2014-02-13 11:42:35 -05:00
|
|
|
#mixin for all guardian methods dealing with post permissions
|
2014-05-12 10:30:10 -04:00
|
|
|
module PostGuardian
|
2015-03-31 12:58:56 -04:00
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
# Can the user act on the post in a particular way.
|
|
|
|
# taken_actions = the list of actions the user has already taken
|
2017-09-08 01:07:22 -04:00
|
|
|
def post_can_act?(post, action_key, opts: {}, can_see_post: nil)
|
|
|
|
return false unless (can_see_post.nil? && can_see_post?(post)) || can_see_post
|
2016-12-20 23:01:26 -05:00
|
|
|
|
|
|
|
# no warnings except for staff
|
|
|
|
return false if (action_key == :notify_user && !is_staff? && opts[:is_warning].present? && opts[:is_warning] == 'true')
|
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
taken = opts[:taken_actions].try(:keys).to_a
|
|
|
|
is_flag = PostActionType.is_flag?(action_key)
|
|
|
|
already_taken_this_action = taken.any? && taken.include?(PostActionType.types[action_key])
|
|
|
|
already_did_flagging = taken.any? && (taken & PostActionType.flag_types.values).any?
|
|
|
|
|
2015-04-07 22:29:43 -04:00
|
|
|
result = if authenticated? && post && !@user.anonymous?
|
2014-12-19 16:47:39 -05:00
|
|
|
|
|
|
|
return false if action_key == :notify_moderators && !SiteSetting.enable_private_messages
|
|
|
|
|
2014-03-10 11:48:27 -04:00
|
|
|
# we allow flagging for trust level 1 and higher
|
2015-01-08 10:06:43 -05:00
|
|
|
# always allowed for private messages
|
|
|
|
(is_flag && not(already_did_flagging) && (@user.has_trust_level?(TrustLevel[1]) || post.topic.private_message?)) ||
|
2014-01-09 18:25:14 -05:00
|
|
|
|
|
|
|
# not a flagging action, and haven't done it already
|
|
|
|
not(is_flag || already_taken_this_action) &&
|
|
|
|
|
2014-08-07 13:12:35 -04:00
|
|
|
# nothing except flagging on archived topics
|
2015-02-03 14:51:29 -05:00
|
|
|
not(post.topic.try(:archived?)) &&
|
2014-01-09 18:25:14 -05:00
|
|
|
|
2014-08-07 13:12:35 -04:00
|
|
|
# nothing except flagging on deleted posts
|
|
|
|
not(post.trashed?) &&
|
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
# don't like your own stuff
|
|
|
|
not(action_key == :like && is_my_own?(post)) &&
|
|
|
|
|
2014-03-10 11:48:27 -04:00
|
|
|
# new users can't notify_user because they are not allowed to send private messages
|
2015-10-11 20:15:38 -04:00
|
|
|
not(action_key == :notify_user && !@user.has_trust_level?(SiteSetting.min_trust_to_send_messages)) &&
|
2014-03-10 11:48:27 -04:00
|
|
|
|
2014-12-19 16:47:39 -05:00
|
|
|
# can't send private messages if they're disabled globally
|
|
|
|
not(action_key == :notify_user && !SiteSetting.enable_private_messages) &&
|
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
# no voting more than once on single vote topics
|
|
|
|
not(action_key == :vote && opts[:voted_in_topic] && post.topic.has_meta_data_boolean?(:single_vote))
|
|
|
|
end
|
2015-04-07 22:29:43 -04:00
|
|
|
|
|
|
|
!!result
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
2014-07-28 13:17:37 -04:00
|
|
|
def can_defer_flags?(post)
|
2016-12-20 23:01:26 -05:00
|
|
|
can_see_post?(post) && is_staff? && post
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# Can we see who acted on a post in a particular way?
|
|
|
|
def can_see_post_actors?(topic, post_action_type_id)
|
2014-08-07 13:12:35 -04:00
|
|
|
return true if is_admin?
|
2014-01-09 18:25:14 -05:00
|
|
|
return false unless topic
|
|
|
|
|
|
|
|
type_symbol = PostActionType.types[post_action_type_id]
|
2016-10-19 02:36:35 -04:00
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
return false if type_symbol == :bookmark
|
2016-10-19 02:36:35 -04:00
|
|
|
return false if type_symbol == :notify_user && !is_moderator?
|
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
return can_see_flags?(topic) if PostActionType.is_flag?(type_symbol)
|
|
|
|
|
|
|
|
if type_symbol == :vote
|
|
|
|
# We can see votes if the topic allows for public voting
|
|
|
|
return false if topic.has_meta_data_boolean?(:private_poll)
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_delete_all_posts?(user)
|
2014-07-28 13:17:37 -04:00
|
|
|
is_staff? &&
|
|
|
|
user &&
|
|
|
|
!user.admin? &&
|
|
|
|
(user.first_post_created_at.nil? || user.first_post_created_at >= SiteSetting.delete_user_max_post_age.days.ago) &&
|
|
|
|
user.post_count <= SiteSetting.delete_all_posts_max.to_i
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# Creating Method
|
|
|
|
def can_create_post?(parent)
|
2016-01-22 12:54:18 -05:00
|
|
|
(!SpamRule::AutoBlock.block?(@user) || (!!parent.try(:private_message?) && parent.allowed_users.include?(@user))) && (
|
2014-04-18 12:42:31 -04:00
|
|
|
!parent ||
|
|
|
|
!parent.category ||
|
2017-07-27 21:20:09 -04:00
|
|
|
Category.post_create_allowed(self).where(id: parent.category.id).count == 1
|
2014-01-09 18:25:14 -05:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Editing Method
|
|
|
|
def can_edit_post?(post)
|
2014-07-29 10:40:02 -04:00
|
|
|
if Discourse.static_doc_topic_ids.include?(post.topic_id) && !is_admin?
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
2016-04-13 01:59:38 -04:00
|
|
|
return true if is_admin?
|
|
|
|
|
2014-09-05 01:20:39 -04:00
|
|
|
if is_staff? || @user.has_trust_level?(TrustLevel[4])
|
2016-04-13 01:59:38 -04:00
|
|
|
return can_create_post?(post.topic)
|
2014-05-13 08:53:11 -04:00
|
|
|
end
|
|
|
|
|
2016-03-30 14:18:42 -04:00
|
|
|
if post.topic.archived? || post.user_deleted || post.deleted_at
|
2014-05-13 08:53:11 -04:00
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
if post.wiki && (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i)
|
2017-05-08 16:23:11 -04:00
|
|
|
return can_create_post?(post.topic)
|
2014-05-13 08:53:11 -04:00
|
|
|
end
|
|
|
|
|
2016-09-30 12:12:27 -04:00
|
|
|
if @user.trust_level < SiteSetting.min_trust_to_edit_post
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
2014-06-20 15:38:03 -04:00
|
|
|
if is_my_own?(post)
|
2014-09-16 11:20:31 -04:00
|
|
|
if post.hidden?
|
|
|
|
return false if post.hidden_at.present? &&
|
|
|
|
post.hidden_at >= SiteSetting.cooldown_minutes_after_hiding_posts.minutes.ago
|
|
|
|
|
|
|
|
# If it's your own post and it's hidden, you can still edit it
|
|
|
|
return true
|
|
|
|
end
|
2014-06-20 15:38:03 -04:00
|
|
|
|
|
|
|
return !post.edit_time_limit_expired?
|
2014-05-13 08:53:11 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
false
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# Deleting Methods
|
|
|
|
def can_delete_post?(post)
|
2016-12-20 23:01:26 -05:00
|
|
|
can_see_post?(post)
|
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
# Can't delete the first post
|
2015-04-23 13:33:29 -04:00
|
|
|
return false if post.is_first_post?
|
2014-01-09 18:25:14 -05:00
|
|
|
|
|
|
|
# Can't delete after post_edit_time_limit minutes have passed
|
|
|
|
return false if !is_staff? && post.edit_time_limit_expired?
|
|
|
|
|
2014-01-17 17:42:12 -05:00
|
|
|
# Can't delete posts in archived topics unless you are staff
|
|
|
|
return false if !is_staff? && post.topic.archived?
|
|
|
|
|
2014-01-09 18:25:14 -05:00
|
|
|
# You can delete your own posts
|
|
|
|
return !post.user_deleted? if is_my_own?(post)
|
|
|
|
|
|
|
|
is_staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
# Recovery Method
|
|
|
|
def can_recover_post?(post)
|
2017-03-06 00:17:57 -05:00
|
|
|
if is_staff?
|
|
|
|
post.deleted_at && post.user
|
|
|
|
else
|
|
|
|
is_my_own?(post) && post.user_deleted && !post.deleted_at
|
|
|
|
end
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def can_delete_post_action?(post_action)
|
|
|
|
# You can only undo your own actions
|
|
|
|
is_my_own?(post_action) && not(post_action.is_private_message?) &&
|
|
|
|
|
|
|
|
# Make sure they want to delete it within the window
|
|
|
|
post_action.created_at > SiteSetting.post_undo_action_window_mins.minutes.ago
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_see_post?(post)
|
2015-09-10 16:01:23 -04:00
|
|
|
return false if post.blank?
|
|
|
|
return true if is_admin?
|
|
|
|
return false unless can_see_topic?(post.topic)
|
2015-09-21 18:50:52 -04:00
|
|
|
return false unless post.user == @user || Topic.visible_post_types(@user).include?(post.post_type)
|
2015-09-10 16:01:23 -04:00
|
|
|
return false if !is_moderator? && post.deleted_at.present?
|
|
|
|
|
|
|
|
true
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
def can_view_edit_history?(post)
|
2014-05-12 10:30:10 -04:00
|
|
|
return false unless post
|
2014-06-26 13:19:35 -04:00
|
|
|
|
|
|
|
if !post.hidden
|
2016-07-16 07:30:00 -04:00
|
|
|
return true if post.wiki || SiteSetting.edit_history_visible_to_public
|
2014-06-26 13:19:35 -04:00
|
|
|
end
|
2014-05-12 10:30:10 -04:00
|
|
|
|
2014-03-13 10:47:37 -04:00
|
|
|
authenticated? &&
|
2014-09-05 01:20:39 -04:00
|
|
|
(is_staff? || @user.has_trust_level?(TrustLevel[4]) || @user.id == post.user_id) &&
|
2014-05-12 10:30:10 -04:00
|
|
|
can_see_post?(post)
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
|
|
|
|
2017-07-27 21:20:09 -04:00
|
|
|
def can_vote?(post, opts = {})
|
2017-09-08 01:07:22 -04:00
|
|
|
post_can_act?(post, :vote, opts: opts)
|
2014-01-09 18:25:14 -05:00
|
|
|
end
|
2014-03-27 21:28:14 -04:00
|
|
|
|
|
|
|
def can_change_post_owner?
|
|
|
|
is_admin?
|
|
|
|
end
|
2014-05-13 08:53:11 -04:00
|
|
|
|
2016-11-06 14:14:09 -05:00
|
|
|
def can_change_post_timestamps?
|
|
|
|
is_admin?
|
|
|
|
end
|
|
|
|
|
2016-01-11 10:26:00 -05:00
|
|
|
def can_wiki?(post)
|
|
|
|
return false unless authenticated?
|
2016-03-15 05:13:52 -04:00
|
|
|
return true if is_staff? || @user.has_trust_level?(TrustLevel[4])
|
|
|
|
|
|
|
|
if @user.has_trust_level?(SiteSetting.min_trust_to_allow_self_wiki) && is_my_own?(post)
|
|
|
|
return false if post.hidden?
|
|
|
|
return !post.edit_time_limit_expired?
|
|
|
|
end
|
|
|
|
|
|
|
|
false
|
2014-05-13 08:53:11 -04:00
|
|
|
end
|
2014-07-16 15:04:55 -04:00
|
|
|
|
2014-09-10 17:08:33 -04:00
|
|
|
def can_change_post_type?
|
|
|
|
is_staff?
|
|
|
|
end
|
|
|
|
|
2014-09-11 10:04:40 -04:00
|
|
|
def can_rebake?
|
2015-02-03 12:19:01 -05:00
|
|
|
is_staff? || @user.has_trust_level?(TrustLevel[4])
|
2014-09-11 10:04:40 -04:00
|
|
|
end
|
|
|
|
|
2014-07-16 15:04:55 -04:00
|
|
|
def can_see_flagged_posts?
|
|
|
|
is_staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_see_deleted_posts?
|
|
|
|
is_staff?
|
|
|
|
end
|
2014-09-22 12:55:13 -04:00
|
|
|
|
2014-11-12 08:49:42 -05:00
|
|
|
def can_view_raw_email?(post)
|
|
|
|
post && (is_staff? || post.user_id == @user.id)
|
2014-10-17 15:18:29 -04:00
|
|
|
end
|
|
|
|
|
2014-09-22 12:55:13 -04:00
|
|
|
def can_unhide?(post)
|
|
|
|
post.try(:hidden) && is_staff?
|
|
|
|
end
|
2014-01-17 17:42:12 -05:00
|
|
|
end
|