Module: TopicGuardian
- Included in:
- Guardian
- Defined in:
- lib/guardian/topic_guardian.rb
Overview
mixin for all guardian methods dealing with topic permissions
Instance Method Summary collapse
- #affected_by_slow_mode?(topic) ⇒ Boolean
- #can_banner_topic?(topic) ⇒ Boolean
- #can_convert_topic?(topic) ⇒ Boolean
- #can_create_post_on_topic?(topic) ⇒ Boolean
- #can_create_shared_draft? ⇒ Boolean
-
#can_create_topic?(parent) ⇒ Boolean
Creating Methods.
- #can_create_topic_on_category?(category) ⇒ Boolean
- #can_create_unlisted_topic?(topic, has_topic_embed = false) ⇒ Boolean
- #can_create_whisper? ⇒ Boolean
- #can_delete_topic?(topic) ⇒ Boolean
- #can_edit_featured_link?(category_id) ⇒ Boolean
- #can_edit_tags?(topic) ⇒ Boolean
-
#can_edit_topic?(topic) ⇒ Boolean
Editing Method.
- #can_get_access_to_topic?(topic) ⇒ Boolean
- #can_moderate_topic?(topic) ⇒ Boolean
- #can_move_posts?(topic) ⇒ Boolean
- #can_move_topic_to_category?(category) ⇒ Boolean
- #can_perform_action_available_to_group_moderators?(topic) ⇒ Boolean (also: #can_archive_topic?, #can_close_topic?, #can_open_topic?, #can_split_merge_topic?, #can_edit_staff_notes?, #can_pin_unpin_topic?)
- #can_permanently_delete_topic?(topic) ⇒ Boolean
- #can_publish_topic?(topic, category) ⇒ Boolean
- #can_recover_topic?(topic) ⇒ Boolean
- #can_remove_allowed_users?(topic, target_user = nil) ⇒ Boolean
- #can_reply_as_new_topic?(topic) ⇒ Boolean
- #can_review_topic?(topic) ⇒ Boolean
- #can_see_deleted_topics?(category) ⇒ Boolean
- #can_see_shared_draft? ⇒ Boolean
- #can_see_topic?(topic, hide_deleted = true) ⇒ Boolean
-
#can_see_topic_ids(topic_ids: [], hide_deleted: true) ⇒ Object
Accepts an array of ‘Topic#id` and returns an array of `Topic#id` which the user can see.
- #can_see_unlisted_topics? ⇒ Boolean
- #can_see_whispers?(_topic = nil) ⇒ Boolean
- #can_toggle_topic_visibility?(topic) ⇒ Boolean
- #can_update_bumped_at? ⇒ Boolean
- #filter_allowed_categories(records, category_id_column: "topics.category_id") ⇒ Object
- #is_in_edit_topic_groups? ⇒ Boolean
Instance Method Details
#affected_by_slow_mode?(topic) ⇒ Boolean
363 364 365 |
# File 'lib/guardian/topic_guardian.rb', line 363 def affected_by_slow_mode?(topic) topic&.slow_mode_seconds.to_i > 0 && @user.human? && !is_staff? end |
#can_banner_topic?(topic) ⇒ Boolean
325 326 327 |
# File 'lib/guardian/topic_guardian.rb', line 325 def (topic) topic && authenticated? && !topic. && is_staff? end |
#can_convert_topic?(topic) ⇒ Boolean
205 206 207 208 209 210 211 212 |
# File 'lib/guardian/topic_guardian.rb', line 205 def can_convert_topic?(topic) return false if topic.blank? return false if topic.trashed? return false if topic.is_category_topic? return true if is_admin? return false if !@user.in_any_groups?(SiteSetting.) is_moderator? && can_create_post?(topic) end |
#can_create_post_on_topic?(topic) ⇒ Boolean
77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/guardian/topic_guardian.rb', line 77 def can_create_post_on_topic?(topic) # No users can create posts on deleted topics return false if topic.blank? return false if topic.trashed? return true if is_admin? trusted = (authenticated? && user.has_trust_level?(TrustLevel[4])) || is_moderator? || can_perform_action_available_to_group_moderators?(topic) (!(topic.closed? || topic.archived?) || trusted) && can_create_post?(topic) end |
#can_create_shared_draft? ⇒ Boolean
27 28 29 |
# File 'lib/guardian/topic_guardian.rb', line 27 def can_create_shared_draft? SiteSetting.shared_drafts_enabled? && can_see_shared_draft? end |
#can_create_topic?(parent) ⇒ Boolean
Creating Methods
48 49 50 51 52 53 54 |
# File 'lib/guardian/topic_guardian.rb', line 48 def can_create_topic?(parent) is_staff? || ( user && user.in_any_groups?(SiteSetting.create_topic_allowed_groups_map) && can_create_post?(parent) && Category.topic_create_allowed(self).any? ) end |
#can_create_topic_on_category?(category) ⇒ Boolean
56 57 58 59 60 61 62 |
# File 'lib/guardian/topic_guardian.rb', line 56 def can_create_topic_on_category?(category) # allow for category to be a number as well category_id = Category === category ? category.id : category can_create_topic?(nil) && (!category || Category.topic_create_allowed(self).where(id: category_id).count == 1) end |
#can_create_unlisted_topic?(topic, has_topic_embed = false) ⇒ Boolean
201 202 203 |
# File 'lib/guardian/topic_guardian.rb', line 201 def can_create_unlisted_topic?(topic, = false) can_toggle_topic_visibility?(topic) || end |
#can_create_whisper? ⇒ Boolean
35 36 37 |
# File 'lib/guardian/topic_guardian.rb', line 35 def can_create_whisper? @user.whisperer? end |
#can_delete_topic?(topic) ⇒ Boolean
156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/guardian/topic_guardian.rb', line 156 def can_delete_topic?(topic) !topic.trashed? && ( is_staff? || ( is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at && topic.created_at > 24.hours.ago ) || is_category_group_moderator?(topic.category) || user&.in_any_groups?(SiteSetting.delete_all_posts_and_topics_allowed_groups_map) ) && !topic.is_category_topic? && !Discourse.static_doc_topic_ids.include?(topic.id) end |
#can_edit_featured_link?(category_id) ⇒ Boolean
312 313 314 315 316 317 318 319 |
# File 'lib/guardian/topic_guardian.rb', line 312 def can_edit_featured_link?(category_id) return false unless SiteSetting.topic_featured_link_enabled return false if @user.trust_level == TrustLevel.levels[:newuser] Category.where( id: category_id || SiteSetting.uncategorized_category_id, topic_featured_link_allowed: true, ).exists? end |
#can_edit_tags?(topic) ⇒ Boolean
329 330 331 332 333 334 335 336 337 338 339 340 |
# File 'lib/guardian/topic_guardian.rb', line 329 def (topic) return false unless can_tag_topics? return false if topic. && !can_tag_pms? return true if can_edit_topic?(topic) if topic&.first_post&.wiki && @user.in_any_groups?(SiteSetting.edit_wiki_post_allowed_groups_map) return can_create_post?(topic) end false end |
#can_edit_topic?(topic) ⇒ Boolean
Editing Method
91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/guardian/topic_guardian.rb', line 91 def can_edit_topic?(topic) return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin? return false unless can_see?(topic) first_post = topic.first_post return false if first_post&.locked? && !is_staff? return true if is_admin? return true if is_moderator? && can_create_post?(topic) return true if is_category_group_moderator?(topic.category) # can't edit topics in secured categories where you don't have permission to create topics # except for a tiny edge case where the topic is uncategorized and you are trying # to fix it but uncategorized is disabled if ( SiteSetting.allow_uncategorized_topics || topic.category_id != SiteSetting.uncategorized_category_id ) return false if !can_create_topic_on_category?(topic.category) end # Editing a shared draft. if ( !topic.archived && !topic. && topic.category_id == SiteSetting.shared_drafts_category.to_i && can_see_category?(topic.category) && can_see_shared_draft? && can_create_post?(topic) ) return true end if ( is_in_edit_post_groups? && topic.archived && !topic. && can_create_post?(topic) ) return true end if ( is_in_edit_topic_groups? && !topic.archived && !topic. && can_create_post?(topic) ) return true end return false if topic.archived is_my_own?(topic) && !topic.edit_time_limit_expired?(user) && !first_post&.locked? && (!first_post&.hidden? || can_edit_hidden_post?(first_post)) end |
#can_get_access_to_topic?(topic) ⇒ Boolean
292 293 294 |
# File 'lib/guardian/topic_guardian.rb', line 292 def can_get_access_to_topic?(topic) topic&.access_topic_via_group.present? && authenticated? end |
#can_moderate_topic?(topic) ⇒ Boolean
20 21 22 23 24 25 |
# File 'lib/guardian/topic_guardian.rb', line 20 def can_moderate_topic?(topic) return false if anonymous? || topic.nil? return true if is_staff? can_perform_action_available_to_group_moderators?(topic) end |
#can_move_posts?(topic) ⇒ Boolean
356 357 358 359 360 361 |
# File 'lib/guardian/topic_guardian.rb', line 356 def can_move_posts?(topic) return false if is_silenced? return false unless can_perform_action_available_to_group_moderators?(topic) return false if topic.archetype == "private_message" && !is_staff? true end |
#can_move_topic_to_category?(category) ⇒ Boolean
64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/guardian/topic_guardian.rb', line 64 def can_move_topic_to_category?(category) category = ( if Category === category category else Category.find(category || SiteSetting.uncategorized_category_id) end ) is_staff? || (can_create_topic_on_category?(category) && !category.require_topic_approval?) end |
#can_perform_action_available_to_group_moderators?(topic) ⇒ Boolean Also known as: can_archive_topic?, can_close_topic?, can_open_topic?, can_split_merge_topic?, can_edit_staff_notes?, can_pin_unpin_topic?
342 343 344 345 346 347 348 |
# File 'lib/guardian/topic_guardian.rb', line 342 def can_perform_action_available_to_group_moderators?(topic) return false if anonymous? || topic.nil? return true if is_staff? return true if @user.has_trust_level?(TrustLevel[4]) is_category_group_moderator?(topic.category) end |
#can_permanently_delete_topic?(topic) ⇒ Boolean
168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 |
# File 'lib/guardian/topic_guardian.rb', line 168 def can_permanently_delete_topic?(topic) return false if !SiteSetting.can_permanently_delete return false if !topic # Ensure that all posts (including small actions) are at least soft # deleted. return false if topic.posts_count > 0 # All other posts that were deleted still must be permanently deleted # before the topic can be deleted with the exception of small action # posts that will be deleted right before the topic is. all_posts_count = Post .with_deleted .where(topic_id: topic.id) .where( post_type: [Post.types[:regular], Post.types[:moderator_action], Post.types[:whisper]], ) .count return false if all_posts_count > 1 return false if !is_admin? || !can_see_topic?(topic) return false if !topic.deleted_at if topic.deleted_by_id == @user.id && topic.deleted_at >= Post::PERMANENT_DELETE_TIMER.ago return false end true end |
#can_publish_topic?(topic, category) ⇒ Boolean
43 44 45 |
# File 'lib/guardian/topic_guardian.rb', line 43 def can_publish_topic?(topic, category) can_see_shared_draft? && can_see?(topic) && can_create_topic_on_category?(category) end |
#can_recover_topic?(topic) ⇒ Boolean
147 148 149 150 151 152 153 154 |
# File 'lib/guardian/topic_guardian.rb', line 147 def can_recover_topic?(topic) if is_staff? || (topic&.category && is_category_group_moderator?(topic.category)) || user&.in_any_groups?(SiteSetting.delete_all_posts_and_topics_allowed_groups_map) !!(topic && topic.deleted_at) else topic && can_recover_post?(topic.ordered_posts.first) end end |
#can_remove_allowed_users?(topic, target_user = nil) ⇒ Boolean
5 6 7 8 9 10 11 |
# File 'lib/guardian/topic_guardian.rb', line 5 def can_remove_allowed_users?(topic, target_user = nil) is_staff? || (topic.user == @user && @user.has_trust_level?(TrustLevel[2])) || ( topic.allowed_users.count > 1 && topic.user != target_user && !!(target_user && user == target_user) ) end |
#can_reply_as_new_topic?(topic) ⇒ Boolean
214 215 216 |
# File 'lib/guardian/topic_guardian.rb', line 214 def can_reply_as_new_topic?(topic) authenticated? && topic && @user.has_trust_level?(TrustLevel[1]) end |
#can_review_topic?(topic) ⇒ Boolean
13 14 15 16 17 18 |
# File 'lib/guardian/topic_guardian.rb', line 13 def can_review_topic?(topic) return false if anonymous? || topic.nil? return true if is_staff? is_category_group_moderator?(topic.category) end |
#can_see_deleted_topics?(category) ⇒ Boolean
218 219 220 221 |
# File 'lib/guardian/topic_guardian.rb', line 218 def can_see_deleted_topics?(category) is_staff? || is_category_group_moderator?(category) || user&.in_any_groups?(SiteSetting.delete_all_posts_and_topics_allowed_groups_map) end |
#can_see_shared_draft? ⇒ Boolean
31 32 33 |
# File 'lib/guardian/topic_guardian.rb', line 31 def can_see_shared_draft? @user.in_any_groups?(SiteSetting.shared_drafts_allowed_groups_map) end |
#can_see_topic?(topic, hide_deleted = true) ⇒ Boolean
269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 |
# File 'lib/guardian/topic_guardian.rb', line 269 def can_see_topic?(topic, hide_deleted = true) return false unless topic return true if is_admin? && !SiteSetting.suppress_secured_categories_from_admin return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?(topic.category) if topic. return authenticated? && topic.all_allowed_users.where(id: @user.id).exists? end return false if topic.shared_draft && !can_see_shared_draft? category = topic.category can_see_category?(category) && ( !category.read_restricted || !is_staged? || secure_category_ids.include?(category.id) || topic.user == user ) end |
#can_see_topic_ids(topic_ids: [], hide_deleted: true) ⇒ Object
Accepts an array of ‘Topic#id` and returns an array of `Topic#id` which the user can see.
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 |
# File 'lib/guardian/topic_guardian.rb', line 224 def can_see_topic_ids(topic_ids: [], hide_deleted: true) topic_ids = topic_ids.compact return topic_ids if is_admin? && !SiteSetting.suppress_secured_categories_from_admin return [] if topic_ids.blank? default_scope = Topic.unscoped.where(id: topic_ids) # When `hide_deleted` is `true`, hide deleted topics if user is not staff or category moderator if hide_deleted && !is_staff? if category_group_moderation_allowed? default_scope = default_scope.where(<<~SQL) ( deleted_at IS NULL OR ( deleted_at IS NOT NULL AND topics.category_id IN (#{category_group_moderator_scope.select(:id).to_sql}) ) ) SQL else default_scope = default_scope.where("deleted_at IS NULL") end end # Filter out topics with shared drafts if user cannot see shared drafts if !can_see_shared_draft? default_scope = default_scope.left_outer_joins(:shared_draft).where("shared_drafts.id IS NULL") end all_topics_scope = if authenticated? Topic.unscoped.merge( secured_regular_topic_scope(default_scope, topic_ids: topic_ids).or( (default_scope), ), ) else Topic.unscoped.merge(secured_regular_topic_scope(default_scope, topic_ids: topic_ids)) end all_topics_scope.pluck(:id) end |
#can_see_unlisted_topics? ⇒ Boolean
288 289 290 |
# File 'lib/guardian/topic_guardian.rb', line 288 def can_see_unlisted_topics? is_staff? || @user.has_trust_level?(TrustLevel[4]) end |
#can_see_whispers?(_topic = nil) ⇒ Boolean
39 40 41 |
# File 'lib/guardian/topic_guardian.rb', line 39 def can_see_whispers?(_topic = nil) @user.whisperer? end |
#can_toggle_topic_visibility?(topic) ⇒ Boolean
197 198 199 |
# File 'lib/guardian/topic_guardian.rb', line 197 def can_toggle_topic_visibility?(topic) can_moderate?(topic) || can_perform_action_available_to_group_moderators?(topic) end |
#can_update_bumped_at? ⇒ Boolean
321 322 323 |
# File 'lib/guardian/topic_guardian.rb', line 321 def can_update_bumped_at? is_staff? || @user.has_trust_level?(TrustLevel[4]) end |
#filter_allowed_categories(records, category_id_column: "topics.category_id") ⇒ Object
296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 |
# File 'lib/guardian/topic_guardian.rb', line 296 def filter_allowed_categories(records, category_id_column: "topics.category_id") return records if is_admin? && !SiteSetting.suppress_secured_categories_from_admin records = if allowed_category_ids.size == 0 records.where("#{category_id_column} IS NULL") else records.where( "#{category_id_column} IS NULL or #{category_id_column} IN (?)", allowed_category_ids, ) end records.references(:categories) end |
#is_in_edit_topic_groups? ⇒ Boolean
142 143 144 145 |
# File 'lib/guardian/topic_guardian.rb', line 142 def is_in_edit_topic_groups? SiteSetting.edit_all_topic_groups.present? && user.in_any_groups?(SiteSetting.edit_all_topic_groups.to_s.split("|").map(&:to_i)) end |