FEATURE: setting which allows TL4 users to deleted posts (#19766)

New setting which allows TL4 users to delete/view/recover posts and topics
2023-01-20 13:31:51 +11:00 · 2023-01-20 13:31:51 +11:00 · 019ec74076
parent b05f193cf0
commit 019ec74076
5 changed files with 47 additions and 3 deletions
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -1894,6 +1894,7 @@ en:
    tl3_requires_likes_given: "The minimum number of likes that must be given in the last (tl3 time period) days to qualify for promotion to trust level 3."
    tl3_requires_likes_received: "The minimum number of likes that must be received in the last (tl3 time period) days to qualify for promotion to trust level 3."
    tl3_links_no_follow: "Do not remove rel=nofollow from links posted by trust level 3 users."
+    tl4_delete_posts_and_topics: "Allow TL4 users to delete posts and topics created by other users. TL4 users will also be able to see deleted topics and posts."
    trusted_users_can_edit_others: "Allow users with high trust levels to edit content from other users"

    min_trust_to_create_topic: "The minimum trust level required to create a new topic."
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@ -1672,6 +1672,9 @@ trust:
  tl3_links_no_follow:
    default: false
    client: true
+  tl4_delete_posts_and_topics:
+    default: false
+    client: true
  trusted_users_can_edit_others:
    default: true

--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@ -191,6 +191,8 @@ module PostGuardian

    return true if is_staff? || is_category_group_moderator?(post.topic&.category)

+    return true if SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4])
+
    # Can't delete posts in archived topics unless you are staff
    return false if post.topic&.archived?

@ -311,7 +313,8 @@ module PostGuardian
  end

  def can_see_deleted_posts?(category = nil)
-    is_staff? || is_category_group_moderator?(category)
+    is_staff? || is_category_group_moderator?(category) ||
+      (SiteSetting.tl4_delete_posts_and_topics && @user.has_trust_level?(TrustLevel[4]))
  end

  def can_view_raw_email?(post)
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@ -142,7 +142,8 @@ module TopicGuardian
  end

  def can_recover_topic?(topic)
-    if is_staff? || (topic&.category && is_category_group_moderator?(topic.category))
+    if is_staff? || (topic&.category && is_category_group_moderator?(topic.category)) ||
+         (SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4]))
      !!(topic && topic.deleted_at)
    else
      topic && can_recover_post?(topic.ordered_posts.first)
@ -156,7 +157,8 @@ module TopicGuardian
          (
            is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at &&
              topic.created_at > 24.hours.ago
-          ) || is_category_group_moderator?(topic.category)
+          ) || is_category_group_moderator?(topic.category) ||
+          (SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4]))
      ) && !topic.is_category_topic? && !Discourse.static_doc_topic_ids.include?(topic.id)
  end

--- a/spec/lib/guardian_spec.rb
+++ b/spec/lib/guardian_spec.rb
@ -1347,6 +1347,13 @@ RSpec.describe Guardian do
      expect(Guardian.new(user).can_recover_topic?(topic)).to be_falsey
    end

+    it "returns true when tl4 can delete posts and topics" do
+      PostDestroyer.new(moderator, topic.first_post).destroy
+      expect(Guardian.new(trust_level_4).can_recover_topic?(topic)).to be_falsey
+      SiteSetting.tl4_delete_posts_and_topics = true
+      expect(Guardian.new(trust_level_4).can_recover_topic?(topic.reload)).to be_truthy
+    end
+
    context "as a moderator" do
      describe "when post has been deleted" do
        it "should return the right value" do
@ -2195,6 +2202,12 @@ RSpec.describe Guardian do
        expect(Guardian.new(topic.user).can_delete?(topic)).to be_falsey
      end

+      it "returns true when tl4 can delete posts and topics" do
+        expect(Guardian.new(trust_level_4).can_delete?(topic)).to be_falsey
+        SiteSetting.tl4_delete_posts_and_topics = true
+        expect(Guardian.new(trust_level_4).can_delete?(topic)).to be_truthy
+      end
+
      it "returns false if topic was created > 24h ago" do
        topic.update!(posts_count: 1, created_at: 48.hours.ago)
        expect(Guardian.new(topic.user).can_delete?(topic)).to be_falsey
@ -2241,6 +2254,12 @@ RSpec.describe Guardian do
        expect(Guardian.new(trust_level_4).can_delete?(post)).to be_falsey
      end

+      it "returns true when tl4 can delete posts and topics" do
+        expect(Guardian.new(trust_level_4).can_delete?(post)).to be_falsey
+        SiteSetting.tl4_delete_posts_and_topics = true
+        expect(Guardian.new(trust_level_4).can_delete?(post)).to be_truthy
+      end
+
      it "returns false when self deletions are disabled" do
        SiteSetting.max_post_deletions_per_day = 0
        expect(Guardian.new(user).can_delete?(post)).to be_falsey
@ -2384,6 +2403,22 @@ RSpec.describe Guardian do
    end
  end

+  describe "#can_see_deleted_posts?" do
+    it "returns true if the user is an admin" do
+      expect(Guardian.new(admin).can_see_deleted_posts?(post.topic.category)).to be_truthy
+    end
+
+    it "returns true if the user is a moderator of category" do
+      expect(Guardian.new(moderator).can_see_deleted_posts?(post.topic.category)).to be_truthy
+    end
+
+    it "returns true when tl4 can delete posts and topics" do
+      expect(Guardian.new(trust_level_4).can_see_deleted_posts?(post)).to be_falsey
+      SiteSetting.tl4_delete_posts_and_topics = true
+      expect(Guardian.new(trust_level_4).can_see_deleted_posts?(post)).to be_truthy
+    end
+  end
+
  describe "#can_approve?" do
    it "wont allow a non-logged in user to approve" do
      expect(Guardian.new.can_approve?(user)).to be_falsey