Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: error anonymous when tl4_delete_posts_and_topics setting (#20257) 

Bug introduced in this PR: https://github.com/discourse/discourse/pull/19946

When the setting is enabled, an error is triggered for anonymous users.
This commit is contained in:
Krzysztof Kotlarek 2023-02-13 15:34:04 +11:00 committed by GitHub
parent 6c9f84b302
commit 010370f8b1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/guardian/topic_guardian.rb
View File

@ -143,7 +143,7 @@ module TopicGuardian
def can_recover_topic?(topic) def can_recover_topic?(topic)
if is_staff? || (topic&.category && is_category_group_moderator?(topic.category)) || if is_staff? || (topic&.category && is_category_group_moderator?(topic.category)) ||
(SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4])) (SiteSetting.tl4_delete_posts_and_topics && user&.has_trust_level?(TrustLevel[4]))
!!(topic && topic.deleted_at) !!(topic && topic.deleted_at)
else else
topic && can_recover_post?(topic.ordered_posts.first) topic && can_recover_post?(topic.ordered_posts.first)
@ -212,7 +212,7 @@ module TopicGuardian
def can_see_deleted_topics?(category) def can_see_deleted_topics?(category)
is_staff? || is_category_group_moderator?(category) || is_staff? || is_category_group_moderator?(category) ||
(SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4])) (SiteSetting.tl4_delete_posts_and_topics && user&.has_trust_level?(TrustLevel[4]))
end end
# Accepts an array of `Topic#id` and returns an array of `Topic#id` which the user can see. # Accepts an array of `Topic#id` and returns an array of `Topic#id` which the user can see.

32
spec/lib/guardian/topic_guardian_spec.rb
View File

@ -94,6 +94,38 @@ RSpec.describe TopicGuardian do
SiteSetting.tl4_delete_posts_and_topics = true SiteSetting.tl4_delete_posts_and_topics = true
expect(Guardian.new(tl4_user).can_see_deleted_topics?(topic.category)).to eq(true) expect(Guardian.new(tl4_user).can_see_deleted_topics?(topic.category)).to eq(true)
end end
it "returns false for anonymous user" do
SiteSetting.tl4_delete_posts_and_topics = true
expect(Guardian.new.can_see_deleted_topics?(topic.category)).to be_falsey
end
end
describe "#can_recover_topic?" do
fab!(:deleted_topic) { Fabricate(:topic, category: category, deleted_at: 1.day.ago) }
it "returns true for staff" do
expect(Guardian.new(admin).can_recover_topic?(Topic.with_deleted.last)).to eq(true)
end
it "returns true for group moderator" do
SiteSetting.enable_category_group_moderation = true
expect(Guardian.new(user).can_recover_topic?(Topic.with_deleted.last)).to eq(false)
category.update!(reviewable_by_group_id: group.id)
group.add(user)
topic.update!(category: category)
expect(Guardian.new(user).can_recover_topic?(Topic.with_deleted.last)).to eq(true)
end
it "returns true when tl4 can delete posts and topics" do
expect(Guardian.new(tl4_user).can_recover_topic?(Topic.with_deleted.last)).to eq(false)
SiteSetting.tl4_delete_posts_and_topics = true
expect(Guardian.new(tl4_user).can_recover_topic?(Topic.with_deleted.last)).to eq(true)
end
it "returns false for anonymous user" do
SiteSetting.tl4_delete_posts_and_topics = true
expect(Guardian.new.can_recover_topic?(Topic.with_deleted.last)).to eq(false)
end
end end
describe "#can_edit_topic?" do describe "#can_edit_topic?" do