FIX: staged users weren't able to reply in restricted categories
This commit is contained in:
parent
74e93d2260
commit
800081f606
|
@ -60,32 +60,21 @@ class Category < ActiveRecord::Base
|
||||||
has_many :category_tag_groups, dependent: :destroy
|
has_many :category_tag_groups, dependent: :destroy
|
||||||
has_many :tag_groups, through: :category_tag_groups
|
has_many :tag_groups, through: :category_tag_groups
|
||||||
|
|
||||||
scope :latest, ->{ order('topic_count desc') }
|
scope :latest, -> { order('topic_count DESC') }
|
||||||
|
|
||||||
scope :secured, ->(guardian = nil) {
|
scope :secured, -> (guardian = nil) {
|
||||||
ids = guardian.secure_category_ids if guardian
|
ids = guardian.secure_category_ids if guardian
|
||||||
if ids.present?
|
if ids.present?
|
||||||
where("NOT categories.read_restricted or categories.id in (:cats)", cats: ids).references(:categories)
|
where("NOT categories.read_restricted OR categories.id IN (:cats)", cats: ids).references(:categories)
|
||||||
else
|
else
|
||||||
where("NOT categories.read_restricted").references(:categories)
|
where("NOT categories.read_restricted").references(:categories)
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
|
|
||||||
scope :topic_create_allowed, ->(guardian) {
|
TOPIC_CREATION_PERMISSIONS ||= [:full]
|
||||||
if guardian.anonymous?
|
POST_CREATION_PERMISSIONS ||= [:create_post, :full]
|
||||||
where("1=0")
|
scope :topic_create_allowed, -> (guardian) { scoped_to_permissions(guardian, TOPIC_CREATION_PERMISSIONS) }
|
||||||
else
|
scope :post_create_allowed, -> (guardian) { scoped_to_permissions(guardian, POST_CREATION_PERMISSIONS) }
|
||||||
scoped_to_permissions(guardian, [:full])
|
|
||||||
end
|
|
||||||
}
|
|
||||||
|
|
||||||
scope :post_create_allowed, ->(guardian) {
|
|
||||||
if guardian.anonymous?
|
|
||||||
where("1=0")
|
|
||||||
else
|
|
||||||
scoped_to_permissions(guardian, [:create_post, :full])
|
|
||||||
end
|
|
||||||
}
|
|
||||||
|
|
||||||
delegate :post_template, to: 'self.class'
|
delegate :post_template, to: 'self.class'
|
||||||
|
|
||||||
|
@ -98,7 +87,7 @@ class Category < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.scoped_to_permissions(guardian, permission_types)
|
def self.scoped_to_permissions(guardian, permission_types)
|
||||||
if guardian && guardian.is_admin?
|
if guardian.try(:is_admin?)
|
||||||
all
|
all
|
||||||
elsif !guardian || guardian.anonymous?
|
elsif !guardian || guardian.anonymous?
|
||||||
if permission_types.include?(:readonly)
|
if permission_types.include?(:readonly)
|
||||||
|
@ -107,28 +96,19 @@ class Category < ActiveRecord::Base
|
||||||
where("1 = 0")
|
where("1 = 0")
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
permission_types = permission_types.map{ |permission_type|
|
permissions = permission_types.map { |p| CategoryGroup.permission_types[p] }
|
||||||
CategoryGroup.permission_types[permission_type]
|
where("(:staged AND LENGTH(COALESCE(email_in, '')) > 0 AND email_in_allow_strangers)
|
||||||
}
|
OR categories.id NOT IN (SELECT category_id FROM category_groups)
|
||||||
where("categories.id in (
|
OR categories.id IN (
|
||||||
SELECT cg.category_id FROM category_groups cg
|
SELECT category_id
|
||||||
WHERE permission_type in (:permissions) AND
|
FROM category_groups
|
||||||
(
|
WHERE permission_type IN (:permissions)
|
||||||
group_id IN (
|
AND (group_id = :everyone OR group_id IN (SELECT group_id FROM group_users WHERE user_id = :user_id))
|
||||||
SELECT g.group_id FROM group_users g where g.user_id = :user_id
|
)",
|
||||||
)
|
staged: guardian.is_staged?,
|
||||||
)
|
permissions: permissions,
|
||||||
)
|
user_id: guardian.user.id,
|
||||||
OR
|
everyone: Group[:everyone].id)
|
||||||
categories.id in (
|
|
||||||
SELECT cg.category_id FROM category_groups cg
|
|
||||||
WHERE permission_type in (:permissions) AND group_id = :everyone
|
|
||||||
)
|
|
||||||
OR
|
|
||||||
categories.id NOT in (SELECT cg.category_id FROM category_groups cg)
|
|
||||||
", permissions: permission_types,
|
|
||||||
user_id: guardian.user.id,
|
|
||||||
everyone: Group[:everyone].id)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -139,14 +119,13 @@ class Category < ActiveRecord::Base
|
||||||
.group("topics.category_id")
|
.group("topics.category_id")
|
||||||
.visible.to_sql
|
.visible.to_sql
|
||||||
|
|
||||||
Category.exec_sql <<SQL
|
Category.exec_sql <<-SQL
|
||||||
UPDATE categories c
|
UPDATE categories c
|
||||||
SET topic_count = x.topic_count,
|
SET topic_count = x.topic_count,
|
||||||
post_count = x.post_count
|
post_count = x.post_count
|
||||||
FROM (#{topics_with_post_count}) x
|
FROM (#{topics_with_post_count}) x
|
||||||
WHERE x.category_id = c.id AND
|
WHERE x.category_id = c.id
|
||||||
(c.topic_count <> x.topic_count OR c.post_count <> x.post_count)
|
AND (c.topic_count <> x.topic_count OR c.post_count <> x.post_count)
|
||||||
|
|
||||||
SQL
|
SQL
|
||||||
|
|
||||||
# Yes, there are a lot of queries happening below.
|
# Yes, there are a lot of queries happening below.
|
||||||
|
|
|
@ -78,6 +78,10 @@ class Guardian
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def is_staged?
|
||||||
|
@user.staged?
|
||||||
|
end
|
||||||
|
|
||||||
# Can the user see the object?
|
# Can the user see the object?
|
||||||
def can_see?(obj)
|
def can_see?(obj)
|
||||||
if obj
|
if obj
|
||||||
|
|
|
@ -76,7 +76,6 @@ module PostGuardian
|
||||||
|
|
||||||
# Creating Method
|
# Creating Method
|
||||||
def can_create_post?(parent)
|
def can_create_post?(parent)
|
||||||
|
|
||||||
(!SpamRule::AutoBlock.block?(@user) || (!!parent.try(:private_message?) && parent.allowed_users.include?(@user))) && (
|
(!SpamRule::AutoBlock.block?(@user) || (!!parent.try(:private_message?) && parent.allowed_users.include?(@user))) && (
|
||||||
!parent ||
|
!parent ||
|
||||||
!parent.category ||
|
!parent.category ||
|
||||||
|
|
|
@ -107,8 +107,9 @@ describe Email::Receiver do
|
||||||
context "reply" do
|
context "reply" do
|
||||||
|
|
||||||
let(:reply_key) { "4f97315cc828096c9cb34c6f1a0d6fe8" }
|
let(:reply_key) { "4f97315cc828096c9cb34c6f1a0d6fe8" }
|
||||||
|
let(:category) { Fabricate(:category) }
|
||||||
let(:user) { Fabricate(:user, email: "discourse@bar.com") }
|
let(:user) { Fabricate(:user, email: "discourse@bar.com") }
|
||||||
let(:topic) { create_topic(user: user) }
|
let(:topic) { create_topic(category: category, user: user) }
|
||||||
let(:post) { create_post(topic: topic, user: user) }
|
let(:post) { create_post(topic: topic, user: user) }
|
||||||
let!(:email_log) { Fabricate(:email_log, reply_key: reply_key, user: user, topic: topic, post: post) }
|
let!(:email_log) { Fabricate(:email_log, reply_key: reply_key, user: user, topic: topic, post: post) }
|
||||||
|
|
||||||
|
@ -214,6 +215,17 @@ describe Email::Receiver do
|
||||||
expect { process(:auto_generated_unblocked) }.to change { topic.posts.count }
|
expect { process(:auto_generated_unblocked) }.to change { topic.posts.count }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "allows staged users to reply to a restricted category" do
|
||||||
|
user.update_columns(staged: true)
|
||||||
|
|
||||||
|
category.email_in = "category@bar.com"
|
||||||
|
category.email_in_allow_strangers = true
|
||||||
|
category.set_permissions(Group[:trust_level_4] => :full)
|
||||||
|
category.save
|
||||||
|
|
||||||
|
expect { process(:staged_reply_restricted) }.to change { topic.posts.count }
|
||||||
|
end
|
||||||
|
|
||||||
describe 'Unsubscribing via email' do
|
describe 'Unsubscribing via email' do
|
||||||
let(:last_email) { ActionMailer::Base.deliveries.last }
|
let(:last_email) { ActionMailer::Base.deliveries.last }
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
Return-Path: <discourse@bar.com>
|
||||||
|
From: Foo Bar <discourse@bar.com>
|
||||||
|
To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
|
||||||
|
Date: Fri, 15 Jun 2016 00:12:43 +0100
|
||||||
|
Message-ID: <54@foo.bar.mail>
|
||||||
|
Mime-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
|
||||||
|
This is a reply from a staged user in a topic in a restricted category.
|
Loading…
Reference in New Issue