2019-05-03 06:17:27 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2014-01-10 07:25:14 +08:00
|
|
|
#mixin for all guardian methods dealing with topic permisions
|
|
|
|
module TopicGuardian
|
|
|
|
|
2017-10-10 16:26:56 +08:00
|
|
|
def can_remove_allowed_users?(topic, target_user = nil)
|
|
|
|
is_staff? ||
|
|
|
|
(
|
|
|
|
topic.allowed_users.count > 1 &&
|
|
|
|
topic.user != target_user &&
|
|
|
|
!!(target_user && user == target_user)
|
|
|
|
)
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
2019-05-04 02:26:37 +08:00
|
|
|
def can_review_topic?(topic)
|
|
|
|
return false if anonymous? || topic.nil?
|
|
|
|
return true if is_staff?
|
|
|
|
|
|
|
|
SiteSetting.enable_category_group_review? &&
|
|
|
|
topic.category.present? &&
|
|
|
|
topic.category.reviewable_by_group_id.present? &&
|
|
|
|
GroupUser.where(group_id: topic.category.reviewable_by_group_id, user_id: user.id).exists?
|
|
|
|
end
|
|
|
|
|
2018-03-14 03:59:12 +08:00
|
|
|
def can_create_shared_draft?
|
|
|
|
is_staff? && SiteSetting.shared_drafts_enabled?
|
|
|
|
end
|
|
|
|
|
2019-05-08 01:34:15 +08:00
|
|
|
def can_create_whisper?
|
|
|
|
is_staff? && SiteSetting.enable_whispers?
|
|
|
|
end
|
|
|
|
|
2018-03-14 03:59:12 +08:00
|
|
|
def can_publish_topic?(topic, category)
|
|
|
|
is_staff? && can_see?(topic) && can_create_topic?(category)
|
|
|
|
end
|
|
|
|
|
2014-01-10 07:25:14 +08:00
|
|
|
# Creating Methods
|
|
|
|
def can_create_topic?(parent)
|
2014-06-10 03:21:01 +08:00
|
|
|
is_staff? ||
|
2014-06-09 23:03:10 +08:00
|
|
|
(user &&
|
|
|
|
user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
|
|
|
|
can_create_post?(parent))
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def can_create_topic_on_category?(category)
|
2018-03-02 09:13:04 +08:00
|
|
|
# allow for category to be a number as well
|
2018-03-13 10:20:47 +08:00
|
|
|
category_id = Category === category ? category.id : category
|
2018-03-02 09:13:04 +08:00
|
|
|
|
2014-01-21 22:21:38 +08:00
|
|
|
can_create_topic?(nil) &&
|
2018-03-02 09:13:04 +08:00
|
|
|
(!category || Category.topic_create_allowed(self).where(id: category_id).count == 1)
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
2018-07-13 10:51:08 +08:00
|
|
|
def can_move_topic_to_category?(category)
|
|
|
|
category = Category === category ? category : Category.find(category || SiteSetting.uncategorized_category_id)
|
|
|
|
|
|
|
|
is_staff? || (can_create_topic_on_category?(category) && !category.require_topic_approval?)
|
|
|
|
end
|
|
|
|
|
2014-01-10 07:25:14 +08:00
|
|
|
def can_create_post_on_topic?(topic)
|
|
|
|
# No users can create posts on deleted topics
|
2016-09-10 00:15:56 +08:00
|
|
|
return false if topic.blank?
|
2014-01-10 07:25:14 +08:00
|
|
|
return false if topic.trashed?
|
2016-04-13 13:59:38 +08:00
|
|
|
return true if is_admin?
|
2014-01-10 07:25:14 +08:00
|
|
|
|
2016-04-13 13:59:38 +08:00
|
|
|
trusted = (authenticated? && user.has_trust_level?(TrustLevel[4])) || is_moderator?
|
|
|
|
|
|
|
|
(!(topic.closed? || topic.archived?) || trusted) && can_create_post?(topic)
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
# Editing Method
|
|
|
|
def can_edit_topic?(topic)
|
2014-07-29 22:40:02 +08:00
|
|
|
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
|
2015-02-26 13:08:52 +08:00
|
|
|
return false unless can_see?(topic)
|
2016-04-13 13:59:38 +08:00
|
|
|
|
|
|
|
return true if is_admin?
|
|
|
|
return true if is_moderator? && can_create_post?(topic)
|
|
|
|
|
2016-06-02 03:41:56 +08:00
|
|
|
# can't edit topics in secured categories where you don't have permission to create topics
|
|
|
|
return false if !can_create_topic_on_category?(topic.category)
|
|
|
|
|
2016-01-29 03:05:56 +08:00
|
|
|
# TL4 users can edit archived topics, but can not edit private messages
|
2018-02-23 09:39:24 +08:00
|
|
|
return true if (
|
|
|
|
SiteSetting.trusted_users_can_edit_others? &&
|
|
|
|
topic.archived &&
|
|
|
|
!topic.private_message? &&
|
|
|
|
user.has_trust_level?(TrustLevel[4]) &&
|
|
|
|
can_create_post?(topic)
|
|
|
|
)
|
2016-04-13 13:59:38 +08:00
|
|
|
|
2016-01-29 03:05:56 +08:00
|
|
|
# TL3 users can not edit archived topics and private messages
|
2018-02-23 09:39:24 +08:00
|
|
|
return true if (
|
|
|
|
SiteSetting.trusted_users_can_edit_others? &&
|
|
|
|
!topic.archived &&
|
|
|
|
!topic.private_message? &&
|
|
|
|
user.has_trust_level?(TrustLevel[3]) &&
|
|
|
|
can_create_post?(topic)
|
|
|
|
)
|
2015-05-01 05:03:51 +08:00
|
|
|
|
2014-08-16 00:44:58 +08:00
|
|
|
return false if topic.archived
|
2015-02-26 03:53:21 +08:00
|
|
|
is_my_own?(topic) && !topic.edit_time_limit_expired?
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
# Recovery Method
|
|
|
|
def can_recover_topic?(topic)
|
2019-03-30 00:10:05 +08:00
|
|
|
if is_staff?
|
|
|
|
!!(topic && topic.deleted_at && topic.user)
|
|
|
|
else
|
|
|
|
topic && can_recover_post?(topic.ordered_posts.first)
|
|
|
|
end
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def can_delete_topic?(topic)
|
|
|
|
!topic.trashed? &&
|
2019-03-30 03:59:19 +08:00
|
|
|
(is_staff? || (is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at && topic.created_at > 24.hours.ago)) &&
|
2019-03-30 00:10:05 +08:00
|
|
|
!topic.is_category_topic? &&
|
2014-08-14 05:02:44 +08:00
|
|
|
!Discourse.static_doc_topic_ids.include?(topic.id)
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
2016-05-01 19:48:43 +08:00
|
|
|
def can_convert_topic?(topic)
|
2018-03-03 09:28:39 +08:00
|
|
|
return false unless SiteSetting.enable_personal_messages?
|
2017-10-02 16:04:58 +08:00
|
|
|
return false if topic.blank?
|
2018-05-24 16:41:51 +08:00
|
|
|
return false if topic.trashed?
|
|
|
|
return false if topic.is_category_topic?
|
2016-05-05 00:29:56 +08:00
|
|
|
return true if is_admin?
|
|
|
|
is_moderator? && can_create_post?(topic)
|
2016-05-01 19:48:43 +08:00
|
|
|
end
|
|
|
|
|
2014-01-10 07:25:14 +08:00
|
|
|
def can_reply_as_new_topic?(topic)
|
2016-11-30 01:59:42 +08:00
|
|
|
authenticated? && topic && @user.has_trust_level?(TrustLevel[1])
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
|
|
|
|
2014-07-16 05:02:43 +08:00
|
|
|
def can_see_deleted_topics?
|
|
|
|
is_staff?
|
|
|
|
end
|
|
|
|
|
2017-07-28 09:20:09 +08:00
|
|
|
def can_see_topic?(topic, hide_deleted = true)
|
2014-05-12 22:30:10 +08:00
|
|
|
return false unless topic
|
2014-05-13 03:26:36 +08:00
|
|
|
return true if is_admin?
|
2016-06-27 20:36:57 +08:00
|
|
|
return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?
|
2014-01-10 07:25:14 +08:00
|
|
|
|
2014-08-05 12:37:28 +08:00
|
|
|
if topic.private_message?
|
2016-06-27 20:36:57 +08:00
|
|
|
return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?
|
2014-08-05 12:37:28 +08:00
|
|
|
end
|
|
|
|
|
2016-06-27 20:36:57 +08:00
|
|
|
can_see_category?(topic.category)
|
2015-02-13 00:52:59 +08:00
|
|
|
end
|
2014-01-10 07:25:14 +08:00
|
|
|
|
2015-09-18 15:14:10 +08:00
|
|
|
def can_see_topic_if_not_deleted?(topic)
|
2016-06-27 20:36:57 +08:00
|
|
|
can_see_topic?(topic, false)
|
2015-09-18 15:14:10 +08:00
|
|
|
end
|
|
|
|
|
2015-02-13 00:52:59 +08:00
|
|
|
def filter_allowed_categories(records)
|
|
|
|
unless is_admin?
|
|
|
|
allowed_ids = allowed_category_ids
|
|
|
|
if allowed_ids.length > 0
|
|
|
|
records = records.where('topics.category_id IS NULL or topics.category_id IN (?)', allowed_ids)
|
|
|
|
else
|
|
|
|
records = records.where('topics.category_id IS NULL')
|
|
|
|
end
|
|
|
|
records = records.references(:categories)
|
|
|
|
end
|
|
|
|
records
|
2014-01-10 07:25:14 +08:00
|
|
|
end
|
2015-02-13 00:52:59 +08:00
|
|
|
|
2016-12-05 20:31:43 +08:00
|
|
|
def can_edit_featured_link?(category_id)
|
2016-12-16 06:46:43 +08:00
|
|
|
return false unless SiteSetting.topic_featured_link_enabled
|
2017-07-28 09:20:09 +08:00
|
|
|
Category.where(id: category_id || SiteSetting.uncategorized_category_id, topic_featured_link_allowed: true).exists?
|
2016-12-05 20:31:43 +08:00
|
|
|
end
|
2018-08-10 08:51:03 +08:00
|
|
|
|
|
|
|
def can_update_bumped_at?
|
2019-01-02 23:57:05 +08:00
|
|
|
is_staff? || @user.has_trust_level?(TrustLevel[4])
|
2018-08-10 08:51:03 +08:00
|
|
|
end
|
2019-04-02 15:08:15 +08:00
|
|
|
|
|
|
|
def can_banner_topic?(topic)
|
|
|
|
authenticated? && !topic.private_message? && is_staff?
|
|
|
|
end
|
2014-01-21 22:21:38 +08:00
|
|
|
end
|