FIX: staged users weren't able to reply in restricted categories

This commit is contained in:
Régis Hanol 2016-06-26 19:25:45 +02:00
parent 74e93d2260
commit 800081f606
5 changed files with 53 additions and 50 deletions

View File

@ -60,32 +60,21 @@ class Category < ActiveRecord::Base
has_many :category_tag_groups, dependent: :destroy has_many :category_tag_groups, dependent: :destroy
has_many :tag_groups, through: :category_tag_groups has_many :tag_groups, through: :category_tag_groups
scope :latest, ->{ order('topic_count desc') } scope :latest, -> { order('topic_count DESC') }
scope :secured, ->(guardian = nil) { scope :secured, -> (guardian = nil) {
ids = guardian.secure_category_ids if guardian ids = guardian.secure_category_ids if guardian
if ids.present? if ids.present?
where("NOT categories.read_restricted or categories.id in (:cats)", cats: ids).references(:categories) where("NOT categories.read_restricted OR categories.id IN (:cats)", cats: ids).references(:categories)
else else
where("NOT categories.read_restricted").references(:categories) where("NOT categories.read_restricted").references(:categories)
end end
} }
scope :topic_create_allowed, ->(guardian) { TOPIC_CREATION_PERMISSIONS ||= [:full]
if guardian.anonymous? POST_CREATION_PERMISSIONS ||= [:create_post, :full]
where("1=0") scope :topic_create_allowed, -> (guardian) { scoped_to_permissions(guardian, TOPIC_CREATION_PERMISSIONS) }
else scope :post_create_allowed, -> (guardian) { scoped_to_permissions(guardian, POST_CREATION_PERMISSIONS) }
scoped_to_permissions(guardian, [:full])
end
}
scope :post_create_allowed, ->(guardian) {
if guardian.anonymous?
where("1=0")
else
scoped_to_permissions(guardian, [:create_post, :full])
end
}
delegate :post_template, to: 'self.class' delegate :post_template, to: 'self.class'
@ -98,7 +87,7 @@ class Category < ActiveRecord::Base
end end
def self.scoped_to_permissions(guardian, permission_types) def self.scoped_to_permissions(guardian, permission_types)
if guardian && guardian.is_admin? if guardian.try(:is_admin?)
all all
elsif !guardian || guardian.anonymous? elsif !guardian || guardian.anonymous?
if permission_types.include?(:readonly) if permission_types.include?(:readonly)
@ -107,26 +96,17 @@ class Category < ActiveRecord::Base
where("1 = 0") where("1 = 0")
end end
else else
permission_types = permission_types.map{ |permission_type| permissions = permission_types.map { |p| CategoryGroup.permission_types[p] }
CategoryGroup.permission_types[permission_type] where("(:staged AND LENGTH(COALESCE(email_in, '')) > 0 AND email_in_allow_strangers)
} OR categories.id NOT IN (SELECT category_id FROM category_groups)
where("categories.id in ( OR categories.id IN (
SELECT cg.category_id FROM category_groups cg SELECT category_id
WHERE permission_type in (:permissions) AND FROM category_groups
( WHERE permission_type IN (:permissions)
group_id IN ( AND (group_id = :everyone OR group_id IN (SELECT group_id FROM group_users WHERE user_id = :user_id))
SELECT g.group_id FROM group_users g where g.user_id = :user_id )",
) staged: guardian.is_staged?,
) permissions: permissions,
)
OR
categories.id in (
SELECT cg.category_id FROM category_groups cg
WHERE permission_type in (:permissions) AND group_id = :everyone
)
OR
categories.id NOT in (SELECT cg.category_id FROM category_groups cg)
", permissions: permission_types,
user_id: guardian.user.id, user_id: guardian.user.id,
everyone: Group[:everyone].id) everyone: Group[:everyone].id)
end end
@ -139,14 +119,13 @@ class Category < ActiveRecord::Base
.group("topics.category_id") .group("topics.category_id")
.visible.to_sql .visible.to_sql
Category.exec_sql <<SQL Category.exec_sql <<-SQL
UPDATE categories c UPDATE categories c
SET topic_count = x.topic_count, SET topic_count = x.topic_count,
post_count = x.post_count post_count = x.post_count
FROM (#{topics_with_post_count}) x FROM (#{topics_with_post_count}) x
WHERE x.category_id = c.id AND WHERE x.category_id = c.id
(c.topic_count <> x.topic_count OR c.post_count <> x.post_count) AND (c.topic_count <> x.topic_count OR c.post_count <> x.post_count)
SQL SQL
# Yes, there are a lot of queries happening below. # Yes, there are a lot of queries happening below.

View File

@ -78,6 +78,10 @@ class Guardian
) )
end end
def is_staged?
@user.staged?
end
# Can the user see the object? # Can the user see the object?
def can_see?(obj) def can_see?(obj)
if obj if obj

View File

@ -76,7 +76,6 @@ module PostGuardian
# Creating Method # Creating Method
def can_create_post?(parent) def can_create_post?(parent)
(!SpamRule::AutoBlock.block?(@user) || (!!parent.try(:private_message?) && parent.allowed_users.include?(@user))) && ( (!SpamRule::AutoBlock.block?(@user) || (!!parent.try(:private_message?) && parent.allowed_users.include?(@user))) && (
!parent || !parent ||
!parent.category || !parent.category ||

View File

@ -107,8 +107,9 @@ describe Email::Receiver do
context "reply" do context "reply" do
let(:reply_key) { "4f97315cc828096c9cb34c6f1a0d6fe8" } let(:reply_key) { "4f97315cc828096c9cb34c6f1a0d6fe8" }
let(:category) { Fabricate(:category) }
let(:user) { Fabricate(:user, email: "discourse@bar.com") } let(:user) { Fabricate(:user, email: "discourse@bar.com") }
let(:topic) { create_topic(user: user) } let(:topic) { create_topic(category: category, user: user) }
let(:post) { create_post(topic: topic, user: user) } let(:post) { create_post(topic: topic, user: user) }
let!(:email_log) { Fabricate(:email_log, reply_key: reply_key, user: user, topic: topic, post: post) } let!(:email_log) { Fabricate(:email_log, reply_key: reply_key, user: user, topic: topic, post: post) }
@ -214,6 +215,17 @@ describe Email::Receiver do
expect { process(:auto_generated_unblocked) }.to change { topic.posts.count } expect { process(:auto_generated_unblocked) }.to change { topic.posts.count }
end end
it "allows staged users to reply to a restricted category" do
user.update_columns(staged: true)
category.email_in = "category@bar.com"
category.email_in_allow_strangers = true
category.set_permissions(Group[:trust_level_4] => :full)
category.save
expect { process(:staged_reply_restricted) }.to change { topic.posts.count }
end
describe 'Unsubscribing via email' do describe 'Unsubscribing via email' do
let(:last_email) { ActionMailer::Base.deliveries.last } let(:last_email) { ActionMailer::Base.deliveries.last }

View File

@ -0,0 +1,9 @@
Return-Path: <discourse@bar.com>
From: Foo Bar <discourse@bar.com>
To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
Date: Fri, 15 Jun 2016 00:12:43 +0100
Message-ID: <54@foo.bar.mail>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
This is a reply from a staged user in a topic in a restricted category.