FIX: Handle separately invite to topic and forum (#14562)

Invite is used in two contexts, when inviting a new user to the forum
and when inviting an existent user to a topic. The first case is more
complex and it involves permission checks to ensure that new users can
be created. In the second case, it is enough to ensure that the topic
is visible for both users and that all preconditions are met.

One edge case is the invite to topic via email functionality which
checks for both conditions because first the user must be invited to
create an account first and then to the topic.

A side effect of these changes is that all site settings related to
invites refer to inviting new users only now.
This commit is contained in:
Dan Ungureanu 2021-10-11 12:19:31 +03:00 committed by GitHub
parent f5cf647e57
commit d0bd96e19c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 22 deletions

View File

@ -365,7 +365,7 @@ class Guardian
end end
def can_invite_to?(object, groups = nil) def can_invite_to?(object, groups = nil)
return false if !can_invite_to_forum?(groups) return false if !authenticated?
return false if !object.is_a?(Topic) || !can_see?(object) return false if !object.is_a?(Topic) || !can_see?(object)
return false if groups.present? return false if groups.present?
@ -385,6 +385,7 @@ class Guardian
end end
def can_invite_via_email?(object) def can_invite_via_email?(object)
return false if !can_invite_to_forum?
return false if !can_invite_to?(object) return false if !can_invite_to?(object)
(SiteSetting.enable_local_logins || SiteSetting.enable_discourse_connect) && (SiteSetting.enable_local_logins || SiteSetting.enable_discourse_connect) &&

View File

@ -548,11 +548,11 @@ describe Guardian do
expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
expect(Guardian.new(trust_level_1).can_invite_to?(topic)).to be_falsey expect(Guardian.new(trust_level_1).can_invite_to?(topic)).to be_truthy
SiteSetting.max_invites_per_day = 0 SiteSetting.max_invites_per_day = 0
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey expect(Guardian.new(user).can_invite_to?(topic)).to be_truthy
# staff should be immune to max_invites_per_day setting # staff should be immune to max_invites_per_day setting
expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
end end
@ -575,9 +575,9 @@ describe Guardian do
expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy
end end
it 'fails for normal users if must_approve_users' do it 'return true for normal users even if must_approve_users' do
SiteSetting.must_approve_users = true SiteSetting.must_approve_users = true
expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey expect(Guardian.new(user).can_invite_to?(topic)).to be_truthy
expect(Guardian.new(admin).can_invite_to?(topic)).to be_truthy expect(Guardian.new(admin).can_invite_to?(topic)).to be_truthy
end end
@ -644,23 +644,6 @@ describe Guardian do
end end
end end
context "when private messages are enabled" do
before do
SiteSetting.enable_personal_messages = true
SiteSetting.min_trust_level_to_allow_invite = 2
end
it "returns true if user has sufficient trust level" do
user.trust_level = 2
expect(Guardian.new(user).can_invite_to?(pm)).to be_truthy
end
it "returns false if user has sufficient trust level" do
user.trust_level = 1
expect(Guardian.new(user).can_invite_to?(pm)).to be_falsey
end
end
context "when PM has reached the maximum number of recipients" do context "when PM has reached the maximum number of recipients" do
before do before do
SiteSetting.max_allowed_message_recipients = 2 SiteSetting.max_allowed_message_recipients = 2