mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 09:42:02 +08:00
FIX: user should not be able to invite to PM if trust level requirment not met
FIX: when personal messages are disabled let user invite to a public topic
This commit is contained in:
parent
b77553a635
commit
a8149f8969
|
@ -791,6 +791,7 @@ SQL
|
|||
|
||||
def invite(invited_by, username_or_email, group_ids = nil, custom_message = nil)
|
||||
target_user = User.find_by_username_or_email(username_or_email)
|
||||
guardian = Guardian.new(invited_by)
|
||||
|
||||
if target_user && topic_allowed_users.where(user_id: target_user.id).exists?
|
||||
raise UserExists.new(I18n.t("topic_invite.user_exists"))
|
||||
|
@ -798,6 +799,10 @@ SQL
|
|||
|
||||
return true if target_user && invite_existing_muted?(target_user, invited_by)
|
||||
|
||||
if private_message? && target_user && !guardian.can_send_private_message?(target_user)
|
||||
raise UserExists.new(I18n.t("activerecord.errors.models.topic.attributes.base.cant_send_pm"))
|
||||
end
|
||||
|
||||
if target_user && private_message? && topic_allowed_users.create!(user_id: target_user.id)
|
||||
add_small_action(invited_by, "invited_user", target_user.username)
|
||||
|
||||
|
@ -808,7 +813,7 @@ SQL
|
|||
)
|
||||
|
||||
true
|
||||
elsif username_or_email =~ /^.+@.+$/ && Guardian.new(invited_by).can_invite_via_email?(self)
|
||||
elsif username_or_email =~ /^.+@.+$/ && guardian.can_invite_via_email?(self)
|
||||
rate_limit_topic_invitation(invited_by)
|
||||
|
||||
if target_user
|
||||
|
|
|
@ -257,11 +257,14 @@ class Guardian
|
|||
def can_invite_to?(object, groups = nil)
|
||||
return false unless authenticated?
|
||||
return true if is_admin?
|
||||
return false unless SiteSetting.enable_personal_messages?
|
||||
return false if (SiteSetting.max_invites_per_day.to_i == 0 && !is_staff?)
|
||||
return false unless can_see?(object)
|
||||
return false if groups.present?
|
||||
|
||||
if object.is_a?(Topic) && object.private_message?
|
||||
return false unless SiteSetting.enable_personal_messages?
|
||||
end
|
||||
|
||||
if object.is_a?(Topic) && object.category
|
||||
if object.category.groups.any?
|
||||
return true if object.category.groups.all? { |g| can_edit_group?(g) }
|
||||
|
|
|
@ -474,6 +474,11 @@ describe Guardian do
|
|||
it 'returns true for a group owner' do
|
||||
expect(Guardian.new(group_owner).can_invite_to?(group_private_topic)).to be_truthy
|
||||
end
|
||||
|
||||
it 'returns true for normal user when inviting to topic and PM disabled' do
|
||||
SiteSetting.enable_personal_messages = false
|
||||
expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
describe "private messages" do
|
||||
|
|
|
@ -544,6 +544,17 @@ describe Topic do
|
|||
expect(Notification.last).to be_blank
|
||||
end
|
||||
end
|
||||
|
||||
context "when PMs are enabled for TL3 or higher only" do
|
||||
before do
|
||||
SiteSetting.min_trust_to_send_messages = 3
|
||||
end
|
||||
|
||||
it 'should raise error' do
|
||||
expect { topic.invite(user, another_user.username) }
|
||||
.to raise_error(Topic::UserExists)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'by email' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user