mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 02:19:27 +08:00
FIX: oneboxing to private messages
This commit is contained in:
parent
67526907cd
commit
57e140dc07
|
@ -173,8 +173,11 @@ module Oneboxer
|
||||||
if route[:post_number].to_i > 1
|
if route[:post_number].to_i > 1
|
||||||
post = Post.find_by(topic_id: route[:topic_id], post_number: route[:post_number])
|
post = Post.find_by(topic_id: route[:topic_id], post_number: route[:post_number])
|
||||||
|
|
||||||
return unless post.present? && !post.hidden
|
return if !post || post.hidden || post.topic.private_message?
|
||||||
return unless current_category&.id == post.topic.category_id || Guardian.new.can_see_post?(post)
|
|
||||||
|
if current_category&.id != post.topic.category_id
|
||||||
|
return if !Guardian.new.can_see_post?(post)
|
||||||
|
end
|
||||||
|
|
||||||
topic = post.topic
|
topic = post.topic
|
||||||
excerpt = post.excerpt(SiteSetting.post_onebox_maxlength)
|
excerpt = post.excerpt(SiteSetting.post_onebox_maxlength)
|
||||||
|
@ -185,8 +188,13 @@ module Oneboxer
|
||||||
|
|
||||||
PrettyText.cook(quote)
|
PrettyText.cook(quote)
|
||||||
else
|
else
|
||||||
return unless topic = Topic.find_by(id: route[:topic_id])
|
topic = Topic.find_by(id: route[:topic_id])
|
||||||
return unless current_category&.id == topic.category_id || Guardian.new.can_see_topic?(topic)
|
|
||||||
|
return if !topic || topic.private_message?
|
||||||
|
|
||||||
|
if current_category&.id != topic.category_id
|
||||||
|
return if !Guardian.new.can_see_topic?(topic)
|
||||||
|
end
|
||||||
|
|
||||||
first_post = topic.ordered_posts.first
|
first_post = topic.ordered_posts.first
|
||||||
|
|
||||||
|
|
|
@ -129,6 +129,16 @@ describe OneboxController do
|
||||||
expect(response.body).not_to include('blockquote')
|
expect(response.body).not_to include('blockquote')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'does not allow onebox of PMs' do
|
||||||
|
user = log_in
|
||||||
|
|
||||||
|
post = create_post(archetype: 'private_message', target_usernames: [user.username])
|
||||||
|
url = Discourse.base_url + post.url
|
||||||
|
|
||||||
|
get :show, params: { url: url }, format: :json
|
||||||
|
expect(response.body).not_to include('blockquote')
|
||||||
|
end
|
||||||
|
|
||||||
it 'allows onebox to public topics/posts in PM' do
|
it 'allows onebox to public topics/posts in PM' do
|
||||||
log_in
|
log_in
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user