Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Don't enqueue topics if the user can't create them 

Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
This commit is contained in:
Régis Hanol 2018-11-09 18:24:28 +01:00
parent 00ad6e8e37
commit 6b51d84dc5
4 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/email/receiver.rb
View File

@ -994,6 +994,7 @@ module Email
end end
raise TooShortPost raise TooShortPost
end end
raise InvalidPost, errors.join("\n") if result.errors.any? raise InvalidPost, errors.join("\n") if result.errors.any?
if result.post if result.post

14
lib/new_post_manager.rb
View File

@ -104,14 +104,12 @@ class NewPostManager
post = Post.new(raw: manager.args[:raw]) post = Post.new(raw: manager.args[:raw])
post.user = manager.user post.user = manager.user
validator.validate(post) validator.validate(post)
if post.errors[:raw].present? if post.errors[:raw].present?
result = NewPostResult.new(:created_post, false) result = NewPostResult.new(:created_post, false)
result.errors[:base] << post.errors[:raw] result.errors[:base] << post.errors[:raw]
return result return result
end elsif manager.args[:topic_id]
# Can the user create the post in the first place?
if manager.args[:topic_id]
topic = Topic.unscoped.where(id: manager.args[:topic_id]).first topic = Topic.unscoped.where(id: manager.args[:topic_id]).first
unless manager.user.guardian.can_create_post_on_topic?(topic) unless manager.user.guardian.can_create_post_on_topic?(topic)
@ -119,6 +117,14 @@ class NewPostManager
result.errors[:base] << I18n.t(:topic_not_found) result.errors[:base] << I18n.t(:topic_not_found)
return result return result
end end
elsif manager.args[:category]
category = Category.find_by(id: manager.args[:category])
unless manager.user.guardian.can_create_topic_on_category?(category)
result = NewPostResult.new(:created_post, false)
result.errors[:base] << I18n.t("js.errors.reasons.forbidden")
return result
end
end end
result = manager.enqueue('default') result = manager.enqueue('default')

2
spec/components/email/receiver_spec.rb
View File

@ -825,7 +825,7 @@ describe Email::Receiver do
Group.refresh_automatic_group!(:trust_level_4) Group.refresh_automatic_group!(:trust_level_4)
expect { process(:tl3_user) }.to_not change(Topic, :count) expect { process(:tl3_user) }.to raise_error(Email::Receiver::InvalidPost)
expect { process(:tl4_user) }.to change(Topic, :count) expect { process(:tl4_user) }.to change(Topic, :count)
end end

18
spec/components/new_post_manager_spec.rb
View File

@ -104,6 +104,24 @@ describe NewPostManager do
end end
end end
context 'with a high approval post count and secure category' do
it 'does not create topic' do
SiteSetting.approve_post_count = 100
user = Fabricate(:user)
category_group = Fabricate(:category_group, permission_type: 2)
group_user = Fabricate(:group_user, group: category_group.group, user_id: user.id)
manager = NewPostManager.new(
user,
raw: 'this is a new topic',
title: "Let's start a new topic!",
category: category_group.category_id
)
expect(manager.perform.errors["base"][0]).to eq(I18n.t("js.errors.reasons.forbidden"))
end
end
context 'with a high trust level setting' do context 'with a high trust level setting' do
before do before do
SiteSetting.approve_unless_trust_level = 4 SiteSetting.approve_unless_trust_level = 4