FIX: do not allow normal users to wiki edit-expired posts
This commit is contained in:
parent
177294f930
commit
3e32393ab6
|
@ -175,7 +175,14 @@ module PostGuardian
|
|||
|
||||
def can_wiki?(post)
|
||||
return false unless authenticated?
|
||||
is_staff? || @user.has_trust_level?(TrustLevel[4]) || (@user.has_trust_level?(SiteSetting.min_trust_to_allow_self_wiki) && is_my_own?(post))
|
||||
return true if is_staff? || @user.has_trust_level?(TrustLevel[4])
|
||||
|
||||
if @user.has_trust_level?(SiteSetting.min_trust_to_allow_self_wiki) && is_my_own?(post)
|
||||
return false if post.hidden?
|
||||
return !post.edit_time_limit_expired?
|
||||
end
|
||||
|
||||
false
|
||||
end
|
||||
|
||||
def can_change_post_type?
|
||||
|
|
|
@ -2098,7 +2098,7 @@ describe Guardian do
|
|||
end
|
||||
|
||||
describe 'can_wiki?' do
|
||||
let(:post) { build(:post) }
|
||||
let(:post) { build(:post, created_at: 1.minute.ago) }
|
||||
|
||||
it 'returns false for regular user' do
|
||||
expect(Guardian.new(coding_horror).can_wiki?(post)).to be_falsey
|
||||
|
@ -2127,5 +2127,25 @@ describe Guardian do
|
|||
it 'returns true for trust_level_4 user' do
|
||||
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
|
||||
end
|
||||
|
||||
context 'post is older than post_edit_time_limit' do
|
||||
let(:old_post) { build(:post, user: trust_level_2, created_at: 6.minutes.ago) }
|
||||
before do
|
||||
SiteSetting.min_trust_to_allow_self_wiki = 2
|
||||
SiteSetting.post_edit_time_limit = 5
|
||||
end
|
||||
|
||||
it 'returns false when user satisfies trust level and owns the post' do
|
||||
expect(Guardian.new(trust_level_2).can_wiki?(old_post)).to be_falsey
|
||||
end
|
||||
|
||||
it 'returns true for admin user' do
|
||||
expect(Guardian.new(admin).can_wiki?(old_post)).to be_truthy
|
||||
end
|
||||
|
||||
it 'returns true for trust_level_4 user' do
|
||||
expect(Guardian.new(trust_level_4).can_wiki?(post)).to be_truthy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue