From c6cfbebf1f745de349ba32ddcb1844838cede33f Mon Sep 17 00:00:00 2001
From: Penar Musaraj <pmusaraj@gmail.com>
Date: Wed, 18 Sep 2019 15:23:13 -0400
Subject: [PATCH] FIX: ignore min_trust_to_send_messages when messaging groups
 (#8104)

This means that TL0 users can message groups with "Who can message this
group?" set to "Everyone".

It also means that members of a group with "Who can message this
group?" set to "members, moderators and admins" can also message the
group, even when their trust level is below min_trust_to_send_messages.
---
 lib/guardian.rb                  |  2 +-
 spec/components/guardian_spec.rb | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/guardian.rb b/lib/guardian.rb
index 79ac55010af..883386ef23b 100644
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -407,7 +407,7 @@ class Guardian
     # User is authenticated
     authenticated? &&
     # Have to be a basic level at least
-    (@user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators) &&
+    (is_group || @user.has_trust_level?(SiteSetting.min_trust_to_send_messages) || notify_moderators) &&
     # User disabled private message
     (is_staff? || is_group || target.user_option.allow_private_messages) &&
     # PMs are enabled
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 0dddab72819..ac8efd88a91 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -19,6 +19,7 @@ describe Guardian do
   fab!(:automatic_group) { Fabricate(:group, automatic: true) }
   fab!(:plain_category) { Fabricate(:category) }
 
+  let(:trust_level_0) { build(:user, trust_level: 0) }
   let(:trust_level_1) { build(:user, trust_level: 1) }
   let(:trust_level_2) { build(:user, trust_level: 2) }
   let(:trust_level_3) { build(:user, trust_level: 3) }
@@ -346,12 +347,24 @@ describe Guardian do
       end
     end
 
+    it "allows TL0 to message group with messageable_level = everyone" do
+      group.update!(messageable_level: Group::ALIAS_LEVELS[:everyone])
+      expect(Guardian.new(trust_level_0).can_send_private_message?(group)).to eq(true)
+      expect(Guardian.new(user).can_send_private_message?(group)).to eq(true)
+    end
+
     it "respects the group members messageable_level" do
       group.update!(messageable_level: Group::ALIAS_LEVELS[:members_mods_and_admins])
       expect(Guardian.new(user).can_send_private_message?(group)).to eq(false)
 
       group.add(user)
       expect(Guardian.new(user).can_send_private_message?(group)).to eq(true)
+
+      expect(Guardian.new(trust_level_0).can_send_private_message?(group)).to eq(false)
+
+      #  group membership trumps min_trust_to_send_messages setting
+      group.add(trust_level_0)
+      expect(Guardian.new(trust_level_0).can_send_private_message?(group)).to eq(true)
     end
 
     it "respects the group owners messageable_level" do