FIX: use reviewer's guardian permissions to create post/topic while approve. (#19710)
We previously used post creator's guardian permissions which will raise an error if the reviewer added a staff-only (restricted) tag. Co-authored-by: Natalie Tay <natalie.tay@discourse.org>
This commit is contained in:
parent
d5491b13f5
commit
7ecf4d12a9
|
@ -74,13 +74,15 @@ class ReviewableQueuedPost < Reviewable
|
||||||
|
|
||||||
def perform_approve_post(performed_by, args)
|
def perform_approve_post(performed_by, args)
|
||||||
created_post = nil
|
created_post = nil
|
||||||
|
opts = create_options.merge(
|
||||||
creator = PostCreator.new(created_by, create_options.merge(
|
|
||||||
skip_validations: true,
|
skip_validations: true,
|
||||||
skip_jobs: true,
|
skip_jobs: true,
|
||||||
skip_events: true,
|
skip_events: true,
|
||||||
skip_guardian: true
|
skip_guardian: true
|
||||||
))
|
)
|
||||||
|
opts.merge!(guardian: Guardian.new(performed_by)) if performed_by.staff?
|
||||||
|
|
||||||
|
creator = PostCreator.new(created_by, opts)
|
||||||
created_post = creator.create
|
created_post = creator.create
|
||||||
|
|
||||||
unless created_post && creator.errors.blank?
|
unless created_post && creator.errors.blank?
|
||||||
|
|
|
@ -180,7 +180,21 @@ RSpec.describe ReviewableQueuedPost, type: :model do
|
||||||
expect(Post.count).to eq(post_count + 1)
|
expect(Post.count).to eq(post_count + 1)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "creates the post and topic when rejected" do
|
it "creates a topic with staff tag when approved" do
|
||||||
|
hidden_tag = Fabricate(:tag)
|
||||||
|
staff_tag_group = Fabricate(:tag_group, permissions: { "staff" => 1 }, tag_names: [hidden_tag.name])
|
||||||
|
reviewable.payload['tags'] += [hidden_tag.name]
|
||||||
|
|
||||||
|
result = reviewable.perform(moderator, :approve_post)
|
||||||
|
|
||||||
|
expect(result.success?).to eq(true)
|
||||||
|
expect(result.created_post_topic).to be_present
|
||||||
|
expect(result.created_post_topic).to be_valid
|
||||||
|
expect(reviewable.topic_id).to eq(result.created_post_topic.id)
|
||||||
|
expect(result.created_post_topic.tags.pluck(:name)).to match_array(reviewable.payload['tags'])
|
||||||
|
end
|
||||||
|
|
||||||
|
it "does not create the post and topic when rejected" do
|
||||||
topic_count, post_count = Topic.count, Post.count
|
topic_count, post_count = Topic.count, Post.count
|
||||||
result = reviewable.perform(moderator, :reject_post)
|
result = reviewable.perform(moderator, :reject_post)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue