discourse/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-06 11:19:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Always allow staff (admins & mods) to post links (#25601)

Browse Source 
Followup fb087b7ff6d168bbfcaa5f83d53ac122d6a18a1c

post_links_allowed_groups is an odd check tied to
unrestricted_link_posting? in PostGuardian, in that
it doesn't have an escape hatch for staff like most
of the rest of these group based settings.

It doesn't make sense to exclude admins or mods from
posting links, so just always allow them to avoid confusion.
This commit is contained in:
Martin Brennan 2024-02-08 11:19:28 +10:00 committed by GitHub
parent adb4eee153
commit 4ce1c2c030
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/locales/server.en.yml
View File

@ -1974,7 +1974,7 @@ en:
min_trust_to_flag_posts: "The minimum trust level required to flag posts"
flag_post_allowed_groups: "Groups that are allowed to flag posts."
min_trust_to_post_links: "The minimum trust level required to include links in posts"
post_links_allowed_groups: "Groups that are allowed to include links in posts."
post_links_allowed_groups: "Groups that are allowed to include links in posts. Admins and moderators are always allowed to post links."
min_trust_to_post_embedded_media: "The minimum trust level required to embed media items in a post"
embedded_media_post_allowed_groups: "The users in these groups are allowed to embed media items in a post"
min_trust_level_to_allow_profile_background: "The minimum trust level required to upload a profile background"

2
lib/guardian/post_guardian.rb
View File

@ -3,7 +3,7 @@
# mixin for all guardian methods dealing with post permissions
module PostGuardian
def unrestricted_link_posting?
authenticated? && @user.in_any_groups?(SiteSetting.post_links_allowed_groups_map)
authenticated? && (is_staff? || @user.in_any_groups?(SiteSetting.post_links_allowed_groups_map))
end
def link_posting_access

7
spec/lib/guardian_spec.rb
View File

@ -46,6 +46,13 @@ RSpec.describe Guardian do
expect(Guardian.new(user).link_posting_access).to eq("full")
end
it "is full for staff users regardless of TL" do
SiteSetting.post_links_allowed_groups = Group::AUTO_GROUPS[:trust_level_2]
admin_user = Fabricate(:admin)
admin_user.change_trust_level!(TrustLevel[1])
expect(Guardian.new(admin_user).link_posting_access).to eq("full")
end
it "is none for a user of a low trust level" do
user.change_trust_level!(TrustLevel[0])
SiteSetting.post_links_allowed_groups = Group::AUTO_GROUPS[:trust_level_1]