From a2fec165d5838f8d74e210228fabcf6e88dd89e2 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Fri, 20 Jun 2014 15:38:03 -0400
Subject: [PATCH] Disable editing of hidden posts within a timeframe from when
 the post was initially hidden.

---
 app/models/post_action.rb        |  2 +-
 lib/guardian/post_guardian.rb    |  8 ++++++--
 spec/components/guardian_spec.rb | 18 ++++++++++++++++++
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/app/models/post_action.rb b/app/models/post_action.rb
index ea49f3fe6fc..aedc65c35e8 100644
--- a/app/models/post_action.rb
+++ b/app/models/post_action.rb
@@ -309,7 +309,7 @@ class PostAction < ActiveRecord::Base
 
     Post.where(id: post.id).update_all(["hidden = true, hidden_at = CURRENT_TIMESTAMP, hidden_reason_id = COALESCE(hidden_reason_id, ?)", reason])
     Topic.where(["id = :topic_id AND NOT EXISTS(SELECT 1 FROM POSTS WHERE topic_id = :topic_id AND NOT hidden)",
-                      topic_id: post.topic_id]).update_all({ visible: false })
+                      topic_id: post.topic_id]).update_all(visible: false)
 
     # inform user
     if post.user
diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb
index ab5bc55ebf2..0c7d02c20f1 100644
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@@ -80,8 +80,12 @@ module PostGuardian
       return true
     end
 
-    if is_my_own?(post) && !post.edit_time_limit_expired?
-      return true
+    if is_my_own?(post)
+      return false if post.hidden? &&
+                      post.hidden_at.present? &&
+                      post.hidden_at >= SiteSetting.cooldown_minutes_after_hiding_posts.minutes.ago
+
+      return !post.edit_time_limit_expired?
     end
 
     false
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 063bcc74d80..e73e2e48e79 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -640,6 +640,24 @@ describe Guardian do
         Guardian.new(post.user).can_edit?(post).should be_true
       end
 
+      it "returns false if the post is hidden due to flagging and it's too soon" do
+        post.hidden = true
+        post.hidden_at = Time.now
+        Guardian.new(post.user).can_edit?(post).should be_false
+      end
+
+      it "returns true if the post is hidden due to flagging and it been enough time" do
+        post.hidden = true
+        post.hidden_at = (SiteSetting.cooldown_minutes_after_hiding_posts + 1).minutes.ago
+        Guardian.new(post.user).can_edit?(post).should be_true
+      end
+
+      it "returns true if the post is hidden due to flagging and it's got a nil `hidden_at`" do
+        post.hidden = true
+        post.hidden_at = nil
+        Guardian.new(post.user).can_edit?(post).should be_true
+      end
+
       it 'returns false if you are trying to edit a post you soft deleted' do
         post.user_deleted = true
         Guardian.new(post.user).can_edit?(post).should be_false