2015-01-09 07:35:52 +08:00
|
|
|
#mixin for all guardian methods dealing with group permissions
|
|
|
|
module GroupGuardian
|
|
|
|
|
|
|
|
# Edit authority for groups means membership changes only.
|
|
|
|
# Automatic groups are not represented in the GROUP_USERS
|
|
|
|
# table and thus do not allow membership changes.
|
|
|
|
def can_edit_group?(group)
|
2016-12-11 23:36:15 +08:00
|
|
|
can_log_group_changes?(group) && !group.automatic
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_log_group_changes?(group)
|
|
|
|
(is_admin? || group.users.where('group_users.owner').include?(user))
|
2015-12-08 06:19:33 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def can_see_group_messages?(group)
|
2018-02-03 05:35:32 +08:00
|
|
|
SiteSetting.enable_private_messages? && (
|
|
|
|
is_admin? || group.users.include?(user)
|
|
|
|
)
|
2015-01-09 07:35:52 +08:00
|
|
|
end
|
|
|
|
end
|