Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-04-29 14:46:43 +08:00
Code Packages Activity Actions
discourse/lib/guardian
History
Exact
Régis HANOL d56fca0fd7
FEATURE: Make can_permanently_delete visible with strong safeguards (#39179) 
The `can_permanently_delete` site setting was hidden and could only be
enabled via the Rails console. There was no indication in the admin UI
that this capability existed, leading to confusion and wasted time for
admins trying to permanently delete content.

This commit unhides the setting and adds layered safeguards at every
level of the permanent deletion flow:

**Site setting visibility:**
- Remove `hidden: true` so the setting appears in the admin UI
- Add a `requires_confirmation` dialog when enabling (not when
disabling) via a new `simple_on_enable` confirmation type
- Add a proper setting description since it was missing

**Type-to-confirm on all permanent delete actions:**
- Replace the weak yes/no dialogs on post and revision permanent
deletion with a type-to-confirm pattern (type "permanently delete")
- Show context-aware titles and messages (post vs topic, with post count
for topics)
- Reusable `PermanentlyDeleteConfirm` dialog body component following
the `SecondFactorConfirmPhrase` pattern

**Server-side pre-check endpoint:**
- Add `GET /posts/:id/permanently_delete_check` (admin-only via
`AdminConstraint`) that uses the guardian to validate whether permanent
deletion is allowed before showing the confirmation dialog
- Returns the reason when denied (cooldown timer, undeleted posts) so
the admin gets immediate feedback instead of going through the full
confirmation flow only to be rejected
- Returns accurate `post_count` for topic deletion messages

**Refactors:**
- Extract `Topic#deletable_posts_count` to share the post counting query
between the guardian, `cannot_permanently_delete_reason`, and the new
endpoint
- Use exclusion (`NOT small_action`) instead of inclusion for post type
filtering, so plugin-added post types are counted correctly

Ref - t/181345

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2026-04-16 09:01:35 +02:00
..
bookmark_guardian.rb DEV: Consistently use Guardian helper methods (#34024) 2025-08-14 15:23:42 +08:00
category_guardian.rb FEATURE: Support group based category posting review modes (#38707) 2026-04-07 10:41:16 +08:00
ensure_magic.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
flag_guardian.rb FEATURE: allow edit custom flags (#32344) 2025-04-17 12:31:52 +08:00
group_guardian.rb FEATURE: Split setting for allowing mods to manage categories and groups (#35174) 2025-10-06 10:43:42 +03:00
invite_guardian.rb DEV: Invites destroy_all_expired allows staff to delete any user's expired invites (#38281) 2026-03-05 09:59:48 -06:00
localization_guardian.rb FEATURE: Introduce tag localizations with API, without UI yet (#36754) 2025-12-18 18:25:58 +08:00
permalink_guardian.rb SECURITY: prevent permalink redirects from leaking restricted slugs 2026-01-28 17:11:14 +00:00
post_guardian.rb SECURITY: fix is_warning type coercion bypass in PostActionsController 2026-03-19 15:21:28 +00:00
post_revision_guardian.rb FEATURE: Allow admins to permanently delete revisions (#19913) 2023-01-19 15:09:01 -06:00
sidebar_guardian.rb DEV: specs to ensure that only admin can edit Community section (#21666) 2023-05-23 10:54:55 +10:00
staff_action_log_guardian.rb SECURITY: Restrict staff action logs visibility for moderators 2026-01-28 17:11:14 +00:00
tag_guardian.rb SECURITY: Prevent users from editing or synonymizing hidden tags they can't see 2026-03-19 15:21:28 +00:00
topic_guardian.rb FEATURE: Make can_permanently_delete visible with strong safeguards (#39179) 2026-04-16 09:01:35 +02:00
user_guardian.rb FIX: Moderators being able to clear suspensions and silences from other staff accounts (#38563) 2026-03-16 10:30:07 -03:00