FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so
This commit is contained in:
parent
672220c6d2
commit
0f8b4dcc86
|
@ -36,6 +36,9 @@ module TopicGuardian
|
|||
return true if is_admin?
|
||||
return true if is_moderator? && can_create_post?(topic)
|
||||
|
||||
# can't edit topics in secured categories where you don't have permission to create topics
|
||||
return false if !can_create_topic_on_category?(topic.category)
|
||||
|
||||
# TL4 users can edit archived topics, but can not edit private messages
|
||||
return true if (topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[4]) && can_create_post?(topic))
|
||||
|
||||
|
|
|
@ -1086,6 +1086,15 @@ describe Guardian do
|
|||
expect(Guardian.new(moderator).can_edit?(post)).to eq(false)
|
||||
expect(Guardian.new(moderator).can_edit?(topic)).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for trust level 3 if category is secured" do
|
||||
topic.category.set_permissions(everyone: :create_post, staff: :full)
|
||||
topic.category.save
|
||||
|
||||
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
|
||||
expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
|
||||
expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
context 'private message' do
|
||||
|
|
Loading…
Reference in New Issue