From 7c8ea8c1665658909f435fa90094e606e24dbe30 Mon Sep 17 00:00:00 2001 From: Neil Lalonde Date: Thu, 16 Jan 2014 11:59:26 -0500 Subject: [PATCH] Trust level 3 users can edit topic titles and change category --- lib/guardian.rb | 4 +++- lib/guardian/topic_guardian.rb | 2 +- spec/components/guardian_spec.rb | 29 +++++++++++++++++++---------- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/lib/guardian.rb b/lib/guardian.rb index 089e20747ac..a22340fc93c 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -80,7 +80,7 @@ class Guardian alias :can_see_flags? :can_moderate? alias :can_send_activation_email? :can_moderate? - + # Can we impersonate this user? def can_impersonate?(target) @@ -241,6 +241,8 @@ class Guardian if obj && authenticated? action_method = method_name_for action, obj return (action_method ? send(action_method, obj) : true) + else + false end end diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb index 69445489f77..9a6cc285bce 100644 --- a/lib/guardian/topic_guardian.rb +++ b/lib/guardian/topic_guardian.rb @@ -47,7 +47,7 @@ module TopicGuardian # Editing Method def can_edit_topic?(topic) - !topic.archived && (is_staff? || is_my_own?(topic)) + !topic.archived && (is_staff? || is_my_own?(topic) || user.has_trust_level?(:leader)) end # Recovery Method diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 7dfe1ac4c35..584b10ae051 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -7,6 +7,7 @@ describe Guardian do let(:user) { build(:user) } let(:moderator) { build(:moderator) } let(:admin) { build(:admin) } + let(:leader) { build(:user, trust_level: 3) } let(:another_admin) { build(:admin) } let(:coding_horror) { build(:coding_horror) } @@ -510,7 +511,7 @@ describe Guardian do describe 'can_edit?' do it 'returns false with a nil object' do - Guardian.new(user).can_edit?(nil).should be_false + Guardian.new(user).can_edit?(nil).should == false end describe 'a Post' do @@ -552,7 +553,7 @@ describe Guardian do end it 'returns false to the author of the post' do - Guardian.new(old_post.user).can_edit?(old_post).should eq(false) + Guardian.new(old_post.user).can_edit?(old_post).should == false end it 'returns true as a moderator' do @@ -564,7 +565,7 @@ describe Guardian do end it 'returns false for another regular user trying to edit your post' do - Guardian.new(coding_horror).can_edit?(old_post).should eq(false) + Guardian.new(coding_horror).can_edit?(old_post).should == false end end end @@ -572,35 +573,43 @@ describe Guardian do describe 'a Topic' do it 'returns false when not logged in' do - Guardian.new.can_edit?(topic).should be_false + Guardian.new.can_edit?(topic).should == false end it 'returns true for editing your own post' do - Guardian.new(topic.user).can_edit?(topic).should be_true + Guardian.new(topic.user).can_edit?(topic).should eq(true) end it 'returns false as a regular user' do - Guardian.new(coding_horror).can_edit?(topic).should be_false + Guardian.new(coding_horror).can_edit?(topic).should == false end context 'not archived' do it 'returns true as a moderator' do - Guardian.new(moderator).can_edit?(topic).should be_true + Guardian.new(moderator).can_edit?(topic).should eq(true) end it 'returns true as an admin' do - Guardian.new(admin).can_edit?(topic).should be_true + Guardian.new(admin).can_edit?(topic).should eq(true) + end + + it 'returns true at trust level 3' do + Guardian.new(leader).can_edit?(topic).should eq(true) end end context 'archived' do it 'returns false as a moderator' do - Guardian.new(moderator).can_edit?(build(:topic, user: user, archived: true)).should be_false + Guardian.new(moderator).can_edit?(build(:topic, user: user, archived: true)).should == false end it 'returns false as an admin' do - Guardian.new(admin).can_edit?(build(:topic, user: user, archived: true)).should be_false + Guardian.new(admin).can_edit?(build(:topic, user: user, archived: true)).should == false + end + + it 'returns false at trust level 3' do + Guardian.new(leader).can_edit?(build(:topic, user: user, archived: true)).should == false end end end