From d0bd96e19c7bdf40d05c2f111bc832fca421c78b Mon Sep 17 00:00:00 2001 From: Dan Ungureanu Date: Mon, 11 Oct 2021 12:19:31 +0300 Subject: [PATCH] FIX: Handle separately invite to topic and forum (#14562) Invite is used in two contexts, when inviting a new user to the forum and when inviting an existent user to a topic. The first case is more complex and it involves permission checks to ensure that new users can be created. In the second case, it is enough to ensure that the topic is visible for both users and that all preconditions are met. One edge case is the invite to topic via email functionality which checks for both conditions because first the user must be invited to create an account first and then to the topic. A side effect of these changes is that all site settings related to invites refer to inviting new users only now. --- lib/guardian.rb | 3 ++- spec/components/guardian_spec.rb | 25 ++++--------------------- 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/lib/guardian.rb b/lib/guardian.rb index 865a2fb6f77..385dccd8c86 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -365,7 +365,7 @@ class Guardian end def can_invite_to?(object, groups = nil) - return false if !can_invite_to_forum?(groups) + return false if !authenticated? return false if !object.is_a?(Topic) || !can_see?(object) return false if groups.present? @@ -385,6 +385,7 @@ class Guardian end def can_invite_via_email?(object) + return false if !can_invite_to_forum? return false if !can_invite_to?(object) (SiteSetting.enable_local_logins || SiteSetting.enable_discourse_connect) && diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 56d4b0a464e..0185b322179 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -548,11 +548,11 @@ describe Guardian do expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy - expect(Guardian.new(trust_level_1).can_invite_to?(topic)).to be_falsey + expect(Guardian.new(trust_level_1).can_invite_to?(topic)).to be_truthy SiteSetting.max_invites_per_day = 0 - expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey + expect(Guardian.new(user).can_invite_to?(topic)).to be_truthy # staff should be immune to max_invites_per_day setting expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy end @@ -575,9 +575,9 @@ describe Guardian do expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy end - it 'fails for normal users if must_approve_users' do + it 'return true for normal users even if must_approve_users' do SiteSetting.must_approve_users = true - expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey + expect(Guardian.new(user).can_invite_to?(topic)).to be_truthy expect(Guardian.new(admin).can_invite_to?(topic)).to be_truthy end @@ -644,23 +644,6 @@ describe Guardian do end end - context "when private messages are enabled" do - before do - SiteSetting.enable_personal_messages = true - SiteSetting.min_trust_level_to_allow_invite = 2 - end - - it "returns true if user has sufficient trust level" do - user.trust_level = 2 - expect(Guardian.new(user).can_invite_to?(pm)).to be_truthy - end - - it "returns false if user has sufficient trust level" do - user.trust_level = 1 - expect(Guardian.new(user).can_invite_to?(pm)).to be_falsey - end - end - context "when PM has reached the maximum number of recipients" do before do SiteSetting.max_allowed_message_recipients = 2