mirror of
https://github.com/discourse/discourse.git
synced 2024-12-14 00:23:58 +08:00
62cbb766cd
It used to validate the post from the perspective of the user who created the post. That did not work well when an admin attempted to add a poll to a post created by a user who cannot create posts because it said the user cannot create polls. The problem was that it used post.user for the validation process instead of post.acting_user.
21 lines
528 B
Ruby
21 lines
528 B
Ruby
# frozen_string_literal: true
|
|
|
|
module DiscoursePoll
|
|
class PostValidator
|
|
def initialize(post)
|
|
@post = post
|
|
end
|
|
|
|
def validate_post
|
|
min_trust_level = SiteSetting.poll_minimum_trust_level_to_create
|
|
|
|
if (@post.acting_user && (@post.acting_user.staff? || @post.acting_user.trust_level >= TrustLevel[min_trust_level])) || @post.topic&.pm_with_non_human_user?
|
|
true
|
|
else
|
|
@post.errors.add(:base, I18n.t("poll.insufficient_rights_to_create"))
|
|
false
|
|
end
|
|
end
|
|
end
|
|
end
|