FIX: Don't show move topic for private messages for TL4 (#28871)

In TopicController, in addition to ensure_can_move_posts!, we also checked if the topic is private message in this line: ```ruby raise Discourse::InvalidAccess if params[:archetype] == "private_message" && !guardian.is_staff? ``` However, this was not present in `guardian.can_move_posts?`. As a result, the frontend topic view got an incorrect serialized result, thinking that TL4 could move the private message post. In fact, once they tried to move it, they got the `InvalidAccess` error message. This commit fixes that TL4 will no longer sees the "move to" option in the "select post" panel for a private message.
2025-06-04 19:57:18 +08:00 · 2024-09-16 11:30:05 +08:00
parent 991227337a
commit 741e9d70ad
3 changed files with 24 additions and 3 deletions
--- a/spec/lib/guardian_spec.rb
+++ b/spec/lib/guardian_spec.rb
@ -2288,6 +2288,27 @@ RSpec.describe Guardian do
        expect(Guardian.new(admin).can_move_posts?(topic)).to be_truthy
      end
    end
+
+    context "with a private message topic" do
+      fab!(:pm) { Fabricate(:private_message_topic) }
+
+      it "returns false when not logged in" do
+        expect(Guardian.new.can_move_posts?(pm)).to be_falsey
+      end
+
+      it "returns false when not a moderator" do
+        expect(Guardian.new(user).can_move_posts?(pm)).to be_falsey
+        expect(Guardian.new(trust_level_4).can_move_posts?(pm)).to be_falsey
+      end
+
+      it "returns true when a moderator" do
+        expect(Guardian.new(moderator).can_move_posts?(pm)).to be_truthy
+      end
+
+      it "returns true when an admin" do
+        expect(Guardian.new(admin).can_move_posts?(pm)).to be_truthy
+      end
+    end
  end

  describe "#can_delete?" do