github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-29 03:03:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
4f63bc8ed2
discourse/lib/guardian/topic_guardian.rb
Sam 4f63bc8ed2
FEATURE: hidden site setting to suppress unsecured categories from admins (#19098) 
The hidden site setting `suppress_secured_categories_from_admin` will
suppress visibility of categories without explicit access from admins
in a few key areas (category drop downs and topic lists)

It is not intended to be a security wall since admins can amend any site
setting. Instead it is feature that allows hiding the categories from the
UI.

Admins will still be able to see topics in categories without explicit
access using direct URLs or flags.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-11-18 14:37:36 +11:00

364 lines
12 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
#mixin for all guardian methods dealing with topic permissions
module TopicGuardian
def can_remove_allowed_users?(topic, target_user = nil)
is_staff? ||
(topic.user == @user && @user.has_trust_level?(TrustLevel[2])) ||
(
topic.allowed_users.count > 1 &&
topic.user != target_user &&
!!(target_user && user == target_user)
)
end
def can_review_topic?(topic)
return false if anonymous? || topic.nil?
return true if is_staff?
is_category_group_moderator?(topic.category)
end
def can_moderate_topic?(topic)
return false if anonymous? || topic.nil?
return true if is_staff?
can_perform_action_available_to_group_moderators?(topic)
end
def can_create_shared_draft?
SiteSetting.shared_drafts_enabled? && can_see_shared_draft?
end
def can_see_shared_draft?
@user.has_trust_level_or_staff?(SiteSetting.shared_drafts_min_trust_level)
end
def can_create_whisper?
@user.whisperer?
end
def can_see_whispers?(_topic = nil)
@user.whisperer?
end
def can_publish_topic?(topic, category)
can_see_shared_draft? && can_see?(topic) && can_create_topic_on_category?(category)
end
# Creating Methods
def can_create_topic?(parent)
is_staff? ||
(user &&
user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
can_create_post?(parent) &&
Category.topic_create_allowed(self).limit(1).count == 1)
end
def can_create_topic_on_category?(category)
# allow for category to be a number as well
category_id = Category === category ? category.id : category
can_create_topic?(nil) &&
(!category || Category.topic_create_allowed(self).where(id: category_id).count == 1)
end
def can_move_topic_to_category?(category)
category = Category === category ? category : Category.find(category || SiteSetting.uncategorized_category_id)
is_staff? || (can_create_topic_on_category?(category) && !category.require_topic_approval?)
end
def can_create_post_on_topic?(topic)
# No users can create posts on deleted topics
return false if topic.blank?
return false if topic.trashed?
return true if is_admin?
trusted = (authenticated? && user.has_trust_level?(TrustLevel[4])) || is_moderator? || can_perform_action_available_to_group_moderators?(topic)
(!(topic.closed? || topic.archived?) || trusted) && can_create_post?(topic)
end
# Editing Method
def can_edit_topic?(topic)
return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
return false unless can_see?(topic)
first_post = topic.first_post
return false if first_post&.locked? && !is_staff?
return true if is_admin?
return true if is_moderator? && can_create_post?(topic)
return true if is_category_group_moderator?(topic.category)
# can't edit topics in secured categories where you don't have permission to create topics
# except for a tiny edge case where the topic is uncategorized and you are trying
# to fix it but uncategorized is disabled
if (
SiteSetting.allow_uncategorized_topics ||
topic.category_id != SiteSetting.uncategorized_category_id
)
return false if !can_create_topic_on_category?(topic.category)
end
# Editing a shared draft.
return true if (
!topic.archived &&
!topic.private_message? &&
topic.category_id == SiteSetting.shared_drafts_category.to_i &&
can_see_category?(topic.category) &&
can_see_shared_draft? &&
can_create_post?(topic)
)
# TL4 users can edit archived topics, but can not edit private messages
return true if (
SiteSetting.trusted_users_can_edit_others? &&
topic.archived &&
!topic.private_message? &&
user.has_trust_level?(TrustLevel[4]) &&
can_create_post?(topic)
)
# TL3 users can not edit archived topics and private messages
return true if (
SiteSetting.trusted_users_can_edit_others? &&
!topic.archived &&
!topic.private_message? &&
user.has_trust_level?(TrustLevel[3]) &&
can_create_post?(topic)
)
return false if topic.archived
is_my_own?(topic) &&
!topic.edit_time_limit_expired?(user) &&
!first_post&.locked? &&
(!first_post&.hidden? || can_edit_hidden_post?(first_post))
end
def can_recover_topic?(topic)
if is_staff? || (topic&.category && is_category_group_moderator?(topic.category))
!!(topic && topic.deleted_at)
else
topic && can_recover_post?(topic.ordered_posts.first)
end
end
def can_delete_topic?(topic)
!topic.trashed? &&
(is_staff? || (is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at && topic.created_at > 24.hours.ago) || is_category_group_moderator?(topic.category)) &&
!topic.is_category_topic? &&
!Discourse.static_doc_topic_ids.include?(topic.id)
end
def can_permanently_delete_topic?(topic)
return false if !SiteSetting.can_permanently_delete
return false if !topic
# Ensure that all posts (including small actions) are at least soft
# deleted.
return false if topic.posts_count > 0
# All other posts that were deleted still must be permanently deleted
# before the topic can be deleted with the exception of small action
# posts that will be deleted right before the topic is.
all_posts_count = Post.with_deleted
.where(topic_id: topic.id)
.where(post_type: [Post.types[:regular], Post.types[:moderator_action], Post.types[:whisper]])
.count
return false if all_posts_count > 1
return false if !is_admin? || !can_see_topic?(topic)
return false if !topic.deleted_at
return false if topic.deleted_by_id == @user.id && topic.deleted_at >= Post::PERMANENT_DELETE_TIMER.ago
true
end
def can_toggle_topic_visibility?(topic)
can_moderate?(topic) || can_perform_action_available_to_group_moderators?(topic)
end
def can_convert_topic?(topic)
return false unless @user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)
return false if topic.blank?
return false if topic.trashed?
return false if topic.is_category_topic?
return true if is_admin?
is_moderator? && can_create_post?(topic)
end
def can_reply_as_new_topic?(topic)
authenticated? && topic && @user.has_trust_level?(TrustLevel[1])
end
def can_see_deleted_topics?(category)
is_staff? || is_category_group_moderator?(category)
end
# Accepts an array of `Topic#id` and returns an array of `Topic#id` which the user can see.
def can_see_topic_ids(topic_ids: [], hide_deleted: true)
topic_ids = topic_ids.compact
return topic_ids if is_admin?
return [] if topic_ids.blank?
default_scope = Topic.unscoped.where(id: topic_ids)
# When `hide_deleted` is `true`, hide deleted topics if user is not staff or category moderator
if hide_deleted && !is_staff?
if category_group_moderation_allowed?
default_scope = default_scope.where(<<~SQL)
(
deleted_at IS NULL OR
(
deleted_at IS NOT NULL
AND topics.category_id IN (#{category_group_moderator_scope.select(:id).to_sql})
)
)
SQL
else
default_scope = default_scope.where("deleted_at IS NULL")
end
end
# Filter out topics with shared drafts if user cannot see shared drafts
if !can_see_shared_draft?
default_scope = default_scope.left_outer_joins(:shared_draft).where("shared_drafts.id IS NULL")
end
all_topics_scope =
if authenticated?
Topic.unscoped.merge(
secured_regular_topic_scope(default_scope, topic_ids: topic_ids).or(private_message_topic_scope(default_scope))
)
else
Topic.unscoped.merge(secured_regular_topic_scope(default_scope, topic_ids: topic_ids))
end
all_topics_scope.pluck(:id)
end
def can_see_topic?(topic, hide_deleted = true)
return false unless topic
return true if is_admin?
return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?(topic.category)
if topic.private_message?
return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?
end
return false if topic.shared_draft && !can_see_shared_draft?
category = topic.category
can_see_category?(category) &&
(!category.read_restricted || !is_staged? || secure_category_ids.include?(category.id) || topic.user == user)
end
def can_get_access_to_topic?(topic)
topic&.access_topic_via_group.present? && authenticated?
end
def filter_allowed_categories(records)
return records if is_admin? && !SiteSetting.suppress_secured_categories_from_admin
records = allowed_category_ids.size == 0 ?
records.where('topics.category_id IS NULL') :
records.where('topics.category_id IS NULL or topics.category_id IN (?)', allowed_category_ids)
records.references(:categories)
end
def can_edit_featured_link?(category_id)
return false unless SiteSetting.topic_featured_link_enabled
return false unless @user.trust_level >= TrustLevel.levels[:basic]
Category.where(id: category_id || SiteSetting.uncategorized_category_id, topic_featured_link_allowed: true).exists?
end
def can_update_bumped_at?
is_staff? || @user.has_trust_level?(TrustLevel[4])
end
def can_banner_topic?(topic)
topic && authenticated? && !topic.private_message? && is_staff?
end
def can_edit_tags?(topic)
return false unless can_tag_topics?
return false if topic.private_message? && !can_tag_pms?
return true if can_edit_topic?(topic)
if topic&.first_post&.wiki && (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i)
return can_create_post?(topic)
end
false
end
def can_perform_action_available_to_group_moderators?(topic)
return false if anonymous? || topic.nil?
return true if is_staff?
return true if @user.has_trust_level?(TrustLevel[4])
is_category_group_moderator?(topic.category)
end
alias :can_archive_topic? :can_perform_action_available_to_group_moderators?
alias :can_close_topic? :can_perform_action_available_to_group_moderators?
alias :can_open_topic? :can_perform_action_available_to_group_moderators?
alias :can_split_merge_topic? :can_perform_action_available_to_group_moderators?
alias :can_edit_staff_notes? :can_perform_action_available_to_group_moderators?
alias :can_pin_unpin_topic? :can_perform_action_available_to_group_moderators?
def can_move_posts?(topic)
return false if is_silenced?
can_perform_action_available_to_group_moderators?(topic)
end
def affected_by_slow_mode?(topic)
topic&.slow_mode_seconds.to_i > 0 && @user.human? && !is_staff?
end
private
def private_message_topic_scope(scope)
pm_scope = scope.private_messages_for_user(user)
if is_moderator?
pm_scope = pm_scope.or(scope.where(<<~SQL))
topics.subtype = '#{TopicSubtype.moderator_warning}'
OR topics.id IN (#{Topic.has_flag_scope.select(:topic_id).to_sql})
SQL
end
pm_scope
end
def secured_regular_topic_scope(scope, topic_ids:)
secured_scope = Topic.unscoped.secured(self)
# Staged users are allowed to see their own topics in read restricted categories when Category#email_in and
# Category#email_in_allow_strangers has been configured.
if is_staged?
sql = <<~SQL
topics.id IN (
SELECT
topics.id
FROM topics
INNER JOIN categories ON categories.id = topics.category_id
WHERE categories.read_restricted
AND categories.email_in IS NOT NULL
AND categories.email_in_allow_strangers
AND topics.user_id = :user_id
AND topics.id IN (:topic_ids)
)
SQL
secured_scope = secured_scope.or(Topic.unscoped.where(sql, user_id: user.id, topic_ids: topic_ids))
end
scope.listable_topics.merge(secured_scope)
end
end
Reference in New Issue View Git Blame Copy Permalink