Non-staff users may not delete their posts in archived topics.

2014-01-17 17:42:12 -05:00 · 2014-01-17 17:42:12 -05:00 · 8c29ed870e
parent 55397361be
commit 8c29ed870e
2 changed files with 20 additions and 1 deletions
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@ -77,6 +77,9 @@ module PostGuardain
    # Can't delete after post_edit_time_limit minutes have passed
    return false if !is_staff? && post.edit_time_limit_expired?

+    # Can't delete posts in archived topics unless you are staff
+    return false if !is_staff? && post.topic.archived?
+
    # You can delete your own posts
    return !post.user_deleted? if is_my_own?(post)

@ -107,4 +110,4 @@ module PostGuardain
  def can_vote?(post, opts={})
    post_can_act?(post,:vote, opts)
  end
-end
+end
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@ -833,6 +833,22 @@ describe Guardian do
          Guardian.new(coding_horror).can_delete?(old_post).should eq(false)
        end
      end
+
+      context 'the topic is archived' do
+        before do
+          post.topic.archived = true
+        end
+
+        it "allows a staff member to delete it" do
+          Guardian.new(moderator).can_delete?(post).should be_true
+        end
+
+        it "doesn't allow a regular user to delete it" do
+          Guardian.new(post.user).can_delete?(post).should be_false
+        end
+
+      end
+
    end

    context 'a Category' do