github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 15:16:08 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: only admin can edit faq, tos, and privacy policy

Browse Source
This commit is contained in:
Neil Lalonde 2014-07-29 10:40:02 -04:00
parent 5bd1dbd953
commit fc22127726
4 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/discourse.rb
View File

@ -265,4 +265,8 @@ module Discourse
{ url: $redis.url, namespace: 'sidekiq' } { url: $redis.url, namespace: 'sidekiq' }
end end
def self.static_doc_topic_ids
[SiteSetting.tos_topic_id, SiteSetting.guidelines_topic_id, SiteSetting.privacy_topic_id]
end
end end

4
lib/guardian/post_guardian.rb
View File

@ -72,6 +72,10 @@ module PostGuardian
# Editing Method # Editing Method
def can_edit_post?(post) def can_edit_post?(post)
if Discourse.static_doc_topic_ids.include?(post.topic_id) && !is_admin?
return false
end
if is_staff? || @user.has_trust_level?(:elder) if is_staff? || @user.has_trust_level?(:elder)
return true return true
end end

5
lib/guardian/topic_guardian.rb
View File

@ -27,7 +27,10 @@ module TopicGuardian
# Editing Method # Editing Method
def can_edit_topic?(topic) def can_edit_topic?(topic)
!topic.archived && (is_staff? || is_my_own?(topic) || user.has_trust_level?(:leader)) return false if topic.archived
return true if is_my_own?(topic)
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
is_staff? || user.has_trust_level?(:leader)
end end
# Recovery Method # Recovery Method

21
spec/components/guardian_spec.rb
View File

@ -354,6 +354,15 @@ describe Guardian do
Guardian.new(moderator).can_see?(private_topic).should be_false Guardian.new(moderator).can_see?(private_topic).should be_false
Guardian.new(admin).can_see?(private_topic).should be_true Guardian.new(admin).can_see?(private_topic).should be_true
end end
it "restricts static doc topics" do
tos_topic = Fabricate(:topic, user: Discourse.system_user)
SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id)
Guardian.new(build(:user)).can_edit?(tos_topic).should be_false
Guardian.new(moderator).can_edit?(tos_topic).should be_false
Guardian.new(admin).can_edit?(tos_topic).should be_true
end
end end
describe 'a Post' do describe 'a Post' do
@ -784,6 +793,18 @@ describe Guardian do
Guardian.new(post.user).can_edit?(post).should be_true Guardian.new(post.user).can_edit?(post).should be_true
end end
end end
context "first post of a static page doc" do
let!(:tos_topic) { Fabricate(:topic, user: Discourse.system_user) }
let!(:tos_first_post) { build(:post, topic: tos_topic, user: tos_topic.user) }
before { SiteSetting.stubs(:tos_topic_id).returns(tos_topic.id) }
it "restricts static doc posts" do
Guardian.new(build(:user)).can_edit?(tos_first_post).should be_false
Guardian.new(moderator).can_edit?(tos_first_post).should be_false
Guardian.new(admin).can_edit?(tos_first_post).should be_true
end
end
end end
describe 'a Topic' do describe 'a Topic' do