FIX: ignore min_trust_to_send_messages when messaging groups (#8104)

This means that TL0 users can message groups with "Who can message this group?" set to "Everyone". It also means that members of a group with "Who can message this group?" set to "members, moderators and admins" can also message the group, even when their trust level is below min_trust_to_send_messages.
2025-01-18 21:12:45 +08:00 · 2019-09-18 15:23:13 -04:00 · 2019-09-18 15:23:13 -04:00 · c6cfbebf1f
commit c6cfbebf1f
parent cad83bf071
2 changed files with 14 additions and 1 deletions
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@ -407,7 +407,7 @@ class Guardian
    # User is authenticated
    authenticated? &&
    # Have to be a basic level at least
-    (@user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators) &&
+    (is_group || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators) &&
    # User disabled private message
    (is_staff? || is_group || target.user_option.allow_private_messages) &&
    # PMs are enabled
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@ -19,6 +19,7 @@ describe Guardian do
  fab!(:automatic_group) { Fabricate(:group, automatic: true) }
  fab!(:plain_category) { Fabricate(:category) }

+  let(:trust_level_0) { build(:user, trust_level: 0) }
  let(:trust_level_1) { build(:user, trust_level: 1) }
  let(:trust_level_2) { build(:user, trust_level: 2) }
  let(:trust_level_3) { build(:user, trust_level: 3) }
@ -346,12 +347,24 @@ describe Guardian do
      end
    end

+    it "allows TL0 to message group with messageable_level = everyone" do
+      group.update!(messageable_level: Group::ALIAS_LEVELS[:everyone])
+      expect(Guardian.new(trust_level_0).can_send_private_message?(group)).to eq(true)
+      expect(Guardian.new(user).can_send_private_message?(group)).to eq(true)
+    end
+
    it "respects the group members messageable_level" do
      group.update!(messageable_level: Group::ALIAS_LEVELS[:members_mods_and_admins])
      expect(Guardian.new(user).can_send_private_message?(group)).to eq(false)

      group.add(user)
      expect(Guardian.new(user).can_send_private_message?(group)).to eq(true)
+
+      expect(Guardian.new(trust_level_0).can_send_private_message?(group)).to eq(false)
+
+      #  group membership trumps min_trust_to_send_messages setting
+      group.add(trust_level_0)
+      expect(Guardian.new(trust_level_0).can_send_private_message?(group)).to eq(true)
    end

    it "respects the group owners messageable_level" do