github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-22 18:35:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Silenced users shouldn't be able to act on posts

Browse Source
This commit is contained in:
Robin Ward 2018-08-14 11:43:39 -04:00
parent 2927294cc6
commit 87fa26b6c8
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/guardian/post_guardian.rb
View File

@ -36,6 +36,10 @@ module PostGuardian
already_did_flagging = taken.any? && (taken & PostActionType.notify_flag_types.values).any?
result = if authenticated? && post && !@user.anonymous?
# Silenced users can't act on posts
return false if @user.silenced?
# post made by staff, but we don't allow staff flags
return false if is_flag &&
(!SiteSetting.allow_flagging_staff?) &&

5
spec/components/guardian_spec.rb
View File

@ -104,6 +104,11 @@ describe Guardian do
expect(Guardian.new(user).post_can_act?(post, :like)).to be_falsey
end
it "returns false when the user is silenced" do
UserSilencer.silence(user, admin)
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_falsey
end
it "allows flagging archived posts" do
post.topic.archived = true
expect(Guardian.new(user).post_can_act?(post, :spam)).to be_truthy