FIX: Don't enqueue topics if the user can't create them

This commit is contained in:
Vinoth Kannan 2018-11-09 06:09:29 +05:30
parent 15991677d4
commit 515e103db6
2 changed files with 26 additions and 0 deletions

View File

@ -119,6 +119,14 @@ class NewPostManager
result.errors[:base] << I18n.t(:topic_not_found)
return result
end
elsif manager.args[:category]
category = Category.find_by_id(manager.args[:category])
unless manager.user.guardian.can_create_topic_on_category?(category)
result = NewPostResult.new(:created_post, false)
result.errors[:base] << I18n.t("js.errors.reasons.forbidden")
return result
end
end
result = manager.enqueue('default')

View File

@ -104,6 +104,24 @@ describe NewPostManager do
end
end
context 'with a high approval post count and secure category' do
it 'does not create topic' do
SiteSetting.approve_post_count = 100
user = Fabricate(:user)
category_group = Fabricate(:category_group, permission_type: 2)
group_user = Fabricate(:group_user, group: category_group.group, user_id: user.id)
manager = NewPostManager.new(
user,
raw: 'this is a new topic',
title: "Let's start a new topic!",
category: category_group.category_id
)
expect(manager.perform.errors["base"][0]).to eq(I18n.t("js.errors.reasons.forbidden"))
end
end
context 'with a high trust level setting' do
before do
SiteSetting.approve_unless_trust_level = 4