restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658

2016-10-25 12:54:25 -07:00
parent ae61cc8a40
commit 79842f7a3b
17 changed files with 127 additions and 189 deletions
--- a/app/views/forum_topics/_form.html.erb
+++ b/app/views/forum_topics/_form.html.erb
@@ -18,12 +18,9 @@
    <% end %>

    <% if CurrentUser.is_moderator? %>
-      <%= f.input :is_sticky %>
-      <%= f.input :is_locked %>
-    <% end %>
-
-    <% if CurrentUser.is_builder? %>
-      <%= f.input :min_level, :as => :select, :collection => User.level_hash.to_a %>
+      <%= f.input :min_level, :as => :select, :collection => ForumTopic.available_min_user_levels.to_a %>
+      <%= f.input :is_sticky, :label => "Sticky" %>
+      <%= f.input :is_locked, :label => "Locked" %>
    <% end %>

    <%= f.button :submit, "Submit", :data => { :disable_with => "Submitting..." } %>
--- a/app/views/forum_topics/show.html.erb
+++ b/app/views/forum_topics/show.html.erb
@@ -4,7 +4,7 @@
      Topic: <%= @forum_topic.title %>

      <% if @forum_topic.min_level >= User::Levels::BUILDER %>
-        <span class="level-topic">(<%= User.level_string(@forum_topic.min_level).downcase %> only)</span>
+        <span class="level-topic">(<%= User.level_string(@forum_topic.min_level).downcase %>+ only)</span>
      <% end %>

      <% if @forum_topic.is_deleted? %>