Can clear flags on deleted posts if you're a moderator
This commit is contained in:
parent
ea631e75c9
commit
03a798b202
|
@ -52,7 +52,7 @@ class PostActionsController < ApplicationController
|
|||
|
||||
def clear_flags
|
||||
requires_parameter(:post_action_type_id)
|
||||
raise Discourse::InvalidAccess unless guardian.is_admin?
|
||||
guardian.ensure_can_clear_flags!(@post)
|
||||
|
||||
PostAction.clear_flags!(@post, current_user.id, params[:post_action_type_id].to_i)
|
||||
@post.reload
|
||||
|
@ -69,7 +69,12 @@ class PostActionsController < ApplicationController
|
|||
|
||||
def fetch_post_from_params
|
||||
requires_parameter(:id)
|
||||
@post = Post.where(id: params[:id]).first
|
||||
finder = Post.where(id: params[:id])
|
||||
|
||||
# Include deleted posts if the user is a moderator
|
||||
finder = finder.with_deleted if current_user.try(:has_trust_level?, :moderator)
|
||||
|
||||
@post = finder.first
|
||||
guardian.ensure_can_see!(@post)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -65,8 +65,6 @@ class PostsController < ApplicationController
|
|||
|
||||
def show
|
||||
@post = find_post_from_params
|
||||
guardian.ensure_can_see!(@post)
|
||||
|
||||
@post.revert_to(params[:version].to_i) if params[:version].present?
|
||||
post_serializer = PostSerializer.new(@post, scope: guardian, root: false)
|
||||
post_serializer.add_raw = true
|
||||
|
@ -109,22 +107,18 @@ class PostsController < ApplicationController
|
|||
# Retrieves a list of versions and who made them for a post
|
||||
def versions
|
||||
post = find_post_from_params
|
||||
guardian.ensure_can_see!(post)
|
||||
|
||||
render_serialized(post.all_versions, VersionSerializer)
|
||||
end
|
||||
|
||||
# Direct replies to this post
|
||||
def replies
|
||||
post = find_post_from_params
|
||||
guardian.ensure_can_see!(post)
|
||||
render_serialized(post.replies, PostSerializer)
|
||||
end
|
||||
|
||||
|
||||
def bookmark
|
||||
post = find_post_from_params
|
||||
guardian.ensure_can_see!(post)
|
||||
if current_user
|
||||
if params[:bookmarked] == "true"
|
||||
PostAction.act(current_user, post, PostActionType.Types[:bookmark])
|
||||
|
@ -143,7 +137,9 @@ class PostsController < ApplicationController
|
|||
|
||||
# Include deleted posts if the user is a moderator
|
||||
finder = finder.with_deleted if current_user.try(:has_trust_level?, :moderator)
|
||||
|
||||
finder.first
|
||||
|
||||
post = finder.first
|
||||
guardian.ensure_can_see!(post)
|
||||
post
|
||||
end
|
||||
end
|
||||
|
|
|
@ -66,7 +66,7 @@ class PostAction < ActiveRecord::Base
|
|||
r = PostActionType.Types.invert
|
||||
f = actions.map{|t| ["#{r[t]}_count", 0]}
|
||||
|
||||
Post.update_all(Hash[*f.flatten], id: post.id)
|
||||
Post.with_deleted.update_all(Hash[*f.flatten], id: post.id)
|
||||
|
||||
update_flagged_posts_count
|
||||
end
|
||||
|
|
|
@ -109,6 +109,12 @@ class Guardian
|
|||
true
|
||||
end
|
||||
|
||||
def can_clear_flags?(post)
|
||||
return false if @user.blank?
|
||||
return false if post.blank?
|
||||
@user.has_trust_level?(:moderator)
|
||||
end
|
||||
|
||||
def can_revoke_admin?(admin)
|
||||
return false unless @user.try(:admin?)
|
||||
return false if admin.blank?
|
||||
|
|
|
@ -68,6 +68,29 @@ describe Guardian do
|
|||
end
|
||||
|
||||
|
||||
describe "can_clear_flags" do
|
||||
let(:post) { Fabricate(:post) }
|
||||
let(:user) { post.user }
|
||||
let(:moderator) { Fabricate(:moderator) }
|
||||
|
||||
it "returns false when the user is nil" do
|
||||
Guardian.new(nil).can_clear_flags?(post).should be_false
|
||||
end
|
||||
|
||||
it "returns false when the post is nil" do
|
||||
Guardian.new(moderator).can_clear_flags?(nil).should be_false
|
||||
end
|
||||
|
||||
it "returns false when the user is not a moderator" do
|
||||
Guardian.new(user).can_clear_flags?(post).should be_false
|
||||
end
|
||||
|
||||
it "returns true when the user is a moderator" do
|
||||
Guardian.new(moderator).can_clear_flags?(post).should be_true
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
describe 'can_send_private_message' do
|
||||
let(:user) { Fabricate(:user) }
|
||||
let(:another_user) { Fabricate(:user) }
|
||||
|
|
|
@ -85,6 +85,55 @@ describe PostActionsController do
|
|||
|
||||
end
|
||||
|
||||
context 'clear_flags' do
|
||||
|
||||
let(:flagged_post) { Fabricate(:post, user: Fabricate(:coding_horror)) }
|
||||
|
||||
context "not logged in" do
|
||||
it "should not allow them to clear flags" do
|
||||
lambda { xhr :post, :clear_flags }.should raise_error(Discourse::NotLoggedIn)
|
||||
end
|
||||
end
|
||||
|
||||
context 'logged in' do
|
||||
let!(:user) { log_in(:moderator) }
|
||||
|
||||
it "raises an error without a post_action_type_id" do
|
||||
-> { xhr :post, :clear_flags, id: flagged_post.id }.should raise_error(Discourse::InvalidParameters)
|
||||
end
|
||||
|
||||
it "raises an error when the user doesn't have access" do
|
||||
Guardian.any_instance.expects(:can_clear_flags?).returns(false)
|
||||
xhr :post, :clear_flags, id: flagged_post.id, post_action_type_id: PostActionType.Types[:spam]
|
||||
response.should be_forbidden
|
||||
end
|
||||
|
||||
context "success" do
|
||||
before do
|
||||
Guardian.any_instance.expects(:can_clear_flags?).returns(true)
|
||||
PostAction.expects(:clear_flags!).with(flagged_post, user.id, PostActionType.Types[:spam])
|
||||
end
|
||||
|
||||
it "delegates to clear_flags" do
|
||||
xhr :post, :clear_flags, id: flagged_post.id, post_action_type_id: PostActionType.Types[:spam]
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it "works with a deleted post" do
|
||||
flagged_post.destroy
|
||||
xhr :post, :clear_flags, id: flagged_post.id, post_action_type_id: PostActionType.Types[:spam]
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
describe 'users' do
|
||||
|
|
Loading…
Reference in New Issue