Module: PostGuardian
- Included in:
- Guardian
- Defined in:
- lib/guardian/post_guardian.rb
Overview
mixin for all guardian methods dealing with post permissions
Instance Method Summary collapse
- #can_change_post_owner? ⇒ Boolean
- #can_change_post_timestamps? ⇒ Boolean
- #can_change_post_type? ⇒ Boolean
- #can_create_post?(topic) ⇒ Boolean
- #can_delete_all_posts?(user) ⇒ Boolean
- #can_delete_post?(post) ⇒ Boolean
- #can_delete_post_action?(post_action) ⇒ Boolean
- #can_delete_post_or_topic?(post) ⇒ Boolean
- #can_edit_hidden_post?(post) ⇒ Boolean
- #can_edit_post?(post) ⇒ Boolean
- #can_lock_post?(post) ⇒ Boolean
- #can_permanently_delete_post?(post) ⇒ Boolean
- #can_post_link?(host: nil) ⇒ Boolean
- #can_rebake? ⇒ Boolean
- #can_receive_post_notifications?(post) ⇒ Boolean
- #can_recover_post?(post) ⇒ Boolean
- #can_see_deleted_post?(post) ⇒ Boolean
- #can_see_deleted_posts?(category = nil) ⇒ Boolean
- #can_see_flagged_posts? ⇒ Boolean
- #can_see_hidden_post?(post) ⇒ Boolean
- #can_see_post?(post) ⇒ Boolean
-
#can_see_post_actors?(topic, post_action_type_id) ⇒ Boolean
Can we see who acted on a post in a particular way?.
- #can_skip_bump? ⇒ Boolean
- #can_unhide?(post) ⇒ Boolean
- #can_view_edit_history?(post) ⇒ Boolean
- #can_view_raw_email?(post) ⇒ Boolean
- #can_wiki?(post) ⇒ Boolean
- #is_in_edit_post_groups? ⇒ Boolean
- #link_posting_access ⇒ Object
-
#post_can_act?(post, action_key, opts: {}, can_see_post: nil) ⇒ Boolean
Can the user act on the post in a particular way.
- #trusted_with_post_edits? ⇒ Boolean
- #unrestricted_link_posting? ⇒ Boolean
Instance Method Details
#can_change_post_owner? ⇒ Boolean
347 348 349 350 351 |
# File 'lib/guardian/post_guardian.rb', line 347 def can_change_post_owner? return true if is_admin? SiteSetting.moderators_change_post_ownership && is_staff? end |
#can_change_post_timestamps? ⇒ Boolean
353 354 355 |
# File 'lib/guardian/post_guardian.rb', line 353 def is_staff? end |
#can_change_post_type? ⇒ Boolean
369 370 371 |
# File 'lib/guardian/post_guardian.rb', line 369 def can_change_post_type? is_staff? end |
#can_create_post?(topic) ⇒ Boolean
143 144 145 146 147 148 149 150 |
# File 'lib/guardian/post_guardian.rb', line 143 def can_create_post?(topic) return can_create_post_in_topic?(topic) if !topic key = topic_memoize_key(topic) @can_create_post ||= {} @can_create_post.fetch(key) { @can_create_post[key] = can_create_post_in_topic?(topic) } end |
#can_delete_all_posts?(user) ⇒ Boolean
130 131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/guardian/post_guardian.rb', line 130 def can_delete_all_posts?(user) is_staff? && user && !user.admin? && ( is_admin? || ( ( user.first_post_created_at.nil? || user.first_post_created_at >= SiteSetting.delete_user_max_post_age.days.ago ) && user.post_count <= SiteSetting.delete_all_posts_max.to_i ) ) end |
#can_delete_post?(post) ⇒ Boolean
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
# File 'lib/guardian/post_guardian.rb', line 215 def can_delete_post?(post) return false if !can_see_post?(post) # Can't delete the first post return false if post.is_first_post? return true if is_staff? || is_category_group_moderator?(post.topic&.category) return true if user.in_any_groups?(SiteSetting.delete_all_posts_and_topics_allowed_groups_map) # Can't delete posts in archived topics unless you are staff return false if post.topic&.archived? # You can delete your own posts if is_my_own?(post) if ( SiteSetting.max_post_deletions_per_minute < 1 || SiteSetting.max_post_deletions_per_day < 1 ) return false end return true if !post.user_deleted? end false end |
#can_delete_post_action?(post_action) ⇒ Boolean
274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 |
# File 'lib/guardian/post_guardian.rb', line 274 def can_delete_post_action?(post_action) return false unless is_my_own?(post_action) && !post_action. ok_to_delete = post_action.created_at > SiteSetting.post_undo_action_window_mins.minutes.ago && !post_action.post&.topic&.archived? # NOTE: This looks strange...but we are checking if someone is posting anonymously # as a AnonymousUser model, _not_ as Guardian::AnonymousUser which is a different thing # used when !authenticated? if authenticated? && is_anonymous? return( ok_to_delete && SiteSetting.allow_anonymous_likes? && post_action.is_like? && is_my_own?(post_action) ) end ok_to_delete end |
#can_delete_post_or_topic?(post) ⇒ Boolean
211 212 213 |
# File 'lib/guardian/post_guardian.rb', line 211 def can_delete_post_or_topic?(post) post.is_first_post? ? post.topic && can_delete_topic?(post.topic) : can_delete_post?(post) end |
#can_edit_hidden_post?(post) ⇒ Boolean
205 206 207 208 209 |
# File 'lib/guardian/post_guardian.rb', line 205 def can_edit_hidden_post?(post) return false if post.nil? post.hidden_at.nil? || post.hidden_at < SiteSetting.cooldown_minutes_after_hiding_posts.minutes.ago end |
#can_edit_post?(post) ⇒ Boolean
152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/guardian/post_guardian.rb', line 152 def can_edit_post?(post) return false if Discourse.static_doc_topic_ids.include?(post.topic_id) && !is_admin? return true if is_admin? # Must be staff to edit a locked post return false if post.locked? && !is_staff? if (is_staff? || is_in_edit_post_groups? || is_category_group_moderator?(post.topic&.category)) return can_create_post?(post.topic) end return false if post.topic&.archived? || post.user_deleted || post.deleted_at # Editing a shared draft. if ( can_see_post?(post) && can_create_post?(post.topic) && post.topic.category_id == SiteSetting.shared_drafts_category.to_i && can_see_category?(post.topic.category) && can_see_shared_draft? ) return true end if post.wiki && @user.in_any_groups?(SiteSetting.edit_wiki_post_allowed_groups_map) return can_create_post?(post.topic) end return false if !trusted_with_post_edits? if is_my_own?(post) return false if @user.silenced? return can_edit_hidden_post?(post) if post.hidden? if post.is_first_post? && post.topic.category_allows_unlimited_owner_edits_on_first_post? return true end return !post.edit_time_limit_expired?(@user) end if post.is_category_description? return true if can_edit_category_description?(post.topic.category) end false end |
#can_lock_post?(post) ⇒ Boolean
110 111 112 |
# File 'lib/guardian/post_guardian.rb', line 110 def can_lock_post?(post) can_see_post?(post) && is_staff? end |
#can_permanently_delete_post?(post) ⇒ Boolean
242 243 244 245 246 247 248 249 250 251 252 |
# File 'lib/guardian/post_guardian.rb', line 242 def can_permanently_delete_post?(post) return false if !SiteSetting.can_permanently_delete return false if !post return false if post.is_first_post? return false if !is_admin? || !can_edit_post?(post) return false if !post.deleted_at if post.deleted_by_id == @user.id && post.deleted_at >= Post::PERMANENT_DELETE_TIMER.ago return false end true end |
#can_post_link?(host: nil) ⇒ Boolean
19 20 21 22 23 |
# File 'lib/guardian/post_guardian.rb', line 19 def can_post_link?(host: nil) return false if host.blank? unrestricted_link_posting? || SiteSetting.allowed_link_domains.split("|").include?(host) end |
#can_rebake? ⇒ Boolean
373 374 375 |
# File 'lib/guardian/post_guardian.rb', line 373 def can_rebake? is_staff? || @user.has_trust_level?(TrustLevel[4]) end |
#can_receive_post_notifications?(post) ⇒ Boolean
294 295 296 297 298 299 300 301 302 303 304 |
# File 'lib/guardian/post_guardian.rb', line 294 def can_receive_post_notifications?(post) return false if !authenticated? if is_admin? && SiteSetting.suppress_secured_categories_from_admin topic = post.topic if !topic. && topic.category.read_restricted return secure_category_ids.include?(topic.category_id) end end can_see_post?(post) end |
#can_recover_post?(post) ⇒ Boolean
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'lib/guardian/post_guardian.rb', line 254 def can_recover_post?(post) return false unless post # PERF, vast majority of the time topic will not be deleted topic = (post.topic || Topic.with_deleted.find(post.topic_id)) if post.topic_id return true if can_moderate_topic?(topic) && !!post.deleted_at if is_my_own?(post) if ( SiteSetting.max_post_deletions_per_minute < 1 || SiteSetting.max_post_deletions_per_day < 1 ) return false end return true if post.user_deleted && !post.deleted_at end false end |
#can_see_deleted_post?(post) ⇒ Boolean
321 322 323 324 325 326 |
# File 'lib/guardian/post_guardian.rb', line 321 def can_see_deleted_post?(post) return false if !post.trashed? return false if @user.anonymous? return true if is_staff? post.deleted_by_id == @user.id && @user.has_trust_level?(TrustLevel[4]) end |
#can_see_deleted_posts?(category = nil) ⇒ Boolean
381 382 383 384 |
# File 'lib/guardian/post_guardian.rb', line 381 def can_see_deleted_posts?(category = nil) is_staff? || is_category_group_moderator?(category) || @user.in_any_groups?(SiteSetting.delete_all_posts_and_topics_allowed_groups_map) end |
#can_see_flagged_posts? ⇒ Boolean
377 378 379 |
# File 'lib/guardian/post_guardian.rb', line 377 def can_see_flagged_posts? is_staff? end |
#can_see_hidden_post?(post) ⇒ Boolean
328 329 330 331 332 333 334 335 |
# File 'lib/guardian/post_guardian.rb', line 328 def can_see_hidden_post?(post) if SiteSetting.hidden_post_visible_groups_map.include?(Group::AUTO_GROUPS[:everyone]) return true end return false if anonymous? return true if is_staff? post.user_id == @user.id || @user.in_any_groups?(SiteSetting.hidden_post_visible_groups_map) end |
#can_see_post?(post) ⇒ Boolean
306 307 308 309 310 311 312 313 314 315 316 317 318 319 |
# File 'lib/guardian/post_guardian.rb', line 306 def can_see_post?(post) return false if post.blank? return true if is_admin? return false unless can_see_post_topic?(post) unless post.user == @user || Topic.visible_post_types(@user).include?(post.post_type) return false end return true if is_moderator? || is_category_group_moderator?(post.topic.category) if (!post.trashed? || can_see_deleted_post?(post)) && (!post.hidden? || can_see_hidden_post?(post)) return true end false end |
#can_see_post_actors?(topic, post_action_type_id) ⇒ Boolean
Can we see who acted on a post in a particular way?
115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/guardian/post_guardian.rb', line 115 def can_see_post_actors?(topic, post_action_type_id) return true if is_admin? return false unless topic post_action_type_view = PostActionTypeView.new type_symbol = post_action_type_view.types[post_action_type_id] return false if type_symbol == :bookmark return false if type_symbol == :notify_user && !is_moderator? return can_see_flags?(topic) if post_action_type_view.is_flag?(type_symbol) true end |
#can_skip_bump? ⇒ Boolean
394 395 396 |
# File 'lib/guardian/post_guardian.rb', line 394 def can_skip_bump? is_staff? || @user.has_trust_level?(TrustLevel[4]) end |
#can_unhide?(post) ⇒ Boolean
390 391 392 |
# File 'lib/guardian/post_guardian.rb', line 390 def can_unhide?(post) post.try(:hidden) && is_staff? end |
#can_view_edit_history?(post) ⇒ Boolean
337 338 339 340 341 342 343 344 345 |
# File 'lib/guardian/post_guardian.rb', line 337 def can_view_edit_history?(post) return false unless post if !post.hidden return true if post.wiki || SiteSetting.edit_history_visible_to_public end authenticated? && (is_staff? || @user.id == post.user_id) && can_see_post?(post) end |
#can_view_raw_email?(post) ⇒ Boolean
386 387 388 |
# File 'lib/guardian/post_guardian.rb', line 386 def can_view_raw_email?(post) post && @user.in_any_groups?(SiteSetting.view_raw_email_allowed_groups_map) end |
#can_wiki?(post) ⇒ Boolean
357 358 359 360 361 362 363 364 365 366 367 |
# File 'lib/guardian/post_guardian.rb', line 357 def can_wiki?(post) return false unless authenticated? return true if is_staff? || @user.has_trust_level?(TrustLevel[4]) if @user.in_any_groups?(SiteSetting.self_wiki_allowed_groups_map) && is_my_own?(post) return false if post.hidden? return !post.edit_time_limit_expired?(@user) end false end |
#is_in_edit_post_groups? ⇒ Boolean
200 201 202 203 |
# File 'lib/guardian/post_guardian.rb', line 200 def is_in_edit_post_groups? SiteSetting.edit_all_post_groups.present? && user.in_any_groups?(SiteSetting.edit_all_post_groups.to_s.split("|").map(&:to_i)) end |
#link_posting_access ⇒ Object
9 10 11 12 13 14 15 16 17 |
# File 'lib/guardian/post_guardian.rb', line 9 def link_posting_access if unrestricted_link_posting? "full" elsif SiteSetting.allowed_link_domains.present? "limited" else "none" end end |
#post_can_act?(post, action_key, opts: {}, can_see_post: nil) ⇒ Boolean
Can the user act on the post in a particular way.
taken_actions = the list of actions the user has already taken
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/guardian/post_guardian.rb', line 27 def post_can_act?(post, action_key, opts: {}, can_see_post: nil) return false if !(can_see_post.nil? && can_see_post?(post)) && !can_see_post # no warnings except for staff if action_key == :notify_user && ( post.user.blank? || (!is_staff? && opts[:is_warning].present? && opts[:is_warning] == "true") ) return false end taken = opts[:taken_actions].try(:keys).to_a post_action_type_view = opts[:post_action_type_view] || PostActionTypeView.new is_flag = if (opts[:notify_flag_types] && opts[:additional_message_types]) opts[:notify_flag_types][action_key] || opts[:additional_message_types][action_key] else post_action_type_view.notify_flag_types[action_key] || post_action_type_view.[action_key] end already_taken_this_action = taken.any? && taken.include?(post_action_type_view.types[action_key]) already_did_flagging = taken.any? && (taken & post_action_type_view.notify_flag_types.values).any? result = if authenticated? && post # Allow anonymous users to like if feature is enabled and short-circuit otherwise return SiteSetting.allow_anonymous_likes? && (action_key == :like) if @user.anonymous? # Silenced users can't flag return false if is_flag && @user.silenced? # Hidden posts can't be flagged return false if is_flag && post.hidden? # post made by staff, but we don't allow staff flags return false if is_flag && (!SiteSetting.allow_flagging_staff?) && post&.user&.staff? if is_flag && post_action_type_view.disabled_flag_types.keys.include?(action_key) return false end if action_key == :notify_user && !@user.in_any_groups?(SiteSetting.) # The modifier below is used to add additional permissions for notifying users. # In core the only method of notifying a user is personal messages so we check if the # user can PM. Plugins can extend the behavior of how users are notifier via `notify_user` # post action, and this allows extension for that use case. can_notify = false can_notify = DiscoursePluginRegistry.apply_modifier( :post_guardian_can_notify_user, can_notify, self, post, ) return can_notify end # we allow flagging for trust level 1 and higher # always allowed for private messages ( is_flag && not(already_did_flagging) && ( @user.in_any_groups?(SiteSetting.flag_post_allowed_groups_map) || post.topic. ) ) || # not a flagging action, and haven't done it already not(is_flag || already_taken_this_action) && # nothing except flagging on archived topics not(post.topic&.archived?) && # nothing except flagging on deleted posts not(post.trashed?) && # don't like your own stuff not(action_key == :like && (post.user.blank? || is_my_own?(post))) end !!result end |
#trusted_with_post_edits? ⇒ Boolean
398 399 400 |
# File 'lib/guardian/post_guardian.rb', line 398 def trusted_with_post_edits? is_staff? || @user.in_any_groups?(SiteSetting.edit_post_allowed_groups_map) end |
#unrestricted_link_posting? ⇒ Boolean
5 6 7 |
# File 'lib/guardian/post_guardian.rb', line 5 def unrestricted_link_posting? authenticated? && (is_staff? || @user.in_any_groups?(SiteSetting.post_links_allowed_groups_map)) end |