see?(topic)
FIX: Respect the cooldown window when editing a flagged topic. (#16046) When staff decides to hide a flagged post, and it's the first post on the topic, the post owner shouldn't be able to edit either of them until the cooldown finishes. Edit either of them automatically, unhides the post, and makes the topic visible when there's a flag involved. Reported on meta: https://meta.discourse.org/t/users-can-edit-flagged-topic-title-when-they-should-not-be-able-to/217796
2022-02-25 09:09:31 -05:00
first_post = topic.first_post
return false if first_post&.locked? && !is_staff?
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
return true if is_admin?
return true if is_moderator? && can_create_post?(topic)
FEATURE: Allow Category Group Moderators to edit topic titles (#11340) * FEATURE: Allow Category Group Moderators to edit topic titles Adds category group moderators to the topic guardian’s `can_edit` method. The value of `can_edit` is returned by the topic view serializer, and this value determines whether the current user can edit the title/category/tags of the topic directly (which category group moderators could already do by editing the first post of a topic). Note that the value of `can_edit` is now always returned by the topic view serializer (ie, for both true and false values) to cover the case where a topic is moved out of a category that a category group moderator has permissions on, so that when the topic is reloaded the UI picks up that `can_edit` is now false, and thus the edit icon should no longer be displayed. * DEV: Add a comment explaining why `can_edit` is always returned
2020-12-02 17:21:59 -05:00
return true if is_category_group_moderator?(topic.category)
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so
2016-06-01 15:41:56 -04:00
# can't edit topics in secured categories where you don't have permission to create topics
DEV: correct edge case introduced in 333b5a19 We need to allow users to edit uncategorized topics out of uncategorized when for some reason admin just turns it off.
2019-06-26 03:53:29 -04:00
# except for a tiny edge case where the topic is uncategorized and you are trying
# to fix it but uncategorized is disabled
if (
SiteSetting.allow_uncategorized_topics ||
topic.category_id != SiteSetting.uncategorized_category_id
)
return false if !can_create_topic_on_category?(topic.category)
end
FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so
2016-06-01 15:41:56 -04:00
FEATURE: Non-staff users can use shared drafts. (#11329) You can let non-staff users use shared drafts by modifying the `shared_drafts_min_trust_level` site setting. These users must have access to the shared draft category.
2020-12-03 09:07:57 -05:00
# Editing a shared draft.
return true if (
!topic.archived &&
!topic.private_message? &&
topic.category_id == SiteSetting.shared_drafts_category.to_i &&
can_see_category?(topic.category) &&
FIX: Existing shared drafts should be accessible (#11915) Disabling shared drafts used to leave topics in an inconsistent state where they were not displayed as shared drafts and thus there was no way of publishing them. Moreover, they were accessible just to users who have permissions to create shared drafts. This commit adds another permission check that is used for most operations and the old can_create_shared_draft? remains used just when creating a new shared draft.
2021-02-01 09:16:34 -05:00
can_see_shared_draft? &&
FEATURE: Non-staff users can use shared drafts. (#11329) You can let non-staff users use shared drafts by modifying the `shared_drafts_min_trust_level` site setting. These users must have access to the shared draft category.
2020-12-03 09:07:57 -05:00
can_create_post?(topic)
)
FIX: TL3 users should not be able to edit title of archived topics
2016-01-28 14:05:56 -05:00
# TL4 users can edit archived topics, but can not edit private messages
New site setting `trusted_users_can_edit_others` The default is true to keep with previous discourse behavior. If disabled, high trust level users cannot edit the topics or posts of other users.
2018-02-22 20:39:24 -05:00
return true if (
SiteSetting.trusted_users_can_edit_others? &&
topic.archived &&
!topic.private_message? &&
user.has_trust_level?(TrustLevel[4]) &&
can_create_post?(topic)
)
FIX: restrict moderators from creating/editing topics in readonly categories In the past moderators had blanket access to all categories they were allowed to see. This tightens down the restriction.
2016-04-13 01:59:38 -04:00
FIX: TL3 users should not be able to edit title of archived topics
2016-01-28 14:05:56 -05:00
# TL3 users can not edit archived topics and private messages
New site setting `trusted_users_can_edit_others` The default is true to keep with previous discourse behavior. If disabled, high trust level users cannot edit the topics or posts of other users.
2018-02-22 20:39:24 -05:00
return true if (
SiteSetting.trusted_users_can_edit_others? &&
!topic.archived &&
!topic.private_message? &&
user.has_trust_level?(TrustLevel[3]) &&
can_create_post?(topic)
)
FIX: Permission issues when editing topics If a user can't create a topic in a category, they should'be be able to edit topics.
2015-04-30 17:03:51 -04:00
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:44:58 -04:00
return false if topic.archived
FIX: Respect the cooldown window when editing a flagged topic. (#16046) When staff decides to hide a flagged post, and it's the first post on the topic, the post owner shouldn't be able to edit either of them until the cooldown finishes. Edit either of them automatically, unhides the post, and makes the topic visible when there's a flag involved. Reported on meta: https://meta.discourse.org/t/users-can-edit-flagged-topic-title-when-they-should-not-be-able-to/217796
2022-02-25 09:09:31 -05:00
FIX: Don't allow users to edit topic information when the OP is locked see: https://meta.discourse.org/t/user-able-to-edit-title-of-locked-post/104826
2019-06-18 14:22:38 -04:00
is_my_own?(topic) &&
FEATURE: New post editing period for >= tl2 users (#8070) * FEATURE: Add tl2 threshold for editing new posts * Adds a new setting and for tl2 editing posts (30 days same as old value) * Sets the tl0/tl1 editing period as 1 day * FIX: Spec uses wrong setting * Fix site setting on guardian spec * FIX: post editing period specs * Avoid shared examples * Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
!topic.edit_time_limit_expired?(user) &&
FIX: Respect the cooldown window when editing a flagged topic. (#16046) When staff decides to hide a flagged post, and it's the first post on the topic, the post owner shouldn't be able to edit either of them until the cooldown finishes. Edit either of them automatically, unhides the post, and makes the topic visible when there's a flag involved. Reported on meta: https://meta.discourse.org/t/users-can-edit-flagged-topic-title-when-they-should-not-be-able-to/217796
2022-02-25 09:09:31 -05:00
!first_post&.locked? &&
(!first_post&.hidden? || can_edit_hidden_post?(first_post))
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
def can_recover_topic?(topic)
FEATURE: Allow category group moderators to delete topics (#11069) * FEATURE - allow category group moderators to delete topics * Allow individual posts to be deleted * DEV - refactor for new `can_moderate_topic?` method
2020-11-05 12:18:26 -05:00
if is_staff? || (topic&.category && is_category_group_moderator?(topic.category))
FIX: Recovered posts with no user will be taken over by system user (#8834)
2020-02-06 03:19:04 -05:00
!!(topic && topic.deleted_at)
FEATURE: Let users delete their own topics. (#7267)
2019-03-29 12:10:05 -04:00
else
topic && can_recover_post?(topic.ordered_posts.first)
end
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
def can_delete_topic?(topic)
!topic.trashed? &&
FEATURE: Allow category group moderators to delete topics (#11069) * FEATURE - allow category group moderators to delete topics * Allow individual posts to be deleted * DEV - refactor for new `can_moderate_topic?` method
2020-11-05 12:18:26 -05:00
(is_staff? || (is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at && topic.created_at > 24.hours.ago) || is_category_group_moderator?(topic.category)) &&
FEATURE: Let users delete their own topics. (#7267)
2019-03-29 12:10:05 -04:00
!topic.is_category_topic? &&
Prevent deleting the static page doc topics
2014-08-13 17:02:44 -04:00
!Discourse.static_doc_topic_ids.include?(topic.id)
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
FEATURE: Allow admins to permanently delete posts and topics (#14406) Sometimes administrators want to permanently delete posts and topics from the database. To make sure that this is done for a good reasons, administrators can do this only after one minute has passed since the post was deleted or immediately if another administrator does it.
2021-10-13 05:53:23 -04:00
def can_permanently_delete_topic?(topic)
return false if !SiteSetting.can_permanently_delete
return false if !topic
FIX: Destroy all posts when hard deleting topic (#17359) Hard deleting topics that contained soft deleted posts or small actions used to create orphan posts because only the first post was hard deleted. This commit adds an error message if there are still posts left in the topic that must be hard deleted first or hard deletes all small actions too immediately (there is no other way of hard deleting a small action because there is no wrench menu).
2022-08-10 05:11:50 -04:00
# Ensure that all posts (including small actions) are at least soft
# deleted.
FIX: Show right message when permanently deleting topic (#14717)
2021-10-26 11:31:15 -04:00
return false if topic.posts_count > 0
FIX: Destroy all posts when hard deleting topic (#17359) Hard deleting topics that contained soft deleted posts or small actions used to create orphan posts because only the first post was hard deleted. This commit adds an error message if there are still posts left in the topic that must be hard deleted first or hard deletes all small actions too immediately (there is no other way of hard deleting a small action because there is no wrench menu).
2022-08-10 05:11:50 -04:00
# All other posts that were deleted still must be permanently deleted
# before the topic can be deleted with the exception of small action
# posts that will be deleted right before the topic is.
all_posts_count = Post.with_deleted
.where(topic_id: topic.id)
.where(post_type: [Post.types[:regular], Post.types[:moderator_action], Post.types[:whisper]])
.count
return false if all_posts_count > 1
FEATURE: Allow admins to permanently delete posts and topics (#14406) Sometimes administrators want to permanently delete posts and topics from the database. To make sure that this is done for a good reasons, administrators can do this only after one minute has passed since the post was deleted or immediately if another administrator does it.
2021-10-13 05:53:23 -04:00
return false if !is_admin? || !can_see_topic?(topic)
return false if !topic.deleted_at
return false if topic.deleted_by_id == @user.id && topic.deleted_at >= Post::PERMANENT_DELETE_TIMER.ago
true
end
FEATURE: Allow category group moderators to list/unlist topics (#11470) * FEATURE: Allow categroy group moderators to list/unlist topics If enabled via SiteSettings, a user belonging to a group which has been granted category group moderator privileges should be able to list/unlist topics belonging to the appropraite category.
2020-12-14 11:01:22 -05:00
def can_toggle_topic_visibility?(topic)
can_moderate?(topic) || can_perform_action_available_to_group_moderators?(topic)
end
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-01 07:48:43 -04:00
def can_convert_topic?(topic)
DEV: Remove usages of enable_personal_messages (#18437) cf. e62e93f83a77adfa80b38fbfecf82bbee14e12fe This PR also makes it so `bot` (negative ID) and `system` users are always allowed to send PMs, since the old conditional was just based on `enable_personal_messages`
2022-10-04 20:50:20 -04:00
return false unless @user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)
Don't allow category definition topics to be converted to PMs (#5216)
2017-10-02 04:04:58 -04:00
return false if topic.blank?
PERF: Avoid running the same query twice in `TopicViewSerializer#details`.
2018-05-24 04:41:51 -04:00
return false if topic.trashed?
return false if topic.is_category_topic?
FEATURE: allow moderators to convert a private message to public topic or vice versa
2016-05-04 12:29:56 -04:00
return true if is_admin?
is_moderator? && can_create_post?(topic)
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-01 07:48:43 -04:00
end
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
def can_reply_as_new_topic?(topic)
FEATURE: reply as new message to the same recipients
2016-11-29 12:59:42 -05:00
authenticated? && topic && @user.has_trust_level?(TrustLevel[1])
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
FEATURE: Allow category group moderators to delete topics (#11069) * FEATURE - allow category group moderators to delete topics * Allow individual posts to be deleted * DEV - refactor for new `can_moderate_topic?` method
2020-11-05 12:18:26 -05:00
def can_see_deleted_topics?(category)
is_staff? || is_category_group_moderator?(category)
FEATURE: Hide deleted posts by default for staff
2014-07-15 17:02:43 -04:00
end
small topic/category guardians refactor
2016-06-27 08:36:57 -04:00
def can_see_topic?(topic, hide_deleted = true)
BUGFIX: could not see the revisions of a post in a deleted topic
2014-05-12 10:30:10 -04:00
return false unless topic
FIX: moderators can't see private topics that they aren't invited to see.
2014-05-12 15:26:36 -04:00
return true if is_admin?
FEATURE: Allow category group moderators to delete topics (#11069) * FEATURE - allow category group moderators to delete topics * Allow individual posts to be deleted * DEV - refactor for new `can_moderate_topic?` method
2020-11-05 12:18:26 -05:00
return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?(topic.category)
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
FIX: logic for can_see_topic?
2014-08-05 00:37:28 -04:00
if topic.private_message?
small topic/category guardians refactor
2016-06-27 08:36:57 -04:00
return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?
FIX: logic for can_see_topic?
2014-08-05 00:37:28 -04:00
end
FIX: Existing shared drafts should be accessible (#11915) Disabling shared drafts used to leave topics in an inconsistent state where they were not displayed as shared drafts and thus there was no way of publishing them. Moreover, they were accessible just to users who have permissions to create shared drafts. This commit adds another permission check that is used for most operations and the old can_create_shared_draft? remains used just when creating a new shared draft.
2021-02-01 09:16:34 -05:00
return false if topic.shared_draft && !can_see_shared_draft?
FIX: Users without shared drafts access can still have access to the category. (#11476) This is an edge-case of 9fb3629. An admin could set the shared draft category to one where both TL2 and TL3 users have access but only give shared draft access to TL3 users. If something like this happens, we need to make sure that TL2 users won't be able to see them, and they won't be listed on latest. Before this change, `SharedDrafts` were lazily created when a destination category was selected. We now create it alongside the topic and set the destination to the same shared draft category.
2020-12-14 14:08:20 -05:00
Merge pull request from GHSA-569c-22ff-pj3x
2020-01-16 13:17:16 -05:00
category = topic.category
can_see_category?(category) &&
FIX: Notify staged users about private categories (#8765) group membership and `CategoryUser` notification level should be respected to determine whether to notify staged users about activity in private categories, instead of only ever generating notifications for staged users' own topics (which has been the behaviour since 0c4ac2a7bc726176b1d76b98f789a35e5d1bddfc)
2020-01-22 14:33:25 -05:00
(!category.read_restricted || !is_staged? || secure_category_ids.include?(category.id) || topic.user == user)
Easier helper for filtering secured categories
2015-02-12 11:52:59 -05:00
end
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
FEATURE: opt-in guidance on topics for users without access (#7852) Co-Authored-By: majakomel <maja.komel@gmail.com> Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 04:12:39 -04:00
def can_get_access_to_topic?(topic)
topic&.access_topic_via_group.present? && authenticated?
end
Easier helper for filtering secured categories
2015-02-12 11:52:59 -05:00
def filter_allowed_categories(records)
unless is_admin?
FEATURE: TL4 & category moderators can merge posts (#12843) This gives TL4 users and category moderators the ability to merge posts in topics they have moderation privileges.
2021-04-27 12:24:27 -04:00
records = allowed_category_ids.size == 0 ?
records.where('topics.category_id IS NULL') :
records.where('topics.category_id IS NULL or topics.category_id IN (?)', allowed_category_ids)
Easier helper for filtering secured categories
2015-02-12 11:52:59 -05:00
records = records.references(:categories)
end
records
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-09 18:25:14 -05:00
end
Easier helper for filtering secured categories
2015-02-12 11:52:59 -05:00
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
def can_edit_featured_link?(category_id)
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-15 17:46:43 -05:00
return false unless SiteSetting.topic_featured_link_enabled
FEATURE: Disallow putting urls in the title for TL-0 users (#13947) This disallows putting URLs in topic titles for TL0 users, which means that: If a TL-0 user puts a link into the title, a topic featured link won't be generated (as if it was disabled in the site settings) Server methods for creating and updating topics will be refusing featured links when they are called by TL-0 users TL-0 users won't be able to put any link into the topic title. For example, the title "Hey, take a look at https://my-site.com" will be rejected. Also, it improves a bit server behavior when creating or updating feature links on topics in the categories with disabled featured links. Before the server just silently ignored a featured link field that was passed to him, now it will be returning 422 response.
2021-08-05 05:38:39 -04:00
return false unless @user.trust_level >= TrustLevel.levels[:basic]
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
Category.where(id: category_id || SiteSetting.uncategorized_category_id, topic_featured_link_allowed: true).exists?
FEATURE: Allow posting a link with topics
2016-12-05 07:31:43 -05:00
end
FEATURE: Add "Reset Bump Date" action to topic admin wrench (#6246)
2018-08-09 20:51:03 -04:00
def can_update_bumped_at?
FEATURE: Allow TL4 users to reset bump date
2019-01-02 10:57:05 -05:00
is_staff? || @user.has_trust_level?(TrustLevel[4])
FEATURE: Add "Reset Bump Date" action to topic admin wrench (#6246)
2018-08-09 20:51:03 -04:00
end
FIX: only staff can banner topics
2019-04-02 03:08:15 -04:00
def can_banner_topic?(topic)
FIX: Ensure topic exists before making a banner. (#7781)
2019-06-25 06:49:29 -04:00
topic && authenticated? && !topic.private_message? && is_staff?
FIX: only staff can banner topics
2019-04-02 03:08:15 -04:00
end
FEATURE: wiki editors are allowed edit tags for wiki topics. If a wiki editor's TL is greater than 'min trust level to tag topics' site setting then they can edit the tags for any wiki topic.
2019-10-23 14:05:38 -04:00
def can_edit_tags?(topic)
return false unless can_tag_topics?
return false if topic.private_message? && !can_tag_pms?
return true if can_edit_topic?(topic)
if topic&.first_post&.wiki && (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i)
return can_create_post?(topic)
end
false
end
FEATURE: Allow group moderators to close/archive topics * FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
def can_perform_action_available_to_group_moderators?(topic)
return false if anonymous? || topic.nil?
return true if is_staff?
return true if @user.has_trust_level?(TrustLevel[4])
FEATURE - group modetators visual indicator (#10310)
2020-07-28 17:15:04 -04:00
is_category_group_moderator?(topic.category)
FEATURE: Allow group moderators to close/archive topics * FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
end
alias :can_archive_topic? :can_perform_action_available_to_group_moderators?
alias :can_close_topic? :can_perform_action_available_to_group_moderators?
DEV: Split toggle topic close job (#11679) Splits the `ToggleTopicClosed` job into two distinct `OpenTopic` and `CloseTopic` jobs to make the code clearer. The old job cannot be deleted yet because of outstanding sidekiq schedules, so a todo has been added to do so later this year. Also replaced mentions of `topic_status_update` with `topic_timer` in some files, because the `topic_status_update` model is obsolete and replaced by topic timer. Added some shortcut methods for checking if a topic is open/whether a user can change an open topic.
2021-01-12 17:49:29 -05:00
alias :can_open_topic? :can_perform_action_available_to_group_moderators?
FEATURE - allow category group moderators to split/merge topics (#10351)
2020-08-05 10:33:25 -04:00
alias :can_split_merge_topic? :can_perform_action_available_to_group_moderators?
FEATURE: Allow group moderators to add/remove staff notes (#10252) * FEATURE: Allow group moderators to add/remove staff notes
2020-07-20 15:53:47 -04:00
alias :can_edit_staff_notes? :can_perform_action_available_to_group_moderators?
FEATURE: allow category group moderators to pin/unpin topics (#12325) * FEATURE: allow category group moderators to pin/unpin topics Category group moderators should be able to pin/unpin any topics within a category where they have appropraite category group moderator permissions.
2021-03-09 16:05:11 -05:00
alias :can_pin_unpin_topic? :can_perform_action_available_to_group_moderators?
FEATURE: Allow group moderators to close/archive topics * FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
FEATURE - allow category group moderators to split/merge topics (#10351)
2020-08-05 10:33:25 -04:00
def can_move_posts?(topic)
return false if is_silenced?
can_perform_action_available_to_group_moderators?(topic)
end
FIX: Staff can create and edit posts even if a topic is in slow mode. (#11057) Additionally, ninja edits are no longer restricted.
2020-10-28 15:47:50 -04:00
def affected_by_slow_mode?(topic)
topic&.slow_mode_seconds.to_i > 0 && @user.human? && !is_staff?
end
BUGFIX: make the system_user an elder (TL=4) Otherwise it won't be able to create topic when the `min_trust_to_create_topic` is > 0
2014-01-21 09:21:38 -05:00
end