FIX: oneboxing to private messages
This commit is contained in:
parent
67526907cd
commit
57e140dc07
|
@ -173,8 +173,11 @@ module Oneboxer
|
|||
if route[:post_number].to_i > 1
|
||||
post = Post.find_by(topic_id: route[:topic_id], post_number: route[:post_number])
|
||||
|
||||
return unless post.present? && !post.hidden
|
||||
return unless current_category&.id == post.topic.category_id || Guardian.new.can_see_post?(post)
|
||||
return if !post || post.hidden || post.topic.private_message?
|
||||
|
||||
if current_category&.id != post.topic.category_id
|
||||
return if !Guardian.new.can_see_post?(post)
|
||||
end
|
||||
|
||||
topic = post.topic
|
||||
excerpt = post.excerpt(SiteSetting.post_onebox_maxlength)
|
||||
|
@ -185,8 +188,13 @@ module Oneboxer
|
|||
|
||||
PrettyText.cook(quote)
|
||||
else
|
||||
return unless topic = Topic.find_by(id: route[:topic_id])
|
||||
return unless current_category&.id == topic.category_id || Guardian.new.can_see_topic?(topic)
|
||||
topic = Topic.find_by(id: route[:topic_id])
|
||||
|
||||
return if !topic || topic.private_message?
|
||||
|
||||
if current_category&.id != topic.category_id
|
||||
return if !Guardian.new.can_see_topic?(topic)
|
||||
end
|
||||
|
||||
first_post = topic.ordered_posts.first
|
||||
|
||||
|
|
|
@ -129,6 +129,16 @@ describe OneboxController do
|
|||
expect(response.body).not_to include('blockquote')
|
||||
end
|
||||
|
||||
it 'does not allow onebox of PMs' do
|
||||
user = log_in
|
||||
|
||||
post = create_post(archetype: 'private_message', target_usernames: [user.username])
|
||||
url = Discourse.base_url + post.url
|
||||
|
||||
get :show, params: { url: url }, format: :json
|
||||
expect(response.body).not_to include('blockquote')
|
||||
end
|
||||
|
||||
it 'allows onebox to public topics/posts in PM' do
|
||||
log_in
|
||||
|
||||
|
|
Loading…
Reference in New Issue