mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 14:13:38 +08:00
Fixing neglect to determine whether a user has the permission to create a topic on a category (besides being able to create a post) in ListController, TopicList, and TopicListSerializer causing the "Create Topic" button to appear even if a user cannot actually create a topic in that category but can reply to a topic therein.
This commit is contained in:
parent
d4435ba2ac
commit
d9c026bec5
|
@ -11,6 +11,9 @@ class ListController < ApplicationController
|
|||
user = list_target_user
|
||||
list = TopicQuery.new(user, list_opts).public_send("list_#{filter}")
|
||||
list.more_topics_url = construct_url_with(filter, list_opts)
|
||||
if list_opts.include?(:category)
|
||||
list.category = Category.where(name: list_opts[:category]).first
|
||||
end
|
||||
if [:latest, :hot].include?(filter)
|
||||
@description = SiteSetting.site_description
|
||||
@rss = filter
|
||||
|
@ -51,6 +54,7 @@ class ListController < ApplicationController
|
|||
query = TopicQuery.new(current_user, list_opts)
|
||||
list = query.list_latest
|
||||
list.more_topics_url = construct_url_with(:latest, list_opts)
|
||||
list.category = @category if @category
|
||||
respond(list)
|
||||
end
|
||||
|
||||
|
|
|
@ -47,7 +47,11 @@ class TopicList
|
|||
end
|
||||
|
||||
def attributes
|
||||
{'more_topics_url' => page}
|
||||
hash = {'more_topics_url' => page}
|
||||
if @category.present?
|
||||
hash['category'] = @category
|
||||
end
|
||||
hash
|
||||
end
|
||||
|
||||
def has_rank_details?
|
||||
|
|
|
@ -18,7 +18,11 @@ class TopicListSerializer < ApplicationSerializer
|
|||
end
|
||||
|
||||
def can_create_topic
|
||||
scope.can_create?(Topic)
|
||||
if object.category.present?
|
||||
scope.can_create?(Topic, object.category)
|
||||
else
|
||||
scope.can_create?(Topic)
|
||||
end
|
||||
end
|
||||
|
||||
def include_more_topics_url?
|
||||
|
|
|
@ -244,7 +244,9 @@ class Guardian
|
|||
end
|
||||
|
||||
def can_create_topic?(parent)
|
||||
user && user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i && can_create_post?(parent)
|
||||
user &&
|
||||
user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
|
||||
can_create_post?(parent)
|
||||
end
|
||||
|
||||
def can_create_topic_on_category?(category)
|
||||
|
|
Loading…
Reference in New Issue
Block a user