diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index b047e0580c2..918e294ce6e 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -1987,6 +1987,7 @@ en: here_mention: "Name used for a @mention to allow privileged users to notify up to 'max_here_mentioned' people participating in the topic. Must not be an existing username." max_here_mentioned: "Maximum number of mentioned people by @here." min_trust_level_for_here_mention: "The minimum trust level allowed to mention @here." + here_mention_allowed_groups: "Groups that are allowed to mention @here." create_thumbnails: "Create thumbnails and lightbox images that are too large to fit in a post." @@ -2540,6 +2541,7 @@ en: keywords: anonymous_posting_allowed_groups: "anonymous_posting_min_trust_level" + here_mention_allowed_groups: "min_trust_level_for_here_mention" shared_drafts_allowed_groups: "shared_drafts_min_trust_level" placeholder: diff --git a/config/site_settings.yml b/config/site_settings.yml index 8e0224bb46a..e3a00558462 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -960,6 +960,13 @@ posting: min_trust_level_for_here_mention: default: "2" enum: "TrustLevelAndStaffSetting" + here_mention_allowed_groups: + default: "12" # auto group trust_level_2 + type: group_list + client: true + allow_any: false + refresh: true + validator: "AtLeastOneGroupValidator" title_max_word_length: default: 30 locale_default: diff --git a/db/migrate/20231107055903_migrate_min_trust_level_for_here_mention_to_group.rb b/db/migrate/20231107055903_migrate_min_trust_level_for_here_mention_to_group.rb new file mode 100644 index 00000000000..a76de48a53e --- /dev/null +++ b/db/migrate/20231107055903_migrate_min_trust_level_for_here_mention_to_group.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +class MigrateMinTrustLevelForHereMentionToGroup < ActiveRecord::Migration[7.0] + def up + min_trust_level_for_here_mention_raw = + DB.query_single( + "SELECT value FROM site_settings WHERE name = 'min_trust_level_for_here_mention'", + ).first + + # Default for old setting is trust level 2 and is TrustLevelAndStaffSetting, we only need to do anything if it's been changed in the DB. + if min_trust_level_for_here_mention_raw.present? + # Matches Group::AUTO_GROUPS to the trust levels & special admin/staff cases. + here_mention_allowed_groups = + case min_trust_level_for_here_mention_raw + when "admin" + "1" + when "staff" + "3" + when "0" + "10" + when "1" + "11" + when "2" + "12" + when "3" + "13" + when "4" + "14" + end + + # Data_type 20 is group_list. + DB.exec(<<~SQL, setting: here_mention_allowed_groups) + INSERT INTO site_settings(name, value, data_type, created_at, updated_at) + VALUES('here_mention_allowed_groups', :setting, 20, NOW(), NOW()) + SQL + end + end + + def down + raise ActiveRecord::IrreversibleMigration + end +end diff --git a/lib/guardian.rb b/lib/guardian.rb index 23c5ef80ba4..6af80ee6233 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -607,7 +607,8 @@ class Guardian return false if !authenticated? return false if User.where(username_lower: SiteSetting.here_mention).exists? - @user.has_trust_level_or_staff?(SiteSetting.min_trust_level_for_here_mention) + @user.in_any_groups?(SiteSetting.here_mention_allowed_groups_map) || + @user.has_trust_level_or_staff?(SiteSetting.min_trust_level_for_here_mention) end def is_me?(other) diff --git a/lib/site_settings/deprecated_settings.rb b/lib/site_settings/deprecated_settings.rb index 8e19f8b1031..43973637bb1 100644 --- a/lib/site_settings/deprecated_settings.rb +++ b/lib/site_settings/deprecated_settings.rb @@ -10,6 +10,7 @@ module SiteSettings::DeprecatedSettings ["default_categories_regular", "default_categories_normal", true, "3.0"], ["anonymous_posting_min_trust_level", "anonymous_posting_allowed_groups", false, "3.3"], ["shared_drafts_min_trust_level", "shared_drafts_allowed_groups", false, "3.3"], + ["min_trust_level_for_here_mention", "here_mention_allowed_groups", false, "3.3"], ] def setup_deprecated_methods diff --git a/spec/lib/guardian_spec.rb b/spec/lib/guardian_spec.rb index e3635e43b79..def89e73808 100644 --- a/spec/lib/guardian_spec.rb +++ b/spec/lib/guardian_spec.rb @@ -4289,6 +4289,8 @@ RSpec.describe Guardian do end describe "#can_mention_here?" do + before { Group.refresh_automatic_groups! } + it "returns false if disabled" do SiteSetting.max_here_mentioned = 0 expect(admin.guardian.can_mention_here?).to eq(false) @@ -4301,6 +4303,7 @@ RSpec.describe Guardian do it "works with trust levels" do SiteSetting.min_trust_level_for_here_mention = 2 + SiteSetting.here_mention_allowed_groups = Group::AUTO_GROUPS[:trust_level_2] expect(trust_level_0.guardian.can_mention_here?).to eq(false) expect(trust_level_1.guardian.can_mention_here?).to eq(false) @@ -4313,6 +4316,7 @@ RSpec.describe Guardian do it "works with staff" do SiteSetting.min_trust_level_for_here_mention = "staff" + SiteSetting.here_mention_allowed_groups = Group::AUTO_GROUPS[:staff] expect(trust_level_4.guardian.can_mention_here?).to eq(false) expect(moderator.guardian.can_mention_here?).to eq(true) @@ -4321,6 +4325,7 @@ RSpec.describe Guardian do it "works with admin" do SiteSetting.min_trust_level_for_here_mention = "admin" + SiteSetting.here_mention_allowed_groups = Group::AUTO_GROUPS[:admins] expect(trust_level_4.guardian.can_mention_here?).to eq(false) expect(moderator.guardian.can_mention_here?).to eq(false)