diff --git a/app/controllers/forum_posts_controller.rb b/app/controllers/forum_posts_controller.rb index 88713fbbb..99aa0e73c 100644 --- a/app/controllers/forum_posts_controller.rb +++ b/app/controllers/forum_posts_controller.rb @@ -5,7 +5,10 @@ class ForumPostsController < ApplicationController before_filter :check_min_level, :only => [:edit, :show, :update, :destroy, :undelete] def new - @forum_topic = ForumTopic.find(params[:topic_id]) if params[:topic_id] + if params[:topic_id] + @forum_topic = ForumTopic.find(params[:topic_id]) + raise User::PrivilegeError.new unless @forum_topic.visible?(CurrentUser.user) + end @forum_post = ForumPost.new_reply(params) respond_with(@forum_post) end diff --git a/app/models/forum_post.rb b/app/models/forum_post.rb index 4a334b600..515f261cd 100644 --- a/app/models/forum_post.rb +++ b/app/models/forum_post.rb @@ -16,6 +16,7 @@ class ForumPost < ActiveRecord::Base validates_presence_of :body, :creator_id validate :validate_topic_is_unlocked validate :topic_id_not_invalid + validate :topic_is_not_restricted, :on => :create before_destroy :validate_topic_is_unlocked after_save :delete_topic_if_original_post mentionable( @@ -144,8 +145,18 @@ class ForumPost < ActiveRecord::Base end end + def topic_is_not_restricted + if topic && !topic.visible?(creator) + errors.add(:topic, "restricted") + end + end + def editable_by?(user) - creator_id == user.id || user.is_moderator? + (creator_id == user.id || user.is_moderator?) && visible?(user) + end + + def visible?(user) + user.is_moderator? || (topic.visible?(user) && !is_deleted?) end def update_topic_updated_at_on_create diff --git a/app/models/forum_topic.rb b/app/models/forum_topic.rb index 6c82d9112..506ba23a0 100644 --- a/app/models/forum_topic.rb +++ b/app/models/forum_topic.rb @@ -142,7 +142,11 @@ class ForumTopic < ActiveRecord::Base include UserLevelMethods def editable_by?(user) - creator_id == user.id || user.is_moderator? + (creator_id == user.id || user.is_moderator?) && visible?(user) + end + + def visible?(user) + user.level >= min_level end def initialize_is_deleted diff --git a/app/views/forum_posts/_forum_post.html.erb b/app/views/forum_posts/_forum_post.html.erb index a190d0799..1b31895bf 100644 --- a/app/views/forum_posts/_forum_post.html.erb +++ b/app/views/forum_posts/_forum_post.html.erb @@ -1,4 +1,4 @@ -<% if CurrentUser.is_moderator? || !forum_post.is_deleted? %> +<% if forum_post.visible?(CurrentUser.user) %>

diff --git a/app/views/forum_topics/show.html.erb b/app/views/forum_topics/show.html.erb index bffa2ded8..0b999223a 100644 --- a/app/views/forum_topics/show.html.erb +++ b/app/views/forum_topics/show.html.erb @@ -3,7 +3,7 @@

Topic: <%= @forum_topic.title %> - <% if @forum_topic.min_level >= User::Levels::BUILDER %> + <% if @forum_topic.min_level >= User::Levels::MODERATOR %> (<%= User.level_string(@forum_topic.min_level).downcase %>+ only) <% end %> diff --git a/test/functional/forum_posts_controller_test.rb b/test/functional/forum_posts_controller_test.rb index 5a22bdff8..1a73b2684 100644 --- a/test/functional/forum_posts_controller_test.rb +++ b/test/functional/forum_posts_controller_test.rb @@ -45,6 +45,7 @@ class ForumPostsControllerTest < ActionController::TestCase context "with private topics" do setup do + CurrentUser.user = @mod @mod_topic = FactoryGirl.create(:mod_up_forum_topic) @mod_posts = 2.times.map do FactoryGirl.create(:forum_post, :topic_id => @mod_topic.id) @@ -53,6 +54,7 @@ class ForumPostsControllerTest < ActionController::TestCase end should "list only permitted posts for members" do + CurrentUser.user = @user get :index, {}, { :user_id => @user.id } assert_response :success diff --git a/test/functional/forum_topics_controller_test.rb b/test/functional/forum_topics_controller_test.rb index eb3334757..586d548d1 100644 --- a/test/functional/forum_topics_controller_test.rb +++ b/test/functional/forum_topics_controller_test.rb @@ -18,7 +18,9 @@ class ForumTopicsControllerTest < ActionController::TestCase context "for a level restricted topic" do setup do - @forum_topic.update_attribute(:min_level, 50) + CurrentUser.user = @mod + @forum_topic.update_attribute(:min_level, User::Levels::MODERATOR) + CurrentUser.user = @user end should "not allow users to see the topic" do @@ -42,7 +44,9 @@ class ForumTopicsControllerTest < ActionController::TestCase assert_equal(false, @gold_user.reload.has_forum_been_updated?) # Then adding an unread private topic should not bump. - FactoryGirl.create(:forum_post, :topic_id => @forum_topic.id) + CurrentUser.scoped(@mod) do + FactoryGirl.create(:forum_post, :topic_id => @forum_topic.id) + end assert_equal(false, @gold_user.reload.has_forum_been_updated?) end end diff --git a/test/functional/maintenance/user/login_reminders_controller_test.rb b/test/functional/maintenance/user/login_reminders_controller_test.rb index 324ec9682..de0c35356 100644 --- a/test/functional/maintenance/user/login_reminders_controller_test.rb +++ b/test/functional/maintenance/user/login_reminders_controller_test.rb @@ -34,7 +34,7 @@ module Maintenance post :create, {:user => {:email => ""}} assert_equal("Email address not found", flash[:notice]) @blank_email_user.reload - assert_equal(@blank_email_user.created_at, @blank_email_user.updated_at) + assert_equal(@blank_email_user.created_at.to_i, @blank_email_user.updated_at.to_i) assert_equal(0, ActionMailer::Base.deliveries.size) end end diff --git a/test/functional/wiki_pages_controller_test.rb b/test/functional/wiki_pages_controller_test.rb index 9d5bb8b12..53c0e588f 100644 --- a/test/functional/wiki_pages_controller_test.rb +++ b/test/functional/wiki_pages_controller_test.rb @@ -73,9 +73,9 @@ class WikiPagesControllerTest < ActionController::TestCase end should "destroy a wiki_page" do - assert_difference("WikiPage.count", -1) do - post :destroy, {:id => @wiki_page.id}, {:user_id => @mod.id} - end + post :destroy, {:id => @wiki_page.id}, {:user_id => @mod.id} + @wiki_page.reload + assert_equal(true, @wiki_page.is_deleted?) end end