Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disallow access to raw email for non-staff users (#17569)

This commit is contained in:
communiteq 2022-09-14 03:57:12 +02:00 committed by GitHub
parent dee8a1db20
commit 56555a0231
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/assets/javascripts/discourse/app/lib/transform-post.js
View File

@ -127,8 +127,7 @@ export default function transformPost(
postType === postTypes.small_action || post.action_code === "split_topic";
postAtts.canBookmark = !!currentUser;
postAtts.canManage = currentUser && currentUser.get("canManageTopic");
postAtts.canViewRawEmail =
currentUser && (currentUser.id === post.user_id || currentUser.staff);
postAtts.canViewRawEmail = currentUser && currentUser.staff;
postAtts.canArchiveTopic = !!details.can_archive_topic;
postAtts.canCloseTopic = !!details.can_close_topic;
postAtts.canSplitMergeTopic = !!details.can_split_merge_topic;

2
lib/guardian/post_guardian.rb
View File

@ -296,7 +296,7 @@ module PostGuardian
end
def can_view_raw_email?(post)
post && (is_staff? || post.user_id == @user.id)
post && is_staff?
end
def can_unhide?(post)