mirror of
https://github.com/discourse/discourse.git
synced 2024-11-27 20:23:38 +08:00
318efa8093
When enable_personal_messages was disabled, moderators could not see the private messages for the "moderators" group. The link was displayed on the client side, but the checks on the server side did not allow it.
43 lines
1.1 KiB
Ruby
43 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
#mixin for all guardian methods dealing with group permissions
|
|
module GroupGuardian
|
|
|
|
# Creating Method
|
|
def can_create_group?
|
|
is_admin? ||
|
|
(
|
|
SiteSetting.moderators_manage_categories_and_groups &&
|
|
is_moderator?
|
|
)
|
|
end
|
|
|
|
# Edit authority for groups means membership changes only.
|
|
# Automatic groups are not represented in the GROUP_USERS
|
|
# table and thus do not allow membership changes.
|
|
def can_edit_group?(group)
|
|
!group.automatic && can_log_group_changes?(group)
|
|
end
|
|
|
|
def can_log_group_changes?(group)
|
|
can_admin_group?(group) || group.users.where('group_users.owner').include?(user)
|
|
end
|
|
|
|
def can_admin_group?(group)
|
|
is_admin? ||
|
|
(
|
|
SiteSetting.moderators_manage_categories_and_groups &&
|
|
is_moderator? &&
|
|
can_see?(group) &&
|
|
group.id != Group::AUTO_GROUPS[:admins]
|
|
)
|
|
end
|
|
|
|
def can_see_group_messages?(group)
|
|
return true if is_admin?
|
|
return true if is_moderator? && group.id == Group::AUTO_GROUPS[:moderators]
|
|
|
|
SiteSetting.enable_personal_messages? && group.users.include?(user)
|
|
end
|
|
end
|