diff --git a/plugins/poll/app/models/poll.rb b/plugins/poll/app/models/poll.rb index fcf71f9158b..4f7e0bd584a 100644 --- a/plugins/poll/app/models/poll.rb +++ b/plugins/poll/app/models/poll.rb @@ -47,7 +47,11 @@ class Poll < ActiveRecord::Base def can_see_results?(user) return !!user&.staff? if staff_only? - !!(always? || (on_vote? && has_voted?(user)) || is_closed?) + !!(always? || (on_vote? && (is_me?(user) || has_voted?(user))) || is_closed?) + end + + def is_me?(user) + user && post.user&.id == user&.id end def has_voted?(user) diff --git a/plugins/poll/app/serializers/poll_serializer.rb b/plugins/poll/app/serializers/poll_serializer.rb index 53b7c1d5e2b..c540d7b34b6 100644 --- a/plugins/poll/app/serializers/poll_serializer.rb +++ b/plugins/poll/app/serializers/poll_serializer.rb @@ -61,7 +61,7 @@ class PollSerializer < ApplicationSerializer end def include_preloaded_voters? - object.can_see_voters?(scope) + object.can_see_voters?(scope.user) end end diff --git a/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 b/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 index 1f71dea0218..9564ec89e01 100644 --- a/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 +++ b/plugins/poll/assets/javascripts/widgets/discourse-poll.js.es6 @@ -678,6 +678,7 @@ createWidget("discourse-poll-buttons", { const staffOnly = poll.results === "staff_only"; const isStaff = this.currentUser && this.currentUser.staff; const isAdmin = this.currentUser && this.currentUser.admin; + const isMe = this.currentUser && post.user_id === this.currentUser.id; const dataExplorerEnabled = this.siteSettings.data_explorer_enabled; const hideResultsDisabled = !staffOnly && (closed || topicArchived); const exportQueryID = this.siteSettings.poll_export_data_explorer_query_id; @@ -710,7 +711,7 @@ createWidget("discourse-poll-buttons", { }) ); } else { - if (poll.get("results") === "on_vote" && !attrs.hasVoted) { + if (poll.get("results") === "on_vote" && !attrs.hasVoted && !isMe) { contents.push(infoTextHtml(I18n.t("poll.results.vote.title"))); } else if (poll.get("results") === "on_close" && !closed) { contents.push(infoTextHtml(I18n.t("poll.results.closed.title"))); diff --git a/plugins/poll/lib/polls_updater.rb b/plugins/poll/lib/polls_updater.rb index 1b2e62f8a14..f50edc0f4ee 100644 --- a/plugins/poll/lib/polls_updater.rb +++ b/plugins/poll/lib/polls_updater.rb @@ -93,7 +93,7 @@ module DiscoursePoll if has_changed polls = ::Poll.includes(poll_options: :poll_votes).where(post: post) - polls = ActiveModel::ArraySerializer.new(polls, each_serializer: PollSerializer, root: false).as_json + polls = ActiveModel::ArraySerializer.new(polls, each_serializer: PollSerializer, root: false, scope: Guardian.new(nil)).as_json post.publish_message!("/polls/#{post.topic_id}", post_id: post.id, polls: polls) end end diff --git a/plugins/poll/plugin.rb b/plugins/poll/plugin.rb index bf5163295b2..e0c1057e36d 100644 --- a/plugins/poll/plugin.rb +++ b/plugins/poll/plugin.rb @@ -62,7 +62,8 @@ after_initialize do end # user must be allowed to post in topic - if !Guardian.new(user).can_create_post?(post.topic) + guardian = Guardian.new(user) + if !guardian.can_create_post?(post.topic) raise StandardError.new I18n.t("poll.user_cant_post_in_topic") end @@ -108,7 +109,7 @@ after_initialize do poll.reload - serialized_poll = PollSerializer.new(poll, root: false).as_json + serialized_poll = PollSerializer.new(poll, root: false, scope: guardian).as_json payload = { post_id: post_id, polls: [serialized_poll] } post.publish_message!("/polls/#{post.topic_id}", payload) @@ -120,6 +121,7 @@ after_initialize do def toggle_status(post_id, poll_name, status, user, raise_errors = true) Poll.transaction do post = Post.find_by(id: post_id) + guardian = Guardian.new(user) # post must not be deleted if post.nil? || post.trashed? @@ -149,7 +151,7 @@ after_initialize do poll.status = status poll.save! - serialized_poll = PollSerializer.new(poll, root: false).as_json + serialized_poll = PollSerializer.new(poll, root: false, scope: guardian).as_json payload = { post_id: post_id, polls: [serialized_poll] } post.publish_message!("/polls/#{post.topic_id}", payload) @@ -542,11 +544,12 @@ after_initialize do end end - on(:post_created) do |post| + on(:post_created) do |post, _opts, user| + guardian = Guardian.new(user) DiscoursePoll::Poll.schedule_jobs(post) unless post.is_first_post? - polls = ActiveModel::ArraySerializer.new(post.polls, each_serializer: PollSerializer, root: false).as_json + polls = ActiveModel::ArraySerializer.new(post.polls, each_serializer: PollSerializer, root: false, scope: guardian).as_json post.publish_message!("/polls/#{post.topic_id}", post_id: post.id, polls: polls) end end @@ -594,7 +597,7 @@ after_initialize do end add_to_serializer(:post, :polls, false) do - preloaded_polls.map { |p| PollSerializer.new(p, root: false) } + preloaded_polls.map { |p| PollSerializer.new(p, root: false, scope: self.scope) } end add_to_serializer(:post, :include_polls?) do diff --git a/plugins/poll/spec/models/poll_spec.rb b/plugins/poll/spec/models/poll_spec.rb index a8df54a2f74..55e6567d47c 100644 --- a/plugins/poll/spec/models/poll_spec.rb +++ b/plugins/poll/spec/models/poll_spec.rb @@ -31,10 +31,21 @@ describe ::DiscoursePoll::Poll do option = poll.poll_options.first expect(poll.can_see_results?(user)).to eq(false) - poll.poll_votes.create!(poll_option_id: option.id , user_id: user.id) + poll.poll_votes.create!(poll_option_id: option.id, user_id: user.id) expect(poll.can_see_results?(user)).to eq(true) end + it "author can see results when results setting is on_vote" do + author = Fabricate(:user) + post = Fabricate(:post, user: author, raw: "[poll results=on_vote]\n- A\n- B\n[/poll]") + poll = post.polls.first + option = poll.poll_options.first + + expect(poll.can_see_results?(author)).to eq(true) + poll.poll_votes.create!(poll_option_id: option.id, user_id: author.id) + expect(poll.can_see_results?(author)).to eq(true) + end + it "everyone can see results when results setting is on_vote and poll is closed" do post = Fabricate(:post, raw: "[poll results=on_vote]\n- A\n- B\n[/poll]") user = Fabricate(:user)