Allow staff members to enable safe mode, even if disabled

2018-04-25 11:46:54 -04:00 · 2018-04-25 11:46:54 -04:00 · a5172a37e0
parent afe1a2793d
commit a5172a37e0
6 changed files with 43 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -299,7 +299,7 @@ class ApplicationController < ActionController::Base
  SAFE_MODE = "safe_mode"

  def resolve_safe_mode
-    return unless SiteSetting.enable_safe_mode?
+    return unless guardian.can_enable_safe_mode?

    safe_mode = params[SAFE_MODE]
    if safe_mode
--- a/app/controllers/safe_mode_controller.rb
+++ b/app/controllers/safe_mode_controller.rb
@ -24,7 +24,7 @@ class SafeModeController < ApplicationController
  protected

  def ensure_safe_mode_enabled
-    raise Discourse::NotFound unless SiteSetting.enable_safe_mode?
+    raise Discourse::NotFound unless guardian.can_enable_safe_mode?
  end

 end
--- a/app/views/common/_discourse_javascript.html.erb
+++ b/app/views/common/_discourse_javascript.html.erb
@ -50,7 +50,7 @@
    Discourse.start();
    Discourse.set('assetVersion','<%= Discourse.assets_digest %>');
    Discourse.Session.currentProp("disableCustomCSS", <%= loading_admin? %>);
-    <%- if SiteSetting.enable_safe_mode? && params["safe_mode"] %>
+    <%- if guardian.can_enable_safe_mode? && params["safe_mode"] %>
    Discourse.Session.currentProp("safe_mode", <%= normalized_safe_mode.inspect.html_safe %>);
    <%- end %>
    Discourse.HighlightJSPath = <%= HighlightJs.path.inspect.html_safe %>;
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@ -112,6 +112,10 @@ class Guardian
    true
  end

+  def can_enable_safe_mode?
+    SiteSetting.enable_safe_mode? || is_staff?
+  end
+
  # Can the user edit the obj
  def can_edit?(obj)
    can_do?(:edit, obj)
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@ -158,6 +158,35 @@ describe Guardian do
    end
  end

+  describe "can_enable_safe_mode" do
+    let(:user) { Fabricate.build(:user) }
+    let(:moderator) { Fabricate.build(:moderator) }
+
+    context "when enabled" do
+      before do
+        SiteSetting.enable_safe_mode = true
+      end
+
+      it "can be performed" do
+        expect(Guardian.new.can_enable_safe_mode?).to eq(true)
+        expect(Guardian.new(user).can_enable_safe_mode?).to eq(true)
+        expect(Guardian.new(moderator).can_enable_safe_mode?).to eq(true)
+      end
+    end
+
+    context "when disabled" do
+      before do
+        SiteSetting.enable_safe_mode = false
+      end
+
+      it "can be performed" do
+        expect(Guardian.new.can_enable_safe_mode?).to eq(false)
+        expect(Guardian.new(user).can_enable_safe_mode?).to eq(false)
+        expect(Guardian.new(moderator).can_enable_safe_mode?).to eq(true)
+      end
+    end
+  end
+
  describe "can_defer_flags" do
    let(:post) { Fabricate(:post) }
    let(:user) { post.user }
--- a/spec/requests/safe_mode_controller_spec.rb
+++ b/spec/requests/safe_mode_controller_spec.rb
@ -15,6 +15,13 @@ RSpec.describe SafeModeController do
        post '/safe-mode'
        expect(response.status).to eq(404)
      end
+
+      it "doesn't raise an error for staff" do
+        SiteSetting.enable_safe_mode = false
+        sign_in(Fabricate(:moderator))
+        post '/safe-mode'
+        expect(response.status).to redirect_to(safe_mode_path)
+      end
    end

  end