IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Always allow staff (admins & mods) to post links (#25601)

Browse Source 
Followup fb087b7ff6

post_links_allowed_groups is an odd check tied to
unrestricted_link_posting? in PostGuardian, in that
it doesn't have an escape hatch for staff like most
of the rest of these group based settings.

It doesn't make sense to exclude admins or mods from
posting links, so just always allow them to avoid confusion.
This commit is contained in:
Martin Brennan
2024-02-08 11:19:28 +10:00
committed by GitHub
parent adb4eee153
commit 4ce1c2c030
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/locales/server.en.yml
View File

@@ -1974,7 +1974,7 @@ en:
min_trust_to_flag_posts: "The minimum trust level required to flag posts"
flag_post_allowed_groups: "Groups that are allowed to flag posts."
min_trust_to_post_links: "The minimum trust level required to include links in posts"
post_links_allowed_groups: "Groups that are allowed to include links in posts."
post_links_allowed_groups: "Groups that are allowed to include links in posts. Admins and moderators are always allowed to post links."
min_trust_to_post_embedded_media: "The minimum trust level required to embed media items in a post"
embedded_media_post_allowed_groups: "The users in these groups are allowed to embed media items in a post"
min_trust_level_to_allow_profile_background: "The minimum trust level required to upload a profile background"

2
lib/guardian/post_guardian.rb
View File

@@ -3,7 +3,7 @@
# mixin for all guardian methods dealing with post permissions
module PostGuardian
def unrestricted_link_posting?
authenticated? && @user.in_any_groups?(SiteSetting.post_links_allowed_groups_map)
authenticated? && (is_staff? || @user.in_any_groups?(SiteSetting.post_links_allowed_groups_map))
end
def link_posting_access

7
spec/lib/guardian_spec.rb
View File

@@ -46,6 +46,13 @@ RSpec.describe Guardian do
expect(Guardian.new(user).link_posting_access).to eq("full")
end
it "is full for staff users regardless of TL" do
SiteSetting.post_links_allowed_groups = Group::AUTO_GROUPS[:trust_level_2]
admin_user = Fabricate(:admin)
admin_user.change_trust_level!(TrustLevel[1])
expect(Guardian.new(admin_user).link_posting_access).to eq("full")
end
it "is none for a user of a low trust level" do
user.change_trust_level!(TrustLevel[0])
SiteSetting.post_links_allowed_groups = Group::AUTO_GROUPS[:trust_level_1]