FIX: TL3 users should not be able to edit title of archived topics
This commit is contained in:
parent
6d6d8842d2
commit
106e3c897f
|
@ -30,7 +30,10 @@ module TopicGuardian
|
|||
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
|
||||
return false unless can_see?(topic)
|
||||
return true if is_staff?
|
||||
return true if (!topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic))
|
||||
# TL4 users can edit archived topics, but can not edit private messages
|
||||
return true if (topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[4]) && can_create_post?(topic))
|
||||
# TL3 users can not edit archived topics and private messages
|
||||
return true if (!topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic))
|
||||
|
||||
return false if topic.archived
|
||||
is_my_own?(topic) && !topic.edit_time_limit_expired?
|
||||
|
|
|
@ -991,6 +991,11 @@ describe Guardian do
|
|||
topic.archetype = 'private_message'
|
||||
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
|
||||
end
|
||||
|
||||
it 'returns false at trust level 4' do
|
||||
topic.archetype = 'private_message'
|
||||
expect(Guardian.new(trust_level_4).can_edit?(topic)).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'archived' do
|
||||
|
@ -1004,8 +1009,12 @@ describe Guardian do
|
|||
expect(Guardian.new(admin).can_edit?(archived_topic)).to be_truthy
|
||||
end
|
||||
|
||||
it 'returns true at trust level 3' do
|
||||
expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_truthy
|
||||
it 'returns true at trust level 4' do
|
||||
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy
|
||||
end
|
||||
|
||||
it 'returns false at trust level 3' do
|
||||
expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey
|
||||
end
|
||||
|
||||
it 'returns false as a topic creator' do
|
||||
|
|
Loading…
Reference in New Issue