Module: TopicGuardian

Included in:
Guardian
Defined in:
lib/guardian/topic_guardian.rb

Overview

mixin for all guardian methods dealing with topic permissions

Instance Method Summary collapse

Instance Method Details

#affected_by_slow_mode?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


359
360
361
 
# File 'lib/guardian/topic_guardian.rb', line 359

def affected_by_slow_mode?(topic)
  topic&.slow_mode_seconds.to_i > 0 && @user.human? && !is_staff?
end

#can_banner_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


323
324
325
 
# File 'lib/guardian/topic_guardian.rb', line 323

def can_banner_topic?(topic)
  topic && authenticated? && !topic.private_message? && is_staff?
end

#can_convert_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


203
204
205
206
207
208
209
210
 
# File 'lib/guardian/topic_guardian.rb', line 203

def can_convert_topic?(topic)
  return false if topic.blank?
  return false if topic.trashed?
  return false if topic.is_category_topic?
  return true if is_admin?
  return false if !@user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)
  is_moderator? && can_create_post?(topic)
end

#can_create_post_on_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/guardian/topic_guardian.rb', line 77

def can_create_post_on_topic?(topic)
  # No users can create posts on deleted topics
  return false if topic.blank?
  return false if topic.trashed?
  return true if is_admin?

  trusted =
    (authenticated? && user.has_trust_level?(TrustLevel[4])) || is_moderator? ||
      can_perform_action_available_to_group_moderators?(topic)

  (!(topic.closed? || topic.archived?) || trusted) && can_create_post?(topic)
end

#can_create_shared_draft?Boolean

Returns:

  • (Boolean) 


27
28
29
 
# File 'lib/guardian/topic_guardian.rb', line 27

def can_create_shared_draft?
  SiteSetting.shared_drafts_enabled? && can_see_shared_draft?
end

#can_create_topic?(parent) ⇒ Boolean

Creating Methods

Returns:

  • (Boolean) 


48
49
50
51
52
53
54
 
# File 'lib/guardian/topic_guardian.rb', line 48

def can_create_topic?(parent)
  is_staff? ||
    (
      user && user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
        can_create_post?(parent) && Category.topic_create_allowed(self).limit(1).count == 1
    )
end

#can_create_topic_on_category?(category) ⇒ Boolean

Returns:

  • (Boolean) 


56
57
58
59
60
61
62
 
# File 'lib/guardian/topic_guardian.rb', line 56

def can_create_topic_on_category?(category)
  # allow for category to be a number as well
  category_id = Category === category ? category.id : category

  can_create_topic?(nil) &&
    (!category || Category.topic_create_allowed(self).where(id: category_id).count == 1)
end

#can_create_whisper?Boolean

Returns:

  • (Boolean) 


35
36
37
 
# File 'lib/guardian/topic_guardian.rb', line 35

def can_create_whisper?
  @user.whisperer?
end

#can_delete_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


156
157
158
159
160
161
162
163
164
165
166
 
# File 'lib/guardian/topic_guardian.rb', line 156

def can_delete_topic?(topic)
  !topic.trashed? &&
    (
      is_staff? ||
        (
          is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at &&
            topic.created_at > 24.hours.ago
        ) || is_category_group_moderator?(topic.category) ||
        (SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4]))
    ) && !topic.is_category_topic? && !Discourse.static_doc_topic_ids.include?(topic.id)
end

#can_edit_featured_link?(category_id) ⇒ Boolean

Returns:

  • (Boolean) 


310
311
312
313
314
315
316
317
 
# File 'lib/guardian/topic_guardian.rb', line 310

def can_edit_featured_link?(category_id)
  return false unless SiteSetting.topic_featured_link_enabled
  return false if @user.trust_level == TrustLevel.levels[:newuser]
  Category.where(
    id: category_id || SiteSetting.uncategorized_category_id,
    topic_featured_link_allowed: true,
  ).exists?
end

#can_edit_tags?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


327
328
329
330
331
332
333
334
335
336
337
338
 
# File 'lib/guardian/topic_guardian.rb', line 327

def can_edit_tags?(topic)
  return false unless can_tag_topics?
  return false if topic.private_message? && !can_tag_pms?
  return true if can_edit_topic?(topic)

  if topic&.first_post&.wiki &&
       (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i)
    return can_create_post?(topic)
  end

  false
end

#can_edit_topic?(topic) ⇒ Boolean

Editing Method

Returns:

  • (Boolean) 


91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/guardian/topic_guardian.rb', line 91

def can_edit_topic?(topic)
  return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
  return false unless can_see?(topic)

  first_post = topic.first_post

  return false if first_post&.locked? && !is_staff?

  return true if is_admin?
  return true if is_moderator? && can_create_post?(topic)
  return true if is_category_group_moderator?(topic.category)

  # can't edit topics in secured categories where you don't have permission to create topics
  # except for a tiny edge case where the topic is uncategorized and you are trying
  # to fix it but uncategorized is disabled
  if (
       SiteSetting.allow_uncategorized_topics ||
         topic.category_id != SiteSetting.uncategorized_category_id
     )
    return false if !can_create_topic_on_category?(topic.category)
  end

  # Editing a shared draft.
  if (
       !topic.archived && !topic.private_message? &&
         topic.category_id == SiteSetting.shared_drafts_category.to_i &&
         can_see_category?(topic.category) && can_see_shared_draft? && can_create_post?(topic)
     )
    return true
  end

  if (
       is_in_edit_post_groups? && topic.archived && !topic.private_message? &&
         can_create_post?(topic)
     )
    return true
  end

  if (
       is_in_edit_topic_groups? && !topic.archived && !topic.private_message? &&
         can_create_post?(topic)
     )
    return true
  end

  return false if topic.archived

  is_my_own?(topic) && !topic.edit_time_limit_expired?(user) && !first_post&.locked? &&
    (!first_post&.hidden? || can_edit_hidden_post?(first_post))
end

#can_get_access_to_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


290
291
292
 
# File 'lib/guardian/topic_guardian.rb', line 290

def can_get_access_to_topic?(topic)
  topic&.access_topic_via_group.present? && authenticated?
end

#can_moderate_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


20
21
22
23
24
25
 
# File 'lib/guardian/topic_guardian.rb', line 20

def can_moderate_topic?(topic)
  return false if anonymous? || topic.nil?
  return true if is_staff?

  can_perform_action_available_to_group_moderators?(topic)
end

#can_move_posts?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


354
355
356
357
 
# File 'lib/guardian/topic_guardian.rb', line 354

def can_move_posts?(topic)
  return false if is_silenced?
  can_perform_action_available_to_group_moderators?(topic)
end

#can_move_topic_to_category?(category) ⇒ Boolean

Returns:

  • (Boolean) 


64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/guardian/topic_guardian.rb', line 64

def can_move_topic_to_category?(category)
  category =
    (
      if Category === category
        category
      else
        Category.find(category || SiteSetting.uncategorized_category_id)
      end
    )

  is_staff? || (can_create_topic_on_category?(category) && !category.require_topic_approval?)
end

#can_perform_action_available_to_group_moderators?(topic) ⇒ Boolean Also known as: can_archive_topic?, can_close_topic?, can_open_topic?, can_split_merge_topic?, can_edit_staff_notes?, can_pin_unpin_topic?

Returns:

  • (Boolean) 


340
341
342
343
344
345
346
 
# File 'lib/guardian/topic_guardian.rb', line 340

def can_perform_action_available_to_group_moderators?(topic)
  return false if anonymous? || topic.nil?
  return true if is_staff?
  return true if @user.has_trust_level?(TrustLevel[4])

  is_category_group_moderator?(topic.category)
end

#can_permanently_delete_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'lib/guardian/topic_guardian.rb', line 168

def can_permanently_delete_topic?(topic)
  return false if !SiteSetting.can_permanently_delete
  return false if !topic

  # Ensure that all posts (including small actions) are at least soft
  # deleted.
  return false if topic.posts_count > 0

  # All other posts that were deleted still must be permanently deleted
  # before the topic can be deleted with the exception of small action
  # posts that will be deleted right before the topic is.
  all_posts_count =
    Post
      .with_deleted
      .where(topic_id: topic.id)
      .where(
        post_type: [Post.types[:regular], Post.types[:moderator_action], Post.types[:whisper]],
      )
      .count
  return false if all_posts_count > 1

  return false if !is_admin? || !can_see_topic?(topic)
  return false if !topic.deleted_at
  if topic.deleted_by_id == @user.id && topic.deleted_at >= Post::PERMANENT_DELETE_TIMER.ago
    return false
  end
  true
end

#can_publish_topic?(topic, category) ⇒ Boolean

Returns:

  • (Boolean) 


43
44
45
 
# File 'lib/guardian/topic_guardian.rb', line 43

def can_publish_topic?(topic, category)
  can_see_shared_draft? && can_see?(topic) && can_create_topic_on_category?(category)
end

#can_recover_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


147
148
149
150
151
152
153
154
 
# File 'lib/guardian/topic_guardian.rb', line 147

def can_recover_topic?(topic)
  if is_staff? || (topic&.category && is_category_group_moderator?(topic.category)) ||
       (SiteSetting.tl4_delete_posts_and_topics && user&.has_trust_level?(TrustLevel[4]))
    !!(topic && topic.deleted_at)
  else
    topic && can_recover_post?(topic.ordered_posts.first)
  end
end

#can_remove_allowed_users?(topic, target_user = nil) ⇒ Boolean

Returns:

  • (Boolean) 


5
6
7
8
9
10
11
 
# File 'lib/guardian/topic_guardian.rb', line 5

def can_remove_allowed_users?(topic, target_user = nil)
  is_staff? || (topic.user == @user && @user.has_trust_level?(TrustLevel[2])) ||
    (
      topic.allowed_users.count > 1 && topic.user != target_user &&
        !!(target_user && user == target_user)
    )
end

#can_reply_as_new_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


212
213
214
 
# File 'lib/guardian/topic_guardian.rb', line 212

def can_reply_as_new_topic?(topic)
  authenticated? && topic && @user.has_trust_level?(TrustLevel[1])
end

#can_review_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


13
14
15
16
17
18
 
# File 'lib/guardian/topic_guardian.rb', line 13

def can_review_topic?(topic)
  return false if anonymous? || topic.nil?
  return true if is_staff?

  is_category_group_moderator?(topic.category)
end

#can_see_deleted_topics?(category) ⇒ Boolean

Returns:

  • (Boolean) 


216
217
218
219
 
# File 'lib/guardian/topic_guardian.rb', line 216

def can_see_deleted_topics?(category)
  is_staff? || is_category_group_moderator?(category) ||
    (SiteSetting.tl4_delete_posts_and_topics && user&.has_trust_level?(TrustLevel[4]))
end

#can_see_shared_draft?Boolean

Returns:

  • (Boolean) 


31
32
33
 
# File 'lib/guardian/topic_guardian.rb', line 31

def can_see_shared_draft?
  @user.has_trust_level_or_staff?(SiteSetting.shared_drafts_min_trust_level)
end

#can_see_topic?(topic, hide_deleted = true) ⇒ Boolean

Returns:

  • (Boolean) 


267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
 
# File 'lib/guardian/topic_guardian.rb', line 267

def can_see_topic?(topic, hide_deleted = true)
  return false unless topic
  return true if is_admin?
  return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?(topic.category)

  if topic.private_message?
    return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?
  end

  return false if topic.shared_draft && !can_see_shared_draft?

  category = topic.category
  can_see_category?(category) &&
    (
      !category.read_restricted || !is_staged? || secure_category_ids.include?(category.id) ||
        topic.user == user
    )
end

#can_see_topic_ids(topic_ids: [], hide_deleted: true) ⇒ Object

Accepts an array of ‘Topic#id` and returns an array of `Topic#id` which the user can see.



222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/guardian/topic_guardian.rb', line 222

def can_see_topic_ids(topic_ids: [], hide_deleted: true)
  topic_ids = topic_ids.compact

  return topic_ids if is_admin?
  return [] if topic_ids.blank?

  default_scope = Topic.unscoped.where(id: topic_ids)

  # When `hide_deleted` is `true`, hide deleted topics if user is not staff or category moderator
  if hide_deleted && !is_staff?
    if category_group_moderation_allowed?
      default_scope = default_scope.where(<<~SQL)
        (
          deleted_at IS NULL OR
          (
            deleted_at IS NOT NULL
            AND topics.category_id IN (#{category_group_moderator_scope.select(:id).to_sql})
          )
        )
      SQL
    else
      default_scope = default_scope.where("deleted_at IS NULL")
    end
  end

  # Filter out topics with shared drafts if user cannot see shared drafts
  if !can_see_shared_draft?
    default_scope =
      default_scope.left_outer_joins(:shared_draft).where("shared_drafts.id IS NULL")
  end

  all_topics_scope =
    if authenticated?
      Topic.unscoped.merge(
        secured_regular_topic_scope(default_scope, topic_ids: topic_ids).or(
          private_message_topic_scope(default_scope),
        ),
      )
    else
      Topic.unscoped.merge(secured_regular_topic_scope(default_scope, topic_ids: topic_ids))
    end

  all_topics_scope.pluck(:id)
end

#can_see_unlisted_topics?Boolean

Returns:

  • (Boolean) 


286
287
288
 
# File 'lib/guardian/topic_guardian.rb', line 286

def can_see_unlisted_topics?
  is_staff? || @user.has_trust_level?(TrustLevel[4])
end

#can_see_whispers?(_topic = nil) ⇒ Boolean

Returns:

  • (Boolean) 


39
40
41
 
# File 'lib/guardian/topic_guardian.rb', line 39

def can_see_whispers?(_topic = nil)
  @user.whisperer?
end

#can_toggle_topic_visibility?(topic) ⇒ Boolean Also known as: can_create_unlisted_topic?

Returns:

  • (Boolean) 


197
198
199
 
# File 'lib/guardian/topic_guardian.rb', line 197

def can_toggle_topic_visibility?(topic)
  can_moderate?(topic) || can_perform_action_available_to_group_moderators?(topic)
end

#can_update_bumped_at?Boolean

Returns:

  • (Boolean) 


319
320
321
 
# File 'lib/guardian/topic_guardian.rb', line 319

def can_update_bumped_at?
  is_staff? || @user.has_trust_level?(TrustLevel[4])
end

#filter_allowed_categories(records, category_id_column: "topics.category_id") ⇒ Object 



294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
 
# File 'lib/guardian/topic_guardian.rb', line 294

def filter_allowed_categories(records, category_id_column: "topics.category_id")
  return records if is_admin? && !SiteSetting.suppress_secured_categories_from_admin

  records =
    if allowed_category_ids.size == 0
      records.where("#{category_id_column} IS NULL")
    else
      records.where(
        "#{category_id_column} IS NULL or #{category_id_column} IN (?)",
        allowed_category_ids,
      )
    end

  records.references(:categories)
end

#is_in_edit_topic_groups?Boolean

Returns:

  • (Boolean) 


142
143
144
145
 
# File 'lib/guardian/topic_guardian.rb', line 142

def is_in_edit_topic_groups?
  SiteSetting.edit_all_topic_groups.present? &&
    user.in_any_groups?(SiteSetting.edit_all_topic_groups.to_s.split("|").map(&:to_i))
end