FIX: Display unread/new PM links only when viewing own user. (#14290)

At this point in time, we do not think supporting unread and new when an
admin is looking at another user's messages is worth supporting.

Follow-up to fc1fd1b416
This commit is contained in:
Alan Guo Xiang Tan 2021-09-09 14:02:17 +08:00 committed by GitHub
parent ee8c943326
commit 7b77dd5c05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 69 additions and 32 deletions

View File

@ -31,16 +31,20 @@
{{i18n "user.messages.sent"}} {{i18n "user.messages.sent"}}
{{/link-to}} {{/link-to}}
</li> </li>
<li>
{{#link-to "userPrivateMessages.new" model class="new"}} {{#if viewingSelf}}
{{newLinkText}} <li>
{{/link-to}} {{#link-to "userPrivateMessages.new" model class="new"}}
</li> {{newLinkText}}
<li> {{/link-to}}
{{#link-to "userPrivateMessages.unread" model class="unread"}} </li>
{{unreadLinkText}} <li>
{{/link-to}} {{#link-to "userPrivateMessages.unread" model class="unread"}}
</li> {{unreadLinkText}}
{{/link-to}}
</li>
{{/if}}
<li> <li>
{{#link-to "userPrivateMessages.archive" model}} {{#link-to "userPrivateMessages.archive" model}}
{{i18n "user.messages.archive"}} {{i18n "user.messages.archive"}}
@ -54,16 +58,20 @@
{{i18n "user.messages.latest"}} {{i18n "user.messages.latest"}}
{{/link-to}} {{/link-to}}
</li> </li>
<li>
{{#link-to "userPrivateMessages.groupNew" group.name class="new"}} {{#if viewingSelf}}
{{newLinkText}} <li>
{{/link-to}} {{#link-to "userPrivateMessages.groupNew" group.name class="new"}}
</li> {{newLinkText}}
<li> {{/link-to}}
{{#link-to "userPrivateMessages.groupUnread" group.name class="unread"}} </li>
{{unreadLinkText}} <li>
{{/link-to}} {{#link-to "userPrivateMessages.groupUnread" group.name class="unread"}}
</li> {{unreadLinkText}}
{{/link-to}}
</li>
{{/if}}
<li> <li>
{{#link-to "userPrivateMessages.groupArchive" group.name}} {{#link-to "userPrivateMessages.groupArchive" group.name}}
{{i18n "user.messages.archive"}} {{i18n "user.messages.archive"}}
@ -82,16 +90,20 @@
{{i18n "user.messages.sent"}} {{i18n "user.messages.sent"}}
{{/link-to}} {{/link-to}}
</li> </li>
<li>
{{#link-to "userPrivateMessages.personalNew" model class="new"}} {{#if viewingSelf}}
{{newLinkText}} <li>
{{/link-to}} {{#link-to "userPrivateMessages.personalNew" model class="new"}}
</li> {{newLinkText}}
<li> {{/link-to}}
{{#link-to "userPrivateMessages.personalUnread" model class="unread"}} </li>
{{unreadLinkText}} <li>
{{/link-to}} {{#link-to "userPrivateMessages.personalUnread" model class="unread"}}
</li> {{unreadLinkText}}
{{/link-to}}
</li>
{{/if}}
<li> <li>
{{#link-to "userPrivateMessages.personalArchive" model}} {{#link-to "userPrivateMessages.personalArchive" model}}
{{i18n "user.messages.archive"}} {{i18n "user.messages.archive"}}

View File

@ -7,6 +7,7 @@ import {
exists, exists,
publishToMessageBus, publishToMessageBus,
query, query,
updateCurrentUser,
} from "discourse/tests/helpers/qunit-helpers"; } from "discourse/tests/helpers/qunit-helpers";
import selectKit from "discourse/tests/helpers/select-kit-helper"; import selectKit from "discourse/tests/helpers/select-kit-helper";
import { PERSONAL_INBOX } from "discourse/controllers/user-private-messages"; import { PERSONAL_INBOX } from "discourse/controllers/user-private-messages";
@ -38,6 +39,22 @@ acceptance(
"displays the group notifications button" "displays the group notifications button"
); );
}); });
test("viewing messages of another user", async function (assert) {
updateCurrentUser({ id: 5, username: "charlie" });
await visit("/u/eviltrout/messages");
assert.ok(
!exists(".messages-nav li a.new"),
"it does not display new filter"
);
assert.ok(
!exists(".messages-nav li a.unread"),
"it does not display unread filter"
);
});
} }
); );

View File

@ -155,6 +155,14 @@ class ListController < ApplicationController
target_user = fetch_user_from_params({ include_inactive: current_user.try(:staff?) }, [:user_stat, :user_option]) target_user = fetch_user_from_params({ include_inactive: current_user.try(:staff?) }, [:user_stat, :user_option])
case action case action
when :private_messages_unread,
:private_messages_new,
:private_messages_group_new,
:private_messages_group_unread,
:private_messages_all_new,
:private_messages_all_unread
raise Discourse::NotFound if target_user.id != current_user.id
when :private_messages_tag when :private_messages_tag
raise Discourse::NotFound if !guardian.can_tag_pms? raise Discourse::NotFound if !guardian.can_tag_pms?
when :private_messages_warnings when :private_messages_warnings

View File

@ -703,10 +703,10 @@ RSpec.describe ListController do
end end
end end
it "returns 403 error when the user can't see private message" do it "returns 404 when the user can't see private message" do
sign_in(Fabricate(:user)) sign_in(Fabricate(:user))
get "/topics/private-messages-unread/#{pm_user.username}.json" get "/topics/private-messages-unread/#{pm_user.username}.json"
expect(response.status).to eq(403) expect(response.status).to eq(404)
end end
it "succeeds when the user can see private messages" do it "succeeds when the user can see private messages" do