fixes #2448: Approvers can undelete posts they already approved/uploaded

2015-07-24 14:19:40 -07:00
parent 9fb68cee94
commit abb232d4e6
3 changed files with 40 additions and 2 deletions
--- a/app/controllers/moderator/post/posts_controller.rb
+++ b/app/controllers/moderator/post/posts_controller.rb
@@ -3,7 +3,7 @@ module Moderator
    class PostsController < ApplicationController
      before_filter :moderator_only, :only => [:delete, :undelete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites, :confirm_ban]
      before_filter :admin_only, :only => [:expunge]
-      rescue_from ::PostFlag::Error, :with => :rescue_exception
+      rescue_from ::PostFlag::Error, ::Post::ApprovalError, :with => :rescue_exception

      def confirm_delete
        @post = ::Post.find(params[:id])
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -1214,7 +1214,6 @@ class Post < ActiveRecord::Base
        give_favorites_to_parent if options[:move_favorites]
        update_parent_on_save

-
        unless options[:without_mod_action]
          if options[:reason]
            ModAction.create(:description => "deleted post ##{id}, reason: #{options[:reason]}")
@@ -1231,6 +1230,14 @@ class Post < ActiveRecord::Base
        return false
      end

+      if !CurrentUser.is_admin? 
+        if approver_id == CurrentUser.id
+          raise ApprovalError.new("You have previously approved this post and cannot undelete it")
+        elsif uploader_id == CurrentUser.id
+          raise ApprovalError.new("You cannot undelete a post you uploaded")
+        end
+      end
+
      self.is_deleted = false
      self.approver_id = CurrentUser.id
      save
--- a/test/unit/post_test.rb
+++ b/test/unit/post_test.rb
@@ -301,6 +301,37 @@ class PostTest < ActiveSupport::TestCase
        end
      end

+      context "that is undeleted" do
+        setup do
+          @mod = FactoryGirl.create(:moderator_user)
+          CurrentUser.user = @mod
+        end
+
+        context "by the approver" do
+          setup do
+            @post.update_attribute(:approver_id, @mod.id)
+          end
+
+          should "not be permitted" do
+            assert_raises(::Post::ApprovalError) do
+              @post.undelete!
+            end
+          end
+        end
+
+        context "by the uploader" do
+          setup do
+            @post.update_attribute(:uploader_id, @mod.id)
+          end
+
+          should "not be permitted" do
+            assert_raises(::Post::ApprovalError) do
+              @post.undelete!
+            end
+          end
+        end
+      end
+
      should "be undeleted" do
        @post.undelete!
        @post.reload