From 741e9d70adcc2a5aa36ce530f84ede9c1ada3953 Mon Sep 17 00:00:00 2001
From: Linca <41134017+Lhcfl@users.noreply.github.com>
Date: Mon, 16 Sep 2024 11:30:05 +0800
Subject: [PATCH] FIX: Don't show move topic for private messages for TL4
 (#28871)

In TopicController, in addition to ensure_can_move_posts!, we also
checked if the topic is private message in this line:

```ruby
raise Discourse::InvalidAccess if params[:archetype] == "private_message" && !guardian.is_staff?
```

However, this was not present in `guardian.can_move_posts?`. As a result,
the frontend topic view got an incorrect serialized result, thinking
that TL4 could move the private message post. In fact, once they tried
to move it, they got the `InvalidAccess` error message.

This commit fixes that TL4 will no longer sees the "move to" option in
the "select post" panel for a private message.
---
 app/controllers/topics_controller.rb |  2 --
 lib/guardian/topic_guardian.rb       |  4 +++-
 spec/lib/guardian_spec.rb            | 21 +++++++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb
index aca86dd57c0..3e85270ee61 100644
--- a/app/controllers/topics_controller.rb
+++ b/app/controllers/topics_controller.rb
@@ -875,8 +875,6 @@ class TopicsController < ApplicationController
     params.permit(:chronological_order)
     params.permit(:archetype)
 
-    raise Discourse::InvalidAccess if params[:archetype] == "private_message" && !guardian.is_staff?
-
     topic = Topic.with_deleted.find_by(id: topic_id)
     guardian.ensure_can_move_posts!(topic)
 
diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index 6fa63833900..886d0e49a62 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -355,7 +355,9 @@ module TopicGuardian
 
   def can_move_posts?(topic)
     return false if is_silenced?
-    can_perform_action_available_to_group_moderators?(topic)
+    return false unless can_perform_action_available_to_group_moderators?(topic)
+    return false if topic.archetype == "private_message" && !is_staff?
+    true
   end
 
   def affected_by_slow_mode?(topic)
diff --git a/spec/lib/guardian_spec.rb b/spec/lib/guardian_spec.rb
index 7c81ac4f7a8..838dc5c8c1f 100644
--- a/spec/lib/guardian_spec.rb
+++ b/spec/lib/guardian_spec.rb
@@ -2288,6 +2288,27 @@ RSpec.describe Guardian do
         expect(Guardian.new(admin).can_move_posts?(topic)).to be_truthy
       end
     end
+
+    context "with a private message topic" do
+      fab!(:pm) { Fabricate(:private_message_topic) }
+
+      it "returns false when not logged in" do
+        expect(Guardian.new.can_move_posts?(pm)).to be_falsey
+      end
+
+      it "returns false when not a moderator" do
+        expect(Guardian.new(user).can_move_posts?(pm)).to be_falsey
+        expect(Guardian.new(trust_level_4).can_move_posts?(pm)).to be_falsey
+      end
+
+      it "returns true when a moderator" do
+        expect(Guardian.new(moderator).can_move_posts?(pm)).to be_truthy
+      end
+
+      it "returns true when an admin" do
+        expect(Guardian.new(admin).can_move_posts?(pm)).to be_truthy
+      end
+    end
   end
 
   describe "#can_delete?" do