github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 03:36:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Don't let users edit wiki posts unless they can reply

Browse Source
This commit is contained in:
Robin Ward
2017-05-08 16:23:11 -04:00
parent 009e120e13
commit addc85cd08
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/guardian/post_guardian.rb
View File

@ -106,7 +106,7 @@ module PostGuardian
end end
if post.wiki && (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i) if post.wiki && (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i)
return true return can_create_post?(post.topic)
end end
if @user.trust_level < SiteSetting.min_trust_to_edit_post if @user.trust_level < SiteSetting.min_trust_to_edit_post

13
spec/components/guardian_spec.rb
View File

@ -1050,6 +1050,19 @@ describe Guardian do
expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy expect(Guardian.new(coding_horror).can_edit?(post)).to be_truthy
end end
it "returns false if a wiki but the user can't create a post" do
c = Fabricate(:category)
c.set_permissions(:everyone => :readonly)
c.save
topic = Fabricate(:topic, category: c)
post = Fabricate(:post, topic: topic)
post.wiki = true
user = Fabricate(:user)
expect(Guardian.new(user).can_edit?(post)).to eq(false)
end
it 'returns true as a moderator' do it 'returns true as a moderator' do
expect(Guardian.new(moderator).can_edit?(post)).to be_truthy expect(Guardian.new(moderator).can_edit?(post)).to be_truthy
end end