moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5

allow pms to be targetted at groups
2025-02-25 18:55:32 -06:00 · 2013-05-02 15:15:17 +10:00
parent e59ab32210
commit 65cd00cf25
27 changed files with 176 additions and 61 deletions
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -207,7 +207,7 @@ class Guardian
  end

  def can_see_private_messages?(user_id)
-    return true if is_admin?
+    return true if is_moderator?
    return false if @user.blank?
    @user.id == user_id
  end
@@ -263,7 +263,7 @@ class Guardian

  def can_edit_user?(user)
    return true if user == @user
-    @user.admin?
+    @user.moderator?
  end

  def can_edit_topic?(topic)
@@ -311,12 +311,12 @@ class Guardian
    return post_action.created_at > SiteSetting.post_undo_action_window_mins.minutes.ago
  end

-  def can_send_private_message?(target_user)
-    return false unless User === target_user
+  def can_send_private_message?(target)
+    return false unless User === target || Group === target
    return false if @user.blank?

    # Can't send message to yourself
-    return false if @user.id == target_user.id
+    return false if User === target && @user.id == target.id

    # Have to be a basic level at least
    return false unless @user.has_trust_level?(:basic)
@@ -336,15 +336,15 @@ class Guardian
    return false unless topic

    return true if @user && @user.moderator?
-    return false if topic.deleted_at.present?
+    return false if topic.deleted_at

    if topic.category && topic.category.secure
      return false unless @user && can_see_category?(topic.category)
    end

    if topic.private_message?
-      return false if @user.blank?
-      return true if topic.allowed_users.include?(@user)
+      return false unless @user
+      return true if topic.all_allowed_users.where(id: @user.id).exists?
      return is_admin?
    end
    true
@@ -375,11 +375,11 @@ class Guardian
  def post_can_act?(post, action_key, opts={})
    return false if @user.blank?
    return false if post.blank?
-    return false if post.topic.archived?

    taken = opts[:taken_actions]
    taken = taken.keys if taken

+    # we always allow flagging
    if PostActionType.is_flag?(action_key)
      return false unless @user.has_trust_level?(:basic)

@@ -390,6 +390,9 @@ class Guardian
      return false if taken && taken.include?(PostActionType.types[action_key])
    end

+    # nothing else on archived posts
+    return false if post.topic.archived?
+
    case action_key
    when :like
      return false if post.user == @user
--- a/lib/moderator_constraint.rb
+++ b/lib/moderator_constraint.rb
@@ -0,0 +1,10 @@
+require_dependency 'current_user'
+
+class ModeratorConstraint
+
+  def matches?(request)
+    return false unless request.session[:current_user_id].present?
+    User.where("admin = 't' or moderator = 't'").where(id: request.session[:current_user_id].to_i).exists?
+  end
+
+end
--- a/lib/post_creator.rb
+++ b/lib/post_creator.rb
@@ -56,17 +56,14 @@ class PostCreator

          topic.subtype = TopicSubtype.user_to_user unless topic.subtype

-          usernames = @opts[:target_usernames].split(',')
-          User.where(username: usernames).each do |u|
-
-            unless guardian.can_send_private_message?(u)
-              topic.errors.add(:archetype, :cant_send_pm)
-              @errors = topic.errors
-              raise ActiveRecord::Rollback.new
-            end
-
-            topic.topic_allowed_users.build(user_id: u.id)
+          unless @opts[:target_usernames].present? || @opts[:target_group_names].present?
+            topic.errors.add(:archetype, :cant_send_pm)
+            @errors = topic.errors
+            raise ActiveRecord::Rollback.new
          end
+
+          add_users(topic,@opts[:target_usernames])
+          add_groups(topic,@opts[:target_group_names])
          topic.topic_allowed_users.build(user_id: @user.id)
        end

@@ -148,4 +145,35 @@ class PostCreator
    PostCreator.new(user, opts).create
  end

+  protected
+
+  def add_users(topic, usernames)
+    return unless usernames
+    usernames = usernames.split(',')
+    User.where(username: usernames).each do |u|
+
+      unless guardian.can_send_private_message?(u)
+        topic.errors.add(:archetype, :cant_send_pm)
+        @errors = topic.errors
+        raise ActiveRecord::Rollback.new
+      end
+
+      topic.topic_allowed_users.build(user_id: u.id)
+    end
+  end
+
+  def add_groups(topic, groups)
+    return unless groups
+    groups = groups.split(',')
+    Group.where(name: groups).each do |g|
+
+      unless guardian.can_send_private_message?(g)
+        topic.errors.add(:archetype, :cant_send_pm)
+        @errors = topic.errors
+        raise ActiveRecord::Rollback.new
+      end
+
+      topic.topic_allowed_groups.build(group_id: g.id)
+    end
+  end
 end