From 4b793a1072f4fcb37b916dcb309dec720a8f099b Mon Sep 17 00:00:00 2001 From: Joffrey JAFFEUX Date: Fri, 12 Jun 2020 12:54:28 +0200 Subject: [PATCH] FIX: allows PM owner to remove any user if >= TL2 (#10036) --- lib/guardian/topic_guardian.rb | 1 + spec/components/guardian_spec.rb | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb index e4df0a1cf20..33f5d836f4a 100644 --- a/lib/guardian/topic_guardian.rb +++ b/lib/guardian/topic_guardian.rb @@ -5,6 +5,7 @@ module TopicGuardian def can_remove_allowed_users?(topic, target_user = nil) is_staff? || + (topic.user == user && user.has_trust_level?(TrustLevel[2])) || ( topic.allowed_users.count > 1 && topic.user != target_user && diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 53b1b14c1c3..ef8245254de 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -3446,8 +3446,23 @@ describe Guardian do end end + context 'trust_level >= 2 user' do + fab!(:topic_creator) { build(:user, trust_level: 2) } + fab!(:topic) { Fabricate(:topic, user: topic_creator) } + + before do + topic.allowed_users << topic_creator + topic.allowed_users << another_user + end + + it 'should be true' do + expect(Guardian.new(topic_creator).can_remove_allowed_users?(topic)) + .to eq(true) + end + end + context 'normal user' do - fab!(:topic) { Fabricate(:topic, user: Fabricate(:user)) } + fab!(:topic) { Fabricate(:topic, user: Fabricate(:user, trust_level: 1)) } before do topic.allowed_users << user