From eae3c1942d9f3fb011689d24e3aea3c2450942e6 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sun, 13 Dec 2020 21:35:18 -0600
Subject: [PATCH] dmails: allow site owner to read all mails.

Allow site owner to read dmails sent to other users. This is make it
easier to investigate spam without having to drop into the dev console.
---
 app/policies/dmail_policy.rb              | 1 +
 test/functional/dmails_controller_test.rb | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/app/policies/dmail_policy.rb b/app/policies/dmail_policy.rb
index 5d97e9916..152d0c549 100644
--- a/app/policies/dmail_policy.rb
+++ b/app/policies/dmail_policy.rb
@@ -16,6 +16,7 @@ class DmailPolicy < ApplicationPolicy
   end
 
   def show?
+    return true if user.is_owner?
     user.is_member? && (record.owner_id == user.id || record.valid_key?(request.params[:key]))
   end
 
diff --git a/test/functional/dmails_controller_test.rb b/test/functional/dmails_controller_test.rb
index 963868a64..bc2628920 100644
--- a/test/functional/dmails_controller_test.rb
+++ b/test/functional/dmails_controller_test.rb
@@ -99,6 +99,11 @@ class DmailsControllerTest < ActionDispatch::IntegrationTest
         assert_response 403
       end
 
+      should "show dmails to the site owner" do
+        get_auth dmail_path(@dmail), create(:owner_user)
+        assert_response :success
+      end
+
       should "mark dmails as read" do
         assert_equal(false, @dmail.is_read)
         get_auth dmail_path(@dmail), @dmail.owner