FIX: only admin can edit faq, tos, and privacy policy
This commit is contained in:
parent
5bd1dbd953
commit
fc22127726
|
@ -265,4 +265,8 @@ module Discourse
|
||||||
{ url: $redis.url, namespace: 'sidekiq' }
|
{ url: $redis.url, namespace: 'sidekiq' }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def self.static_doc_topic_ids
|
||||||
|
[SiteSetting.tos_topic_id, SiteSetting.guidelines_topic_id, SiteSetting.privacy_topic_id]
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -72,6 +72,10 @@ module PostGuardian
|
||||||
|
|
||||||
# Editing Method
|
# Editing Method
|
||||||
def can_edit_post?(post)
|
def can_edit_post?(post)
|
||||||
|
if Discourse.static_doc_topic_ids.include?(post.topic_id) && !is_admin?
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
if is_staff? || @user.has_trust_level?(:elder)
|
if is_staff? || @user.has_trust_level?(:elder)
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
|
@ -27,7 +27,10 @@ module TopicGuardian
|
||||||
|
|
||||||
# Editing Method
|
# Editing Method
|
||||||
def can_edit_topic?(topic)
|
def can_edit_topic?(topic)
|
||||||
!topic.archived && (is_staff? || is_my_own?(topic) || user.has_trust_level?(:leader))
|
return false if topic.archived
|
||||||
|
return true if is_my_own?(topic)
|
||||||
|
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
|
||||||
|
is_staff? || user.has_trust_level?(:leader)
|
||||||
end
|
end
|
||||||
|
|
||||||
# Recovery Method
|
# Recovery Method
|
||||||
|
|
|
@ -354,6 +354,15 @@ describe Guardian do
|
||||||
Guardian.new(moderator).can_see?(private_topic).should be_false
|
Guardian.new(moderator).can_see?(private_topic).should be_false
|
||||||
Guardian.new(admin).can_see?(private_topic).should be_true
|
Guardian.new(admin).can_see?(private_topic).should be_true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "restricts static doc topics" do
|
||||||
|
tos_topic = Fabricate(:topic, user: Discourse.system_user)
|
||||||
|
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
|
||||||
|
|
||||||
|
Guardian.new(build(:user)).can_edit?(tos_topic).should be_false
|
||||||
|
Guardian.new(moderator).can_edit?(tos_topic).should be_false
|
||||||
|
Guardian.new(admin).can_edit?(tos_topic).should be_true
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'a Post' do
|
describe 'a Post' do
|
||||||
|
@ -784,6 +793,18 @@ describe Guardian do
|
||||||
Guardian.new(post.user).can_edit?(post).should be_true
|
Guardian.new(post.user).can_edit?(post).should be_true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "first post of a static page doc" do
|
||||||
|
let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
|
||||||
|
let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
|
||||||
|
before { SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id) }
|
||||||
|
|
||||||
|
it "restricts static doc posts" do
|
||||||
|
Guardian.new(build(:user)).can_edit?(tos_first_post).should be_false
|
||||||
|
Guardian.new(moderator).can_edit?(tos_first_post).should be_false
|
||||||
|
Guardian.new(admin).can_edit?(tos_first_post).should be_true
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'a Topic' do
|
describe 'a Topic' do
|
||||||
|
|
Loading…
Reference in New Issue