Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: properly filter whispers in user stream

This commit is contained in:
Régis Hanol 2015-09-22 00:50:52 +02:00
parent 2ae032c9b0
commit 4f7140fb32
7 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/models/post.rb
View File

@ -96,17 +96,18 @@ class Post < ActiveRecord::Base
end end
def publish_change_to_clients!(type) def publish_change_to_clients!(type)
channel = "/topic/#{topic_id}"
msg = { id: id,
post_number: post_number,
updated_at: Time.now,
type: type }
# special failsafe for posts missing topics consistency checks should fix, but message # special failsafe for posts missing topics consistency checks should fix, but message
# is safe to skip # is safe to skip
return unless topic return unless topic
channel = "/topic/#{topic_id}"
msg = {
id: id,
post_number: post_number,
updated_at: Time.now,
type: type
}
# Whispers should not be published to everyone # Whispers should not be published to everyone
if post_type == Post.types[:whisper] if post_type == Post.types[:whisper]
user_ids = User.where('admin or moderator or id = ?', user_id).pluck(:id) user_ids = User.where('admin or moderator or id = ?', user_id).pluck(:id)

2
app/models/topic.rb
View File

@ -218,7 +218,7 @@ class Topic < ActiveRecord::Base
end end
end end
def visible_post_types(viewed_by=nil) def self.visible_post_types(viewed_by=nil)
types = Post.types types = Post.types
result = [types[:regular], types[:moderator_action], types[:small_action]] result = [types[:regular], types[:moderator_action], types[:small_action]]
result << types[:whisper] if viewed_by.try(:staff?) result << types[:whisper] if viewed_by.try(:staff?)

4
app/models/user_action.rb
View File

@ -305,7 +305,6 @@ SQL
end end
def self.apply_common_filters(builder,user_id,guardian,ignore_private_messages=false) def self.apply_common_filters(builder,user_id,guardian,ignore_private_messages=false)
# We never return deleted topics in activity # We never return deleted topics in activity
builder.where("t.deleted_at is null") builder.where("t.deleted_at is null")
@ -318,6 +317,9 @@ SQL
builder.where("NOT COALESCE(p.hidden, false) OR p.user_id = :current_user_id", current_user_id: current_user_id ) builder.where("NOT COALESCE(p.hidden, false) OR p.user_id = :current_user_id", current_user_id: current_user_id )
end end
visible_post_types = Topic.visible_post_types(guardian.user)
builder.where("COALESCE(p.post_type, p2.post_type) IN (:visible_post_types)", visible_post_types: visible_post_types)
unless (guardian.user && guardian.user.id == user_id) || guardian.is_staff? unless (guardian.user && guardian.user.id == user_id) || guardian.is_staff?
builder.where("a.action_type not in (#{BOOKMARK})") builder.where("a.action_type not in (#{BOOKMARK})")
builder.where("t.visible") builder.where("t.visible")

2
lib/guardian/post_guardian.rb
View File

@ -147,7 +147,7 @@ module PostGuardian
return false if post.blank? return false if post.blank?
return true if is_admin? return true if is_admin?
return false unless can_see_topic?(post.topic) return false unless can_see_topic?(post.topic)
return false unless post.user == @user || post.topic.visible_post_types(@user).include?(post.post_type) return false unless post.user == @user || Topic.visible_post_types(@user).include?(post.post_type)
return false if !is_moderator? && post.deleted_at.present? return false if !is_moderator? && post.deleted_at.present?
true true

2
lib/topic_view.rb
View File

@ -331,7 +331,7 @@ class TopicView
private private
def filter_post_types(posts) def filter_post_types(posts)
visible_types = @topic.visible_post_types(@user) visible_types = Topic.visible_post_types(@user)
if @user.present? if @user.present?
posts.where("user_id = ? OR post_type IN (?)", @user.id, visible_types) posts.where("user_id = ? OR post_type IN (?)", @user.id, visible_types)

1
spec/fabricators/post_fabricator.rb
View File

@ -2,6 +2,7 @@ Fabricator(:post) do
user user
topic {|attrs| Fabricate(:topic, user: attrs[:user] ) } topic {|attrs| Fabricate(:topic, user: attrs[:user] ) }
raw "Hello world" raw "Hello world"
post_type Post.types[:regular]
end end
Fabricator(:post_with_long_raw_content, from: :post) do Fabricator(:post_with_long_raw_content, from: :post) do

9
spec/models/topic_spec.rb
View File

@ -15,8 +15,7 @@ describe Topic do
let(:types) { Post.types } let(:types) { Post.types }
it "returns the appropriate types for anonymous users" do it "returns the appropriate types for anonymous users" do
topic = Fabricate.build(:topic) post_types = Topic.visible_post_types
post_types = topic.visible_post_types
expect(post_types).to include(types[:regular]) expect(post_types).to include(types[:regular])
expect(post_types).to include(types[:moderator_action]) expect(post_types).to include(types[:moderator_action])
@ -25,8 +24,7 @@ describe Topic do
end end
it "returns the appropriate types for regular users" do it "returns the appropriate types for regular users" do
topic = Fabricate.build(:topic) post_types = Topic.visible_post_types(Fabricate.build(:user))
post_types = topic.visible_post_types(Fabricate.build(:user))
expect(post_types).to include(types[:regular]) expect(post_types).to include(types[:regular])
expect(post_types).to include(types[:moderator_action]) expect(post_types).to include(types[:moderator_action])
@ -35,8 +33,7 @@ describe Topic do
end end
it "returns the appropriate types for staff users" do it "returns the appropriate types for staff users" do
topic = Fabricate.build(:topic) post_types = Topic.visible_post_types(Fabricate.build(:moderator))
post_types = topic.visible_post_types(Fabricate.build(:moderator))
expect(post_types).to include(types[:regular]) expect(post_types).to include(types[:regular])
expect(post_types).to include(types[:moderator_action]) expect(post_types).to include(types[:moderator_action])