FEATURE: allow disabling self-deletions of posts (#11668)
https://meta.discourse.org/t/restoring-deleted-messages/173647/6?u=techapj
This commit is contained in:
parent
caa17386ee
commit
25b4e82601
|
@ -299,13 +299,13 @@ class PostsController < ApplicationController
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
post = find_post_from_params
|
post = find_post_from_params
|
||||||
|
guardian.ensure_can_delete!(post)
|
||||||
|
|
||||||
unless guardian.can_moderate_topic?(post.topic)
|
unless guardian.can_moderate_topic?(post.topic)
|
||||||
RateLimiter.new(current_user, "delete_post_per_min", SiteSetting.max_post_deletions_per_minute, 1.minute).performed!
|
RateLimiter.new(current_user, "delete_post_per_min", SiteSetting.max_post_deletions_per_minute, 1.minute).performed!
|
||||||
RateLimiter.new(current_user, "delete_post_per_day", SiteSetting.max_post_deletions_per_day, 1.day).performed!
|
RateLimiter.new(current_user, "delete_post_per_day", SiteSetting.max_post_deletions_per_day, 1.day).performed!
|
||||||
end
|
end
|
||||||
|
|
||||||
guardian.ensure_can_delete!(post)
|
|
||||||
|
|
||||||
destroyer = PostDestroyer.new(current_user, post, context: params[:context])
|
destroyer = PostDestroyer.new(current_user, post, context: params[:context])
|
||||||
destroyer.destroy
|
destroyer.destroy
|
||||||
|
|
||||||
|
@ -320,11 +320,13 @@ class PostsController < ApplicationController
|
||||||
|
|
||||||
def recover
|
def recover
|
||||||
post = find_post_from_params
|
post = find_post_from_params
|
||||||
|
guardian.ensure_can_recover_post!(post)
|
||||||
|
|
||||||
unless guardian.can_moderate_topic?(post.topic)
|
unless guardian.can_moderate_topic?(post.topic)
|
||||||
RateLimiter.new(current_user, "delete_post_per_min", SiteSetting.max_post_deletions_per_minute, 1.minute).performed!
|
RateLimiter.new(current_user, "delete_post_per_min", SiteSetting.max_post_deletions_per_minute, 1.minute).performed!
|
||||||
RateLimiter.new(current_user, "delete_post_per_day", SiteSetting.max_post_deletions_per_day, 1.day).performed!
|
RateLimiter.new(current_user, "delete_post_per_day", SiteSetting.max_post_deletions_per_day, 1.day).performed!
|
||||||
end
|
end
|
||||||
guardian.ensure_can_recover_post!(post)
|
|
||||||
destroyer = PostDestroyer.new(current_user, post)
|
destroyer = PostDestroyer.new(current_user, post)
|
||||||
destroyer.recover
|
destroyer.recover
|
||||||
post.reload
|
post.reload
|
||||||
|
|
|
@ -1746,8 +1746,8 @@ en:
|
||||||
max_logins_per_ip_per_hour: "Maximum number of logins allowed per IP address per hour"
|
max_logins_per_ip_per_hour: "Maximum number of logins allowed per IP address per hour"
|
||||||
max_logins_per_ip_per_minute: "Maximum number of logins allowed per IP address per minute"
|
max_logins_per_ip_per_minute: "Maximum number of logins allowed per IP address per minute"
|
||||||
|
|
||||||
max_post_deletions_per_minute: "Maximum number of posts a user can delete per minute."
|
max_post_deletions_per_minute: "Maximum number of posts a user can delete per minute. Set to 0 to disable post deletions."
|
||||||
max_post_deletions_per_day: "Maximum number of posts a user can delete per day."
|
max_post_deletions_per_day: "Maximum number of posts a user can delete per day. Set to 0 to disable post deletions."
|
||||||
|
|
||||||
invite_link_max_redemptions_limit: "Maximum redemptions allowed for invite links can't be more than this value."
|
invite_link_max_redemptions_limit: "Maximum redemptions allowed for invite links can't be more than this value."
|
||||||
|
|
||||||
|
|
|
@ -185,14 +185,19 @@ module PostGuardian
|
||||||
# Can't delete the first post
|
# Can't delete the first post
|
||||||
return false if post.is_first_post?
|
return false if post.is_first_post?
|
||||||
|
|
||||||
# Can't delete posts in archived topics unless you are staff
|
|
||||||
can_moderate = can_moderate_topic?(post.topic)
|
can_moderate = can_moderate_topic?(post.topic)
|
||||||
return false if !can_moderate && post.topic&.archived?
|
return true if can_moderate
|
||||||
|
|
||||||
|
# Can't delete posts in archived topics unless you are staff
|
||||||
|
return false if post.topic&.archived?
|
||||||
|
|
||||||
# You can delete your own posts
|
# You can delete your own posts
|
||||||
return !post.user_deleted? if is_my_own?(post)
|
if is_my_own?(post)
|
||||||
|
return false if (SiteSetting.max_post_deletions_per_minute < 1 || SiteSetting.max_post_deletions_per_day < 1)
|
||||||
|
return true if !post.user_deleted?
|
||||||
|
end
|
||||||
|
|
||||||
can_moderate
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
def can_recover_post?(post)
|
def can_recover_post?(post)
|
||||||
|
@ -200,12 +205,14 @@ module PostGuardian
|
||||||
|
|
||||||
# PERF, vast majority of the time topic will not be deleted
|
# PERF, vast majority of the time topic will not be deleted
|
||||||
topic = (post.topic || Topic.with_deleted.find(post.topic_id)) if post.topic_id
|
topic = (post.topic || Topic.with_deleted.find(post.topic_id)) if post.topic_id
|
||||||
|
return true if can_moderate_topic?(topic) && !!post.deleted_at
|
||||||
|
|
||||||
if can_moderate_topic?(topic)
|
if is_my_own?(post)
|
||||||
!!post.deleted_at
|
return false if (SiteSetting.max_post_deletions_per_minute < 1 || SiteSetting.max_post_deletions_per_day < 1)
|
||||||
else
|
return true if post.user_deleted && !post.deleted_at
|
||||||
is_my_own?(post) && post.user_deleted && !post.deleted_at
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
def can_delete_post_action?(post_action)
|
def can_delete_post_action?(post_action)
|
||||||
|
|
|
@ -2081,6 +2081,11 @@ describe Guardian do
|
||||||
expect(Guardian.new(user).can_delete?(post)).to be_truthy
|
expect(Guardian.new(user).can_delete?(post)).to be_truthy
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'returns false when self deletions are disabled' do
|
||||||
|
SiteSetting.max_post_deletions_per_day = 0
|
||||||
|
expect(Guardian.new(user).can_delete?(post)).to be_falsey
|
||||||
|
end
|
||||||
|
|
||||||
it "returns false when trying to delete another user's own post" do
|
it "returns false when trying to delete another user's own post" do
|
||||||
expect(Guardian.new(Fabricate(:user)).can_delete?(post)).to be_falsey
|
expect(Guardian.new(Fabricate(:user)).can_delete?(post)).to be_falsey
|
||||||
end
|
end
|
||||||
|
@ -2119,7 +2124,6 @@ describe Guardian do
|
||||||
it "doesn't allow a regular user to delete it" do
|
it "doesn't allow a regular user to delete it" do
|
||||||
expect(Guardian.new(post.user).can_delete?(post)).to be_falsey
|
expect(Guardian.new(post.user).can_delete?(post)).to be_falsey
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -203,6 +203,15 @@ describe PostsController do
|
||||||
expect(response).to be_forbidden
|
expect(response).to be_forbidden
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "raises an error when the self deletions are disabled" do
|
||||||
|
SiteSetting.max_post_deletions_per_day = 0
|
||||||
|
post = Fabricate(:post, user: user, topic: topic, post_number: 3)
|
||||||
|
sign_in(user)
|
||||||
|
|
||||||
|
delete "/posts/#{post.id}.json"
|
||||||
|
expect(response).to be_forbidden
|
||||||
|
end
|
||||||
|
|
||||||
it "uses a PostDestroyer" do
|
it "uses a PostDestroyer" do
|
||||||
post = Fabricate(:post, topic_id: topic.id, post_number: 3)
|
post = Fabricate(:post, topic_id: topic.id, post_number: 3)
|
||||||
sign_in(moderator)
|
sign_in(moderator)
|
||||||
|
@ -306,6 +315,15 @@ describe PostsController do
|
||||||
expect(response).to be_forbidden
|
expect(response).to be_forbidden
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "raises an error when self deletion/recovery is disabled" do
|
||||||
|
SiteSetting.max_post_deletions_per_day = 0
|
||||||
|
post = Fabricate(:post, user: user, topic: topic, post_number: 3)
|
||||||
|
sign_in(user)
|
||||||
|
|
||||||
|
put "/posts/#{post.id}/recover.json"
|
||||||
|
expect(response).to be_forbidden
|
||||||
|
end
|
||||||
|
|
||||||
it "recovers a post correctly" do
|
it "recovers a post correctly" do
|
||||||
topic_id = create_post.topic_id
|
topic_id = create_post.topic_id
|
||||||
post = create_post(topic_id: topic_id)
|
post = create_post(topic_id: topic_id)
|
||||||
|
|
Loading…
Reference in New Issue