From 87fa26b6c80fc76ce8afbe01cbee96da2cd73f53 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Tue, 14 Aug 2018 11:43:39 -0400
Subject: [PATCH] FIX: Silenced users shouldn't be able to act on posts

---
 lib/guardian/post_guardian.rb    | 4 ++++
 spec/components/guardian_spec.rb | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb
index af56156c023..a4c2741f1b0 100644
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@@ -36,6 +36,10 @@ module PostGuardian
     already_did_flagging      = taken.any? && (taken & PostActionType.notify_flag_types.values).any?
 
     result = if authenticated? && post && !@user.anonymous?
+
+      # Silenced users can't act on posts
+      return false if @user.silenced?
+
       # post made by staff, but we don't allow staff flags
       return false if is_flag &&
         (!SiteSetting.allow_flagging_staff?) &&
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index bdd0ef60926..ffc09ff97a2 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -104,6 +104,11 @@ describe Guardian do
       expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
     end
 
+    it "returns false when the user is silenced" do
+      UserSilencer.silence(user, admin)
+      expect(Guardian.new(user).post_can_act?(post, :spam)).to be_falsey
+    end
+
     it "allows flagging archived posts" do
       post.topic.archived = true
       expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy