FEATURE: New post editing period for >= tl2 users (#8070)

* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests

app/controllers/posts_controller.rb

@@ -204,7 +204,7 @@ class PostsController < ApplicationController
 
     if !guardian.public_send("can_edit?", post) &&
        post.user_id == current_user.id &&
-       post.edit_time_limit_expired?
+       post.edit_time_limit_expired?(current_user)
 
       return render_json_error(I18n.t('too_late_to_edit'))
     end

app/models/concerns/limited_edit.rb

@@ -3,11 +3,22 @@
 module LimitedEdit
   extend ActiveSupport::Concern
 
-  def edit_time_limit_expired?
+  def edit_time_limit_expired?(user)
-    if created_at && SiteSetting.post_edit_time_limit.to_i > 0
+    time_limit = user_time_limit(user)
-      created_at < SiteSetting.post_edit_time_limit.to_i.minutes.ago
+    if created_at && time_limit > 0
+      created_at < time_limit.minutes.ago
     else
       false
     end
   end
+
+  private
+
+  def user_time_limit(user)
+    if user.trust_level < 2
+      SiteSetting.post_edit_time_limit.to_i
+    else
+      SiteSetting.tl2_post_edit_time_limit.to_i
+    end
+  end
 end

config/locales/server.en.yml

@@ -1361,7 +1361,8 @@ en:
     editing_grace_period_max_diff: "Maximum number of character changes allowed in editing grace period, if more changed store another post revision (trust level 0 and 1)"
     editing_grace_period_max_diff_high_trust: "Maximum number of character changes allowed in editing grace period, if more changed store another post revision (trust level 2 and up)"
     staff_edit_locks_post: "Posts will be locked from editing if they are edited by staff members"
-    post_edit_time_limit: "The author can edit their post for (n) minutes after posting. Set to 0 for forever."
+    post_edit_time_limit: "A tl0 or tl1 author can edit their post for (n) minutes after posting. Set to 0 for forever."
+    tl2_post_edit_time_limit: "A tl2 author can edit their post for (n) minutes after posting. Set to 0 for forever."
     edit_history_visible_to_public: "Allow everyone to see previous versions of an edited post. When disabled, only staff members can view."
     delete_removed_posts_after: "Posts removed by the author will be automatically deleted after (n) hours. If set to 0, posts will be deleted immediately."
     max_image_width: "Maximum thumbnail width of images in a post"

config/site_settings.yml

@@ -700,6 +700,9 @@ posting:
     type: category
     default: ""
   post_edit_time_limit:
+    default: 1440
+    max: 10080
+  tl2_post_edit_time_limit:
     default: 43200
     max: 525600
   edit_history_visible_to_public:

lib/guardian/post_guardian.rb

@@ -158,7 +158,7 @@ module PostGuardian
         return true
       end
 
-      return !post.edit_time_limit_expired?
+      return !post.edit_time_limit_expired?(@user)
     end
 
     false
@@ -238,7 +238,7 @@ module PostGuardian
 
     if @user.has_trust_level?(SiteSetting.min_trust_to_allow_self_wiki) && is_my_own?(post)
       return false if post.hidden?
-      return !post.edit_time_limit_expired?
+      return !post.edit_time_limit_expired?(@user)
     end
 
     false

lib/guardian/topic_guardian.rb

@@ -106,7 +106,7 @@ module TopicGuardian
 
     return false if topic.archived
     is_my_own?(topic) &&
-      !topic.edit_time_limit_expired? &&
+      !topic.edit_time_limit_expired?(user) &&
       !Post.where(topic_id: topic.id, post_number: 1).where.not(locked_by_id: nil).exists?
   end
 

spec/components/guardian_spec.rb

@@ -1389,10 +1389,12 @@ describe Guardian do
         expect(Guardian.new(post.user).can_edit?(post)).to be_truthy
       end
 
+      describe 'post edit time limits' do
         context 'post is older than post_edit_time_limit' do
           let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 6.minutes.ago) }
 
           before do
+            topic.user.update_columns(trust_level:  1)
             SiteSetting.post_edit_time_limit = 5
           end
 
@@ -1418,6 +1420,37 @@ describe Guardian do
           end
         end
 
+        context 'post is older than tl2_post_edit_time_limit' do
+          let(:old_post) { build(:post, topic: topic, user: topic.user, created_at: 12.minutes.ago) }
+
+          before do
+            topic.user.update_columns(trust_level: 2)
+            SiteSetting.tl2_post_edit_time_limit = 10
+          end
+
+          it 'returns false to the author of the post' do
+            expect(Guardian.new(old_post.user).can_edit?(old_post)).to be_falsey
+          end
+
+          it 'returns true as a moderator' do
+            expect(Guardian.new(moderator).can_edit?(old_post)).to eq(true)
+          end
+
+          it 'returns true as an admin' do
+            expect(Guardian.new(admin).can_edit?(old_post)).to eq(true)
+          end
+
+          it 'returns false for another regular user trying to edit your post' do
+            expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_falsey
+          end
+
+          it 'returns true for another regular user trying to edit a wiki post' do
+            old_post.wiki = true
+            expect(Guardian.new(coding_horror).can_edit?(old_post)).to be_truthy
+          end
+        end
+      end
+
       context "first post of a static page doc" do
         let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
         let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
@@ -2854,7 +2887,7 @@ describe Guardian do
       let(:old_post) { build(:post, user: trust_level_2, created_at: 6.minutes.ago) }
       before do
         SiteSetting.min_trust_to_allow_self_wiki = 2
-        SiteSetting.post_edit_time_limit = 5
+        SiteSetting.tl2_post_edit_time_limit = 5
       end
 
       it 'returns false when user satisfies trust level and owns the post' do

spec/requests/posts_controller_spec.rb

@@ -313,8 +313,26 @@ describe PostsController do
         sign_in(user)
       end
 
-      it 'does not allow to update when edit time limit expired' do
+      it 'does not allow TL0 or TL1 to update when edit time limit expired' do
         SiteSetting.post_edit_time_limit = 5
+        SiteSetting.tl2_post_edit_time_limit = 30
+
+        post = Fabricate(:post, created_at: 10.minutes.ago, user: user)
+
+        user.update_columns(trust_level: 1)
+
+        put "/posts/#{post.id}.json", params: update_params
+
+        expect(response.status).to eq(422)
+        expect(JSON.parse(response.body)['errors']).to include(I18n.t('too_late_to_edit'))
+      end
+
+      it 'does not allow TL2 to update when edit time limit expired' do
+        SiteSetting.post_edit_time_limit = 12
+        SiteSetting.tl2_post_edit_time_limit = 8
+
+        user.update_columns(trust_level: 2)
+
         post = Fabricate(:post, created_at: 10.minutes.ago, user: user)
 
         put "/posts/#{post.id}.json", params: update_params