Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: only staff can banner topics

This commit is contained in:
Arpit Jalan 2019-04-02 12:38:15 +05:30
parent d85240335b
commit d68d29f37a
4 changed files with 40 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
app/assets/javascripts/discourse/templates/modal/feature-topic.hbs
View File

@ -110,37 +110,39 @@
</div>
</div>
{{/if}}
<hr>
<div class="feature-section">
<div class="desc">
<p>
{{#conditional-loading-spinner size="small" condition=loading}}
{{#if bannerCount}}
{{{i18n "topic.feature_topic.banner_exists"}}}
{{#if currentUser.staff}}
<hr>
<div class="feature-section">
<div class="desc">
<p>
{{#conditional-loading-spinner size="small" condition=loading}}
{{#if bannerCount}}
{{{i18n "topic.feature_topic.banner_exists"}}}
{{else}}
{{{i18n "topic.feature_topic.no_banner_exists"}}}
{{/if}}
{{/conditional-loading-spinner}}
</p>
<p>
{{i18n "topic.feature_topic.banner_note"}}
</p>
<p>
{{#if model.isBanner}}
{{i18n "topic.feature_topic.remove_banner"}}
{{else}}
{{{i18n "topic.feature_topic.no_banner_exists"}}}
{{i18n "topic.feature_topic.make_banner"}}
{{/if}}
{{/conditional-loading-spinner}}
</p>
<p>
{{i18n "topic.feature_topic.banner_note"}}
</p>
<p>
{{#if model.isBanner}}
{{i18n "topic.feature_topic.remove_banner"}}
{{else}}
{{i18n "topic.feature_topic.make_banner"}}
{{/if}}
</p>
<p>
{{#if model.isBanner}}
{{d-button action=(action "removeBanner") icon="thumb-tack" label="topic.feature.remove_banner" class="btn-primary"}}
{{else}}
{{d-button action=(action "makeBanner") icon="thumb-tack" label="topic.feature.make_banner" class="btn-primary"}}
{{/if}}
</p>
</p>
<p>
{{#if model.isBanner}}
{{d-button action=(action "removeBanner") icon="thumb-tack" label="topic.feature.remove_banner" class="btn-primary"}}
{{else}}
{{d-button action=(action "makeBanner") icon="thumb-tack" label="topic.feature.make_banner" class="btn-primary"}}
{{/if}}
</p>
</div>
</div>
</div>
{{/if}}
{{/d-modal-body}}
<div class="modal-footer">
{{d-modal-cancel close=(route-action "closeModal")}}

4
app/controllers/topics_controller.rb
View File

@ -408,7 +408,7 @@ class TopicsController < ApplicationController
def make_banner
topic = Topic.find_by(id: params[:topic_id].to_i)
guardian.ensure_can_moderate!(topic)
guardian.ensure_can_banner_topic!(topic)
topic.make_banner!(current_user)
@ -417,7 +417,7 @@ class TopicsController < ApplicationController
def remove_banner
topic = Topic.find_by(id: params[:topic_id].to_i)
guardian.ensure_can_moderate!(topic)
guardian.ensure_can_banner_topic!(topic)
topic.remove_banner!(current_user)

4
lib/guardian/topic_guardian.rb
View File

@ -154,4 +154,8 @@ module TopicGuardian
def can_update_bumped_at?
is_staff? || @user.has_trust_level?(TrustLevel[4])
end
def can_banner_topic?(topic)
authenticated? && !topic.private_message? && is_staff?
end
end

8
spec/requests/topics_controller_spec.rb
View File

@ -1907,8 +1907,8 @@ RSpec.describe TopicsController do
describe '#make_banner' do
it 'needs you to be a staff member' do
sign_in(Fabricate(:user))
put "/t/99/make-banner.json"
topic = Fabricate(:topic, user: sign_in(Fabricate(:trust_level_4)))
put "/t/#{topic.id}/make-banner.json"
expect(response).to be_forbidden
end
@ -1926,8 +1926,8 @@ RSpec.describe TopicsController do
describe '#remove_banner' do
it 'needs you to be a staff member' do
sign_in(Fabricate(:user))
put "/t/99/remove-banner.json"
topic = Fabricate(:topic, user: sign_in(Fabricate(:trust_level_4)), archetype: Archetype.banner)
put "/t/#{topic.id}/remove-banner.json"
expect(response).to be_forbidden
end