Module: PostGuardian
- Included in:
- Guardian
- Defined in:
- lib/guardian/post_guardian.rb
Overview
mixin for all guardian methods dealing with post permissions
Instance Method Summary collapse
- #can_change_post_owner? ⇒ Boolean
- #can_change_post_timestamps? ⇒ Boolean
- #can_change_post_type? ⇒ Boolean
- #can_create_post?(topic) ⇒ Boolean
- #can_delete_all_posts?(user) ⇒ Boolean
- #can_delete_post?(post) ⇒ Boolean
- #can_delete_post_action?(post_action) ⇒ Boolean
- #can_delete_post_or_topic?(post) ⇒ Boolean
- #can_edit_hidden_post?(post) ⇒ Boolean
- #can_edit_post?(post) ⇒ Boolean
- #can_lock_post?(post) ⇒ Boolean
- #can_permanently_delete_post?(post) ⇒ Boolean
- #can_post_link?(host: nil) ⇒ Boolean
- #can_rebake? ⇒ Boolean
- #can_receive_post_notifications?(post) ⇒ Boolean
- #can_recover_post?(post) ⇒ Boolean
- #can_see_deleted_post?(post) ⇒ Boolean
- #can_see_deleted_posts?(category = nil) ⇒ Boolean
- #can_see_flagged_posts? ⇒ Boolean
- #can_see_hidden_post?(post) ⇒ Boolean
- #can_see_post?(post) ⇒ Boolean
-
#can_see_post_actors?(topic, post_action_type_id) ⇒ Boolean
Can we see who acted on a post in a particular way?.
- #can_skip_bump? ⇒ Boolean
- #can_unhide?(post) ⇒ Boolean
- #can_view_edit_history?(post) ⇒ Boolean
- #can_view_raw_email?(post) ⇒ Boolean
- #can_wiki?(post) ⇒ Boolean
- #is_in_edit_post_groups? ⇒ Boolean
- #link_posting_access ⇒ Object
-
#post_can_act?(post, action_key, opts: {}, can_see_post: nil) ⇒ Boolean
Can the user act on the post in a particular way.
- #unrestricted_link_posting? ⇒ Boolean
Instance Method Details
#can_change_post_owner? ⇒ Boolean
309 310 311 312 313 |
# File 'lib/guardian/post_guardian.rb', line 309 def can_change_post_owner? return true if is_admin? SiteSetting.moderators_change_post_ownership && is_staff? end |
#can_change_post_timestamps? ⇒ Boolean
315 316 317 |
# File 'lib/guardian/post_guardian.rb', line 315 def is_staff? end |
#can_change_post_type? ⇒ Boolean
331 332 333 |
# File 'lib/guardian/post_guardian.rb', line 331 def can_change_post_type? is_staff? end |
#can_create_post?(topic) ⇒ Boolean
118 119 120 121 122 123 124 125 |
# File 'lib/guardian/post_guardian.rb', line 118 def can_create_post?(topic) return can_create_post_in_topic?(topic) if !topic key = topic_memoize_key(topic) @can_create_post ||= {} @can_create_post.fetch(key) { @can_create_post[key] = can_create_post_in_topic?(topic) } end |
#can_delete_all_posts?(user) ⇒ Boolean
105 106 107 108 109 110 111 112 113 114 115 116 |
# File 'lib/guardian/post_guardian.rb', line 105 def can_delete_all_posts?(user) is_staff? && user && !user.admin? && ( is_admin? || ( ( user.first_post_created_at.nil? || user.first_post_created_at >= SiteSetting.delete_user_max_post_age.days.ago ) && user.post_count <= SiteSetting.delete_all_posts_max.to_i ) ) end |
#can_delete_post?(post) ⇒ Boolean
190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/guardian/post_guardian.rb', line 190 def can_delete_post?(post) return false if !can_see_post?(post) # Can't delete the first post return false if post.is_first_post? return true if is_staff? || is_category_group_moderator?(post.topic&.category) return true if SiteSetting.tl4_delete_posts_and_topics && user.has_trust_level?(TrustLevel[4]) # Can't delete posts in archived topics unless you are staff return false if post.topic&.archived? # You can delete your own posts if is_my_own?(post) if ( SiteSetting.max_post_deletions_per_minute < 1 || SiteSetting.max_post_deletions_per_day < 1 ) return false end return true if !post.user_deleted? end false end |
#can_delete_post_action?(post_action) ⇒ Boolean
249 250 251 252 253 254 |
# File 'lib/guardian/post_guardian.rb', line 249 def can_delete_post_action?(post_action) return false unless is_my_own?(post_action) && !post_action. post_action.created_at > SiteSetting.post_undo_action_window_mins.minutes.ago && !post_action.post&.topic&.archived? end |
#can_delete_post_or_topic?(post) ⇒ Boolean
186 187 188 |
# File 'lib/guardian/post_guardian.rb', line 186 def can_delete_post_or_topic?(post) post.is_first_post? ? post.topic && can_delete_topic?(post.topic) : can_delete_post?(post) end |
#can_edit_hidden_post?(post) ⇒ Boolean
180 181 182 183 184 |
# File 'lib/guardian/post_guardian.rb', line 180 def can_edit_hidden_post?(post) return false if post.nil? post.hidden_at.nil? || post.hidden_at < SiteSetting.cooldown_minutes_after_hiding_posts.minutes.ago end |
#can_edit_post?(post) ⇒ Boolean
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 |
# File 'lib/guardian/post_guardian.rb', line 127 def can_edit_post?(post) return false if Discourse.static_doc_topic_ids.include?(post.topic_id) && !is_admin? return true if is_admin? # Must be staff to edit a locked post return false if post.locked? && !is_staff? if (is_staff? || is_in_edit_post_groups? || is_category_group_moderator?(post.topic&.category)) return can_create_post?(post.topic) end return false if post.topic&.archived? || post.user_deleted || post.deleted_at # Editing a shared draft. if ( can_see_post?(post) && can_create_post?(post.topic) && post.topic.category_id == SiteSetting.shared_drafts_category.to_i && can_see_category?(post.topic.category) && can_see_shared_draft? ) return true end if post.wiki && (@user.trust_level >= SiteSetting.min_trust_to_edit_wiki_post.to_i) return can_create_post?(post.topic) end return false if @user.trust_level < SiteSetting.min_trust_to_edit_post if is_my_own?(post) return false if @user.silenced? return can_edit_hidden_post?(post) if post.hidden? if post.is_first_post? && post.topic.category_allows_unlimited_owner_edits_on_first_post? return true end return !post.edit_time_limit_expired?(@user) end if post.is_category_description? return true if can_edit_category_description?(post.topic.category) end false end |
#can_lock_post?(post) ⇒ Boolean
86 87 88 |
# File 'lib/guardian/post_guardian.rb', line 86 def can_lock_post?(post) can_see_post?(post) && is_staff? end |
#can_permanently_delete_post?(post) ⇒ Boolean
217 218 219 220 221 222 223 224 225 226 227 |
# File 'lib/guardian/post_guardian.rb', line 217 def can_permanently_delete_post?(post) return false if !SiteSetting.can_permanently_delete return false if !post return false if post.is_first_post? return false if !is_admin? || !can_edit_post?(post) return false if !post.deleted_at if post.deleted_by_id == @user.id && post.deleted_at >= Post::PERMANENT_DELETE_TIMER.ago return false end true end |
#can_post_link?(host: nil) ⇒ Boolean
19 20 21 22 23 |
# File 'lib/guardian/post_guardian.rb', line 19 def can_post_link?(host: nil) return false if host.blank? unrestricted_link_posting? || SiteSetting.allowed_link_domains.split("|").include?(host) end |
#can_rebake? ⇒ Boolean
335 336 337 |
# File 'lib/guardian/post_guardian.rb', line 335 def can_rebake? is_staff? || @user.has_trust_level?(TrustLevel[4]) end |
#can_receive_post_notifications?(post) ⇒ Boolean
256 257 258 259 260 261 262 263 264 265 266 |
# File 'lib/guardian/post_guardian.rb', line 256 def can_receive_post_notifications?(post) return false if !authenticated? if is_admin? && SiteSetting.suppress_secured_categories_from_admin topic = post.topic if !topic. && topic.category.read_restricted return secure_category_ids.include?(topic.category_id) end end can_see_post?(post) end |
#can_recover_post?(post) ⇒ Boolean
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 |
# File 'lib/guardian/post_guardian.rb', line 229 def can_recover_post?(post) return false unless post # PERF, vast majority of the time topic will not be deleted topic = (post.topic || Topic.with_deleted.find(post.topic_id)) if post.topic_id return true if can_moderate_topic?(topic) && !!post.deleted_at if is_my_own?(post) if ( SiteSetting.max_post_deletions_per_minute < 1 || SiteSetting.max_post_deletions_per_day < 1 ) return false end return true if post.user_deleted && !post.deleted_at end false end |
#can_see_deleted_post?(post) ⇒ Boolean
283 284 285 286 287 288 |
# File 'lib/guardian/post_guardian.rb', line 283 def can_see_deleted_post?(post) return false if !post.trashed? return false if @user.anonymous? return true if is_staff? post.deleted_by_id == @user.id && @user.has_trust_level?(TrustLevel[4]) end |
#can_see_deleted_posts?(category = nil) ⇒ Boolean
343 344 345 346 |
# File 'lib/guardian/post_guardian.rb', line 343 def can_see_deleted_posts?(category = nil) is_staff? || is_category_group_moderator?(category) || (SiteSetting.tl4_delete_posts_and_topics && @user.has_trust_level?(TrustLevel[4])) end |
#can_see_flagged_posts? ⇒ Boolean
339 340 341 |
# File 'lib/guardian/post_guardian.rb', line 339 def can_see_flagged_posts? is_staff? end |
#can_see_hidden_post?(post) ⇒ Boolean
290 291 292 293 294 295 296 297 |
# File 'lib/guardian/post_guardian.rb', line 290 def can_see_hidden_post?(post) if SiteSetting.hidden_post_visible_groups_map.include?(Group::AUTO_GROUPS[:everyone]) return true end return false if anonymous? return true if is_staff? post.user_id == @user.id || @user.in_any_groups?(SiteSetting.hidden_post_visible_groups_map) end |
#can_see_post?(post) ⇒ Boolean
268 269 270 271 272 273 274 275 276 277 278 279 280 281 |
# File 'lib/guardian/post_guardian.rb', line 268 def can_see_post?(post) return false if post.blank? return true if is_admin? return false unless can_see_post_topic?(post) unless post.user == @user || Topic.visible_post_types(@user).include?(post.post_type) return false end return true if is_moderator? || is_category_group_moderator?(post.topic.category) if (!post.trashed? || can_see_deleted_post?(post)) && (!post.hidden? || can_see_hidden_post?(post)) return true end false end |
#can_see_post_actors?(topic, post_action_type_id) ⇒ Boolean
Can we see who acted on a post in a particular way?
91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/guardian/post_guardian.rb', line 91 def can_see_post_actors?(topic, post_action_type_id) return true if is_admin? return false unless topic type_symbol = PostActionType.types[post_action_type_id] return false if type_symbol == :bookmark return false if type_symbol == :notify_user && !is_moderator? return can_see_flags?(topic) if PostActionType.is_flag?(type_symbol) true end |
#can_skip_bump? ⇒ Boolean
356 357 358 |
# File 'lib/guardian/post_guardian.rb', line 356 def can_skip_bump? is_staff? || @user.has_trust_level?(TrustLevel[4]) end |
#can_unhide?(post) ⇒ Boolean
352 353 354 |
# File 'lib/guardian/post_guardian.rb', line 352 def can_unhide?(post) post.try(:hidden) && is_staff? end |
#can_view_edit_history?(post) ⇒ Boolean
299 300 301 302 303 304 305 306 307 |
# File 'lib/guardian/post_guardian.rb', line 299 def can_view_edit_history?(post) return false unless post if !post.hidden return true if post.wiki || SiteSetting.edit_history_visible_to_public end authenticated? && (is_staff? || @user.id == post.user_id) && can_see_post?(post) end |
#can_view_raw_email?(post) ⇒ Boolean
348 349 350 |
# File 'lib/guardian/post_guardian.rb', line 348 def can_view_raw_email?(post) post && is_staff? end |
#can_wiki?(post) ⇒ Boolean
319 320 321 322 323 324 325 326 327 328 329 |
# File 'lib/guardian/post_guardian.rb', line 319 def can_wiki?(post) return false unless authenticated? return true if is_staff? || @user.has_trust_level?(TrustLevel[4]) if @user.has_trust_level?(SiteSetting.min_trust_to_allow_self_wiki) && is_my_own?(post) return false if post.hidden? return !post.edit_time_limit_expired?(@user) end false end |
#is_in_edit_post_groups? ⇒ Boolean
175 176 177 178 |
# File 'lib/guardian/post_guardian.rb', line 175 def is_in_edit_post_groups? SiteSetting.edit_all_post_groups.present? && user.in_any_groups?(SiteSetting.edit_all_post_groups.to_s.split("|").map(&:to_i)) end |
#link_posting_access ⇒ Object
9 10 11 12 13 14 15 16 17 |
# File 'lib/guardian/post_guardian.rb', line 9 def link_posting_access if unrestricted_link_posting? "full" elsif SiteSetting.allowed_link_domains.present? "limited" else "none" end end |
#post_can_act?(post, action_key, opts: {}, can_see_post: nil) ⇒ Boolean
Can the user act on the post in a particular way.
taken_actions = the list of actions the user has already taken
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/guardian/post_guardian.rb', line 27 def post_can_act?(post, action_key, opts: {}, can_see_post: nil) return false if !(can_see_post.nil? && can_see_post?(post)) && !can_see_post # no warnings except for staff if action_key == :notify_user && ( post.user.blank? || (!is_staff? && opts[:is_warning].present? && opts[:is_warning] == "true") ) return false end taken = opts[:taken_actions].try(:keys).to_a is_flag = PostActionType.notify_flag_types[action_key] || PostActionType.custom_types[action_key] already_taken_this_action = taken.any? && taken.include?(PostActionType.types[action_key]) already_did_flagging = taken.any? && (taken & PostActionType.notify_flag_types.values).any? result = if authenticated? && post # Allow anonymous users to like if feature is enabled and short-circuit otherwise return SiteSetting.allow_anonymous_likes? && (action_key == :like) if @user.anonymous? # Silenced users can't flag return false if is_flag && @user.silenced? # Hidden posts can't be flagged return false if is_flag && post.hidden? # post made by staff, but we don't allow staff flags return false if is_flag && (!SiteSetting.allow_flagging_staff?) && post&.user&.staff? if action_key == :notify_user && !@user.in_any_groups?(SiteSetting.) return false end # we allow flagging for trust level 1 and higher # always allowed for private messages ( is_flag && not(already_did_flagging) && ( @user.has_trust_level?(TrustLevel[SiteSetting.min_trust_to_flag_posts]) || post.topic. ) ) || # not a flagging action, and haven't done it already not(is_flag || already_taken_this_action) && # nothing except flagging on archived topics not(post.topic&.archived?) && # nothing except flagging on deleted posts not(post.trashed?) && # don't like your own stuff not(action_key == :like && (post.user.blank? || is_my_own?(post))) end !!result end |
#unrestricted_link_posting? ⇒ Boolean
5 6 7 |
# File 'lib/guardian/post_guardian.rb', line 5 def unrestricted_link_posting? authenticated? && @user.has_trust_level?(TrustLevel[SiteSetting.min_trust_to_post_links]) end |