From 106e3c897f8f5e9f796878fee43cfea3cb71e08e Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Fri, 29 Jan 2016 00:35:56 +0530
Subject: [PATCH] FIX: TL3 users should not be able to edit title of archived
 topics

---
 lib/guardian/topic_guardian.rb   |  5 ++++-
 spec/components/guardian_spec.rb | 13 +++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index cb5cc6d7239..655273b7cdb 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -30,7 +30,10 @@ module TopicGuardian
     return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
     return false unless can_see?(topic)
     return true if is_staff?
-    return true if (!topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic))
+    # TL4 users can edit archived topics, but can not edit private messages
+    return true if (topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[4]) && can_create_post?(topic))
+    # TL3 users can not edit archived topics and private messages
+    return true if (!topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic))
 
     return false if topic.archived
     is_my_own?(topic) && !topic.edit_time_limit_expired?
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 35244c52a92..e71c1550a91 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -991,6 +991,11 @@ describe Guardian do
           topic.archetype = 'private_message'
           expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
         end
+
+        it 'returns false at trust level 4' do
+          topic.archetype = 'private_message'
+          expect(Guardian.new(trust_level_4).can_edit?(topic)).to eq(false)
+        end
       end
 
       context 'archived' do
@@ -1004,8 +1009,12 @@ describe Guardian do
           expect(Guardian.new(admin).can_edit?(archived_topic)).to be_truthy
         end
 
-        it 'returns true at trust level 3' do
-          expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_truthy
+        it 'returns true at trust level 4' do
+          expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy
+        end
+
+        it 'returns false at trust level 3' do
+          expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey
         end
 
         it 'returns false as a topic creator' do