FIX: TL4 users cannot delete others posts (#13554)

This commit is contained in:
Bianca Nenciu 2021-06-30 15:51:35 +03:00 committed by Bianca Nenciu
parent 023f5ae8e0
commit 6a7e628037
3 changed files with 20 additions and 3 deletions

View File

@ -190,7 +190,7 @@ module PostGuardian
# Can't delete the first post
return false if post.is_first_post?
return true if can_moderate_topic?(post.topic)
return true if is_staff? || is_category_group_moderator?(post.topic&.category)
# Can't delete posts in archived topics unless you are staff
return false if post.topic&.archived?

View File

@ -2133,6 +2133,12 @@ describe Guardian do
it 'returns true when trying to delete your own post' do
expect(Guardian.new(user).can_delete?(post)).to be_truthy
expect(Guardian.new(trust_level_0).can_delete?(post)).to be_falsey
expect(Guardian.new(trust_level_1).can_delete?(post)).to be_falsey
expect(Guardian.new(trust_level_2).can_delete?(post)).to be_falsey
expect(Guardian.new(trust_level_3).can_delete?(post)).to be_falsey
expect(Guardian.new(trust_level_4).can_delete?(post)).to be_falsey
end
it 'returns false when self deletions are disabled' do
@ -2158,6 +2164,16 @@ describe Guardian do
expect(Guardian.new(admin).can_delete?(post)).to be_truthy
end
it "returns true for category moderators" do
SiteSetting.enable_category_group_moderation = true
group = Fabricate(:group)
GroupUser.create(group: group, user: user)
category = Fabricate(:category, reviewable_by_group_id: group.id)
post.topic.update!(category: category)
expect(Guardian.new(user).can_delete?(post)).to eq(true)
end
it 'returns false when post is first in a static doc topic' do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
SiteSetting.tos_topic_id = tos_topic.id

View File

@ -44,7 +44,7 @@ describe PostMerger do
expect { PostMerger.new(admin, [reply2, post, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
end
it "should only allow staff or TL4 user to merge posts" do
it "should only allow staff to merge posts" do
reply1 = create_post(topic: topic, post_number: post.post_number, user: user)
reply2 = create_post(topic: topic, post_number: post.post_number, user: user)
@ -58,8 +58,9 @@ describe PostMerger do
expect { PostMerger.new(tl1, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
expect { PostMerger.new(tl2, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
expect { PostMerger.new(tl3, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
expect { PostMerger.new(tl4, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
PostMerger.new(tl4, [reply2, reply1]).merge
PostMerger.new(Fabricate(:admin), [reply2, reply1]).merge
expect(reply1.trashed?).to eq(true)
expect(reply2.trashed?).to eq(false)