github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 03:54:59 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: moderators allowed to view groups which members can see.

Browse Source 
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.
This commit is contained in:
Vinoth Kannan 2020-09-11 03:33:44 +05:30
parent ac70c48be4
commit 2bf0c4188b
3 changed files with 54 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
app/models/group.rb
View File

@ -121,44 +121,37 @@ class Group < ActiveRecord::Base
end
if !user&.admin
sql = <<~SQL
groups.id IN (
SELECT id
FROM groups
WHERE visibility_level = :public
is_staff = !!user&.staff?
UNION ALL
if user.blank?
sql = "groups.visibility_level = :public"
elsif is_staff
sql = "groups.visibility_level IN (:public, :logged_on_users, :members, :staff)"
else
sql = <<~SQL
groups.id IN (
SELECT id
FROM groups
WHERE visibility_level IN (:public, :logged_on_users)
SELECT id
FROM groups
WHERE visibility_level = :logged_on_users
AND :user_id IS NOT NULL
UNION ALL
UNION ALL
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id
WHERE g.visibility_level = :members
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id
WHERE g.visibility_level = :members
UNION ALL
UNION ALL
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id AND gu.owner
WHERE g.visibility_level IN (:staff, :owners)
)
SQL
end
SELECT g.id
FROM groups g
LEFT JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id AND gu.owner
WHERE g.visibility_level = :staff
AND (gu.id IS NOT NULL OR :is_staff)
UNION ALL
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id AND gu.owner
WHERE g.visibility_level = :owners
)
SQL
params = Group.visibility_levels.to_h.merge(user_id: user&.id, is_staff: !!user&.staff?)
params = Group.visibility_levels.to_h.merge(user_id: user&.id, is_staff: is_staff)
groups = groups.where(sql, params)
end
@ -173,44 +166,37 @@ class Group < ActiveRecord::Base
end
if !user&.admin
sql = <<~SQL
groups.id IN (
SELECT id
FROM groups
WHERE members_visibility_level = :public
is_staff = !!user&.staff?
UNION ALL
if user.blank?
sql = "groups.members_visibility_level = :public"
elsif is_staff
sql = "groups.members_visibility_level IN (:public, :logged_on_users, :members, :staff)"
else
sql = <<~SQL
groups.id IN (
SELECT id
FROM groups
WHERE members_visibility_level IN (:public, :logged_on_users)
SELECT id
FROM groups
WHERE members_visibility_level = :logged_on_users
AND :user_id IS NOT NULL
UNION ALL
UNION ALL
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id
WHERE g.members_visibility_level = :members
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id
WHERE g.members_visibility_level = :members
UNION ALL
UNION ALL
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id AND gu.owner
WHERE g.members_visibility_level IN (:staff, :owners)
)
SQL
end
SELECT g.id
FROM groups g
LEFT JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id AND gu.owner
WHERE g.members_visibility_level = :staff
AND (gu.id IS NOT NULL OR :is_staff)
UNION ALL
SELECT g.id
FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND gu.user_id = :user_id AND gu.owner
WHERE g.members_visibility_level = :owners
)
SQL
params = Group.visibility_levels.to_h.merge(user_id: user&.id, is_staff: !!user&.staff?)
params = Group.visibility_levels.to_h.merge(user_id: user&.id, is_staff: is_staff)
groups = groups.where(sql, params)
end

4
config/locales/client.en.yml
View File

@ -3588,8 +3588,8 @@ en:
title: "Who can see this group?"
public: "Everyone"
logged_on_users: "Logged on users"
members: "Group owners, members"
staff: "Group owners and staff"
members: "Group owners, members and moderators"
staff: "Group owners and moderators"
owners: "Group owners"
description: "Admins can see all groups."
members_visibility_levels:

4
spec/models/group_spec.rb
View File

@ -698,7 +698,7 @@ describe Group do
expect(can_view?(admin, group)).to eq(true)
expect(can_view?(owner, group)).to eq(true)
expect(can_view?(moderator, group)).to eq(false)
expect(can_view?(moderator, group)).to eq(true)
expect(can_view?(member, group)).to eq(true)
expect(can_view?(logged_on_user, group)).to eq(false)
expect(can_view?(nil, group)).to eq(false)
@ -763,7 +763,7 @@ describe Group do
expect(can_view?(admin, group)).to eq(true)
expect(can_view?(owner, group)).to eq(true)
expect(can_view?(moderator, group)).to eq(false)
expect(can_view?(moderator, group)).to eq(true)
expect(can_view?(member, group)).to eq(true)
expect(can_view?(logged_on_user, group)).to eq(false)
expect(can_view?(nil, group)).to eq(false)