github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-06 23:07:28 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

New site setting trusted_users_can_edit_others

Browse Source 
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
This commit is contained in:
Robin Ward
2018-02-22 20:39:24 -05:00
parent ee9be65b2c
commit 69af881f7f
5 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/locales/server.en.yml
View File

@ -1291,6 +1291,7 @@ en:
tl3_requires_likes_given: "The minimum number of likes that must be given in the last (tl3 time period) days to qualify for promotion to trust level 3." tl3_requires_likes_given: "The minimum number of likes that must be given in the last (tl3 time period) days to qualify for promotion to trust level 3."
tl3_requires_likes_received: "The minimum number of likes that must be received in the last (tl3 time period) days to qualify for promotion to trust level 3." tl3_requires_likes_received: "The minimum number of likes that must be received in the last (tl3 time period) days to qualify for promotion to trust level 3."
tl3_links_no_follow: "Do not remove rel=nofollow from links posted by trust level 3 users." tl3_links_no_follow: "Do not remove rel=nofollow from links posted by trust level 3 users."
trusted_users_can_edit_others: "Allow users with high trust levels to edit content from other users"
min_trust_to_create_topic: "The minimum trust level required to create a new topic." min_trust_to_create_topic: "The minimum trust level required to create a new topic."
allow_flagging_staff: "If enabled, users can flag posts from staff accounts." allow_flagging_staff: "If enabled, users can flag posts from staff accounts."

3
config/site_settings.yml
View File

@ -971,6 +971,9 @@ trust:
tl3_links_no_follow: tl3_links_no_follow:
default: false default: false
client: true client: true
trusted_users_can_edit_others:
default: true
client: false
security: security:
force_https: force_https:

10
lib/guardian/post_guardian.rb
View File

@ -115,9 +115,13 @@ module PostGuardian
# Must be staff to edit a locked post # Must be staff to edit a locked post
return false if post.locked? && !is_staff? return false if post.locked? && !is_staff?
if is_staff? || @user.has_trust_level?(TrustLevel[4]) return can_create_post?(post.topic) if (
return can_create_post?(post.topic) is_staff? ||
end (
SiteSetting.trusted_users_can_edit_others? &&
@user.has_trust_level?(TrustLevel[4])
)
)
if post.topic.archived? || post.user_deleted || post.deleted_at if post.topic.archived? || post.user_deleted || post.deleted_at
return false return false

16
lib/guardian/topic_guardian.rb
View File

@ -46,10 +46,22 @@ module TopicGuardian
return false if !can_create_topic_on_category?(topic.category) return false if !can_create_topic_on_category?(topic.category)
# TL4 users can edit archived topics, but can not edit private messages # TL4 users can edit archived topics, but can not edit private messages
return true if (topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[4]) && can_create_post?(topic)) return true if (
SiteSetting.trusted_users_can_edit_others? &&
topic.archived &&
!topic.private_message? &&
user.has_trust_level?(TrustLevel[4]) &&
can_create_post?(topic)
)
# TL3 users can not edit archived topics and private messages # TL3 users can not edit archived topics and private messages
return true if (!topic.archived && !topic.private_message? && user.has_trust_level?(TrustLevel[3]) && can_create_post?(topic)) return true if (
SiteSetting.trusted_users_can_edit_others? &&
!topic.archived &&
!topic.private_message? &&
user.has_trust_level?(TrustLevel[3]) &&
can_create_post?(topic)
)
return false if topic.archived return false if topic.archived
is_my_own?(topic) && !topic.edit_time_limit_expired? is_my_own?(topic) && !topic.edit_time_limit_expired?

15
spec/components/guardian_spec.rb
View File

@ -1225,6 +1225,11 @@ describe Guardian do
expect(Guardian.new(trust_level_4).can_edit?(post)).to be_truthy expect(Guardian.new(trust_level_4).can_edit?(post)).to be_truthy
end end
it 'returns false as a TL4 user if trusted_users_can_edit_others is true' do
SiteSetting.trusted_users_can_edit_others = false
expect(Guardian.new(trust_level_4).can_edit?(post)).to eq(false)
end
it 'returns false when trying to edit a post with no trust' do it 'returns false when trying to edit a post with no trust' do
SiteSetting.min_trust_to_edit_post = 2 SiteSetting.min_trust_to_edit_post = 2
post.user.trust_level = 1 post.user.trust_level = 1
@ -1332,6 +1337,11 @@ describe Guardian do
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true) expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(true)
end end
it 'is false at TL3, if `trusted_users_can_edit_others` is false' do
SiteSetting.trusted_users_can_edit_others = false
expect(Guardian.new(trust_level_3).can_edit?(topic)).to eq(false)
end
it "returns false when the category is read only" do it "returns false when the category is read only" do
topic.category.set_permissions(everyone: :readonly) topic.category.set_permissions(everyone: :readonly)
topic.category.save topic.category.save
@ -1381,6 +1391,11 @@ describe Guardian do
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to be_truthy
end end
it 'is false at TL4, if `trusted_users_can_edit_others` is false' do
SiteSetting.trusted_users_can_edit_others = false
expect(Guardian.new(trust_level_4).can_edit?(archived_topic)).to eq(false)
end
it 'returns false at trust level 3' do it 'returns false at trust level 3' do
expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey expect(Guardian.new(trust_level_3).can_edit?(archived_topic)).to be_falsey
end end