FIX: can_permanently_delete should check for admin (#16348)
can_permanently_delete field in Post and TopicViewDetails serializers cannot use Guardian's can_permanently_delete beause their use is different. The field from the serializers is used to show the button and the button is shown even if the post cannot be removed forever because not enough time has passed since it was first deleted. The guardian method is used by the controller to check that the post can really be deleted.
This commit is contained in:
Bianca Nenciu
GitHub
parent
b023d88b09
commit
819038537c
|
|
@ -173,7 +173,7 @@ class PostSerializer < BasicPostSerializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def include_can_permanently_delete?
|
def include_can_permanently_delete?
|
||||||
SiteSetting.can_permanently_delete && object.deleted_at
|
SiteSetting.can_permanently_delete && scope.is_admin? && object.deleted_at
|
||||||
end
|
end
|
||||||
|
|
||||||
def can_recover
|
def can_recover
|
||||||
|
|
|
||||||
|
|
@ -112,7 +112,7 @@ class TopicViewDetailsSerializer < ApplicationSerializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def include_can_permanently_delete?
|
def include_can_permanently_delete?
|
||||||
SiteSetting.can_permanently_delete && object.topic.deleted_at
|
SiteSetting.can_permanently_delete && scope.is_admin? && object.topic.deleted_at
|
||||||
end
|
end
|
||||||
|
|
||||||
def include_can_recover?
|
def include_can_recover?
|
||||||
|
|
|
||||||
|
|
@ -24,4 +24,30 @@ describe TopicViewDetailsSerializer do
|
||||||
expect(allowed_users).to contain_exactly(participant.id)
|
expect(allowed_users).to contain_exactly(participant.id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "#can_permanently_delete" do
|
||||||
|
let(:post) do
|
||||||
|
Fabricate(:post).tap do |post|
|
||||||
|
PostDestroyer.new(Discourse.system_user, post).destroy
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
SiteSetting.can_permanently_delete = true
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is true for admins" do
|
||||||
|
admin = Fabricate(:admin)
|
||||||
|
|
||||||
|
serializer = described_class.new(TopicView.new(post.topic, admin), scope: Guardian.new(admin))
|
||||||
|
expect(serializer.as_json.dig(:topic_view_details, :can_permanently_delete)).to eq(true)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is not present for moderators" do
|
||||||
|
moderator = Fabricate(:moderator)
|
||||||
|
|
||||||
|
serializer = described_class.new(TopicView.new(post.topic, moderator), scope: Guardian.new(moderator))
|
||||||
|
expect(serializer.as_json.dig(:topic_view_details, :can_permanently_delete)).to eq(nil)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue