github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 11:11:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: respect moderator group permissions in guardian (#10713)

Browse Source 
Since 9e4ed03, moderators can view groups with visibility level set to "Group owners, members and moderators".

This fixes an issue where moderators can see the group in /g but then get a 404 when clicking on individual groups.
This commit is contained in:
Penar Musaraj
2020-09-21 12:32:43 -04:00
committed by GitHub
parent f1743ff69c
commit 577293c438
3 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/guardian.rb
View File

@ -206,6 +206,7 @@ class Guardian
return false if group.blank?
return true if is_admin? || group.members_visibility_level == Group.visibility_levels[:public]
return true if is_staff? && group.members_visibility_level == Group.visibility_levels[:staff]
return true if is_staff? && group.members_visibility_level == Group.visibility_levels[:members]
return true if authenticated? && group.members_visibility_level == Group.visibility_levels[:logged_on_users]
return false if user.blank?
@ -222,6 +223,7 @@ class Guardian
return false if groups.blank?
return true if is_admin? || groups.all? { |g| g.visibility_level == Group.visibility_levels[:public] }
return true if is_staff? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:staff] }
return true if is_staff? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:members] }
return true if authenticated? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:logged_on_users] }
return false if user.blank?