Fixing neglect to determine whether a user has the permission to create a topic on a category (besides being able to create a post) in ListController, TopicList, and TopicListSerializer causing the "Create Topic" button to appear even if a user cannot actually create a topic in that category but can reply to a topic therein.

This commit is contained in:
Autumn Perrault 2013-11-19 05:09:58 -07:00
parent d4435ba2ac
commit d9c026bec5
4 changed files with 17 additions and 3 deletions

View File

@ -11,6 +11,9 @@ class ListController < ApplicationController
user = list_target_user
list = TopicQuery.new(user, list_opts).public_send("list_#{filter}")
list.more_topics_url = construct_url_with(filter, list_opts)
if list_opts.include?(:category)
list.category = Category.where(name: list_opts[:category]).first
end
if [:latest, :hot].include?(filter)
@description = SiteSetting.site_description
@rss = filter
@ -51,6 +54,7 @@ class ListController < ApplicationController
query = TopicQuery.new(current_user, list_opts)
list = query.list_latest
list.more_topics_url = construct_url_with(:latest, list_opts)
list.category = @category if @category
respond(list)
end

View File

@ -47,7 +47,11 @@ class TopicList
end
def attributes
{'more_topics_url' => page}
hash = {'more_topics_url' => page}
if @category.present?
hash['category'] = @category
end
hash
end
def has_rank_details?

View File

@ -18,7 +18,11 @@ class TopicListSerializer < ApplicationSerializer
end
def can_create_topic
scope.can_create?(Topic)
if object.category.present?
scope.can_create?(Topic, object.category)
else
scope.can_create?(Topic)
end
end
def include_more_topics_url?

View File

@ -244,7 +244,9 @@ class Guardian
end
def can_create_topic?(parent)
user && user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i && can_create_post?(parent)
user &&
user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
can_create_post?(parent)
end
def can_create_topic_on_category?(category)