From fc22127726b4fbcd41661d7b3f24daa05b5972e9 Mon Sep 17 00:00:00 2001
From: Neil Lalonde <neillalonde@gmail.com>
Date: Tue, 29 Jul 2014 10:40:02 -0400
Subject: [PATCH] FIX: only admin can edit faq, tos, and privacy policy

---
 lib/discourse.rb                 |  4 ++++
 lib/guardian/post_guardian.rb    |  4 ++++
 lib/guardian/topic_guardian.rb   |  5 ++++-
 spec/components/guardian_spec.rb | 21 +++++++++++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/lib/discourse.rb b/lib/discourse.rb
index fccfa066bb1..cf471c7c578 100644
--- a/lib/discourse.rb
+++ b/lib/discourse.rb
@@ -265,4 +265,8 @@ module Discourse
     { url: $redis.url, namespace: 'sidekiq' }
   end
 
+  def self.static_doc_topic_ids
+    [SiteSetting.tos_topic_id, SiteSetting.guidelines_topic_id, SiteSetting.privacy_topic_id]
+  end
+
 end
diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb
index 5647f71ff89..64ef1937e38 100644
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@@ -72,6 +72,10 @@ module PostGuardian
 
   # Editing Method
   def can_edit_post?(post)
+    if Discourse.static_doc_topic_ids.include?(post.topic_id) && !is_admin?
+      return false
+    end
+
     if is_staff? || @user.has_trust_level?(:elder)
       return true
     end
diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index a486df515bb..13c90b47e1f 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -27,7 +27,10 @@ module TopicGuardian
 
   # Editing Method
   def can_edit_topic?(topic)
-    !topic.archived && (is_staff? || is_my_own?(topic) || user.has_trust_level?(:leader))
+    return false if topic.archived
+    return true if is_my_own?(topic)
+    return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
+    is_staff? || user.has_trust_level?(:leader)
   end
 
   # Recovery Method
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 9af5d7f8032..b1c59d46b91 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -354,6 +354,15 @@ describe Guardian do
         Guardian.new(moderator).can_see?(private_topic).should be_false
         Guardian.new(admin).can_see?(private_topic).should be_true
       end
+
+      it "restricts static doc topics" do
+        tos_topic = Fabricate(:topic, user: Discourse.system_user)
+        SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
+
+        Guardian.new(build(:user)).can_edit?(tos_topic).should be_false
+        Guardian.new(moderator).can_edit?(tos_topic).should be_false
+        Guardian.new(admin).can_edit?(tos_topic).should be_true
+      end
     end
 
     describe 'a Post' do
@@ -784,6 +793,18 @@ describe Guardian do
           Guardian.new(post.user).can_edit?(post).should be_true
         end
       end
+
+      context "first post of a static page doc" do
+        let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
+        let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
+        before { SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id) }
+
+        it "restricts static doc posts" do
+          Guardian.new(build(:user)).can_edit?(tos_first_post).should be_false
+          Guardian.new(moderator).can_edit?(tos_first_post).should be_false
+          Guardian.new(admin).can_edit?(tos_first_post).should be_true
+        end
+      end
     end
 
     describe 'a Topic' do