mirror of
https://github.com/discourse/discourse.git
synced 2024-12-13 10:53:40 +08:00
FIX: TL4 users cannot delete others posts (#13554)
This commit is contained in:
parent
023f5ae8e0
commit
6a7e628037
|
@ -190,7 +190,7 @@ module PostGuardian
|
|||
# Can't delete the first post
|
||||
return false if post.is_first_post?
|
||||
|
||||
return true if can_moderate_topic?(post.topic)
|
||||
return true if is_staff? || is_category_group_moderator?(post.topic&.category)
|
||||
|
||||
# Can't delete posts in archived topics unless you are staff
|
||||
return false if post.topic&.archived?
|
||||
|
|
|
@ -2133,6 +2133,12 @@ describe Guardian do
|
|||
|
||||
it 'returns true when trying to delete your own post' do
|
||||
expect(Guardian.new(user).can_delete?(post)).to be_truthy
|
||||
|
||||
expect(Guardian.new(trust_level_0).can_delete?(post)).to be_falsey
|
||||
expect(Guardian.new(trust_level_1).can_delete?(post)).to be_falsey
|
||||
expect(Guardian.new(trust_level_2).can_delete?(post)).to be_falsey
|
||||
expect(Guardian.new(trust_level_3).can_delete?(post)).to be_falsey
|
||||
expect(Guardian.new(trust_level_4).can_delete?(post)).to be_falsey
|
||||
end
|
||||
|
||||
it 'returns false when self deletions are disabled' do
|
||||
|
@ -2158,6 +2164,16 @@ describe Guardian do
|
|||
expect(Guardian.new(admin).can_delete?(post)).to be_truthy
|
||||
end
|
||||
|
||||
it "returns true for category moderators" do
|
||||
SiteSetting.enable_category_group_moderation = true
|
||||
group = Fabricate(:group)
|
||||
GroupUser.create(group: group, user: user)
|
||||
category = Fabricate(:category, reviewable_by_group_id: group.id)
|
||||
post.topic.update!(category: category)
|
||||
|
||||
expect(Guardian.new(user).can_delete?(post)).to eq(true)
|
||||
end
|
||||
|
||||
it 'returns false when post is first in a static doc topic' do
|
||||
tos_topic = Fabricate(:topic, user: Discourse.system_user)
|
||||
SiteSetting.tos_topic_id = tos_topic.id
|
||||
|
|
|
@ -44,7 +44,7 @@ describe PostMerger do
|
|||
expect { PostMerger.new(admin, [reply2, post, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
|
||||
end
|
||||
|
||||
it "should only allow staff or TL4 user to merge posts" do
|
||||
it "should only allow staff to merge posts" do
|
||||
reply1 = create_post(topic: topic, post_number: post.post_number, user: user)
|
||||
reply2 = create_post(topic: topic, post_number: post.post_number, user: user)
|
||||
|
||||
|
@ -58,8 +58,9 @@ describe PostMerger do
|
|||
expect { PostMerger.new(tl1, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
|
||||
expect { PostMerger.new(tl2, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
|
||||
expect { PostMerger.new(tl3, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
|
||||
expect { PostMerger.new(tl4, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
|
||||
|
||||
PostMerger.new(tl4, [reply2, reply1]).merge
|
||||
PostMerger.new(Fabricate(:admin), [reply2, reply1]).merge
|
||||
|
||||
expect(reply1.trashed?).to eq(true)
|
||||
expect(reply2.trashed?).to eq(false)
|
||||
|
|
Loading…
Reference in New Issue
Block a user