Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: staff should not be able to PM groups that "Nobody" can message (#16163) 

If a group's messageable_level is set to nobody then staff can't should not be able to send PMs to it.

Co-authored-by: Martin Brennan <martin@discourse.org>
This commit is contained in:
Vinoth Kannan 2022-03-22 05:53:14 +05:30 committed by GitHub
parent 31bc756037
commit 8a9a7a77d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/guardian.rb
View File

@ -47,6 +47,9 @@ class Guardian
def silenced?
false
end
def is_system_user?
false
end
def secure_category_ids
[]
end
@ -422,6 +425,7 @@ class Guardian
def can_send_private_message?(target, notify_moderators: false)
is_user = target.is_a?(User)
is_group = target.is_a?(Group)
from_system = @user.is_system_user?
(is_group || is_user) &&
# User is authenticated
@ -435,7 +439,7 @@ class Guardian
# Can't send PMs to suspended users
(is_staff? || is_group || !target.suspended?) &&
# Check group messageable level
(is_staff? || is_user || Group.messageable(@user).where(id: target.id).exists? || notify_moderators) &&
(from_system || is_user || Group.messageable(@user).where(id: target.id).exists? || notify_moderators) &&
# Silenced users can only send PM to staff
(!is_silenced? || target.staff?)
end

13
spec/lib/guardian_spec.rb
View File

@ -336,14 +336,13 @@ describe Guardian do
it "respects the group's messageable_level" do
Group::ALIAS_LEVELS.each do |level, _|
group.update!(messageable_level: Group::ALIAS_LEVELS[level])
output = level == :everyone ? true : false
user_output = level == :everyone ? true : false
admin_output = level != :nobody
mod_output = [:nobody, :only_admins].exclude?(level)
expect(Guardian.new(user).can_send_private_message?(group)).to eq(output)
end
Group::ALIAS_LEVELS.each do |level, _|
group.update!(messageable_level: Group::ALIAS_LEVELS[level])
expect(Guardian.new(admin).can_send_private_message?(group)).to eq(true)
expect(Guardian.new(user).can_send_private_message?(group)).to eq(user_output)
expect(Guardian.new(admin).can_send_private_message?(group)).to eq(admin_output)
expect(Guardian.new(moderator).can_send_private_message?(group)).to eq(mod_output)
end
end

2
spec/lib/topic_query_spec.rb
View File

@ -1079,7 +1079,7 @@ describe TopicQuery do
end
let(:group_with_user) do
group = Fabricate(:group)
group = Fabricate(:group, messageable_level: Group::ALIAS_LEVELS[:everyone])
group.add(user)
group.save
group