FIX: Make sure regular users can delete their PMs (#20424)

Regular users should be redirected to the homepage after the topic is no longer accessible by them (only staff members can view deleted topics). There was a problem with permission checking for category moderators which stopped the redirect from happening.
2024-11-27 03:10:46 -06:00 · 2023-02-23 16:39:51 +02:00 · 2023-02-23 16:39:51 +02:00 · a0ca10fa17
commit a0ca10fa17
parent b8762172e4
2 changed files with 44 additions and 3 deletions
--- a/app/assets/javascripts/discourse/app/models/topic.js
+++ b/app/assets/javascripts/discourse/app/models/topic.js
@ -471,7 +471,7 @@ const Topic = RestModel.extend({
          opts.force_destroy ||
          (!deleted_by.staff &&
            !deleted_by.groups.some(
-              (group) => group.name === this.category.reviewable_by_group_name
+              (group) => group.name === this.category?.reviewable_by_group_name
            ) &&
            !(
              this.siteSettings.tl4_delete_posts_and_topics &&
--- a/app/assets/javascripts/discourse/tests/acceptance/personal-message-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/personal-message-test.js
@ -1,7 +1,13 @@
-import { acceptance, query } from "discourse/tests/helpers/qunit-helpers";
+import { click, visit } from "@ember/test-helpers";
+import DiscourseURL from "discourse/lib/url";
+import {
+  acceptance,
+  publishToMessageBus,
+  query,
+} from "discourse/tests/helpers/qunit-helpers";
 import I18n from "I18n";
 import { test } from "qunit";
-import { visit } from "@ember/test-helpers";
+import sinon from "sinon";

 acceptance("Personal Message", function (needs) {
  needs.user();
@ -15,3 +21,38 @@ acceptance("Personal Message", function (needs) {
    );
  });
 });
+
+acceptance("Personal Message (regular user)", function (needs) {
+  needs.user({ admin: false, moderator: false });
+
+  needs.pretender((server) => {
+    server.get("/posts/15", () => [
+      403,
+      {},
+      {
+        errors: ["You are not permitted to view the requested resource."],
+        error_type: "invalid_access",
+      },
+    ]);
+  });
+
+  test("redirects to homepage after topic is deleted", async function (assert) {
+    sinon.stub(DiscourseURL, "redirectTo");
+
+    await visit("/t/pm-for-testing/12");
+
+    await click(".post-controls .show-more-actions");
+    await click(".post-controls .delete");
+    await publishToMessageBus("/topic/12", {
+      id: 15,
+      post_number: 1,
+      updated_at: "2017-01-27T03:53:58.394Z",
+      user_id: 8,
+      last_editor_id: 8,
+      type: "deleted",
+      version: 1,
+    });
+
+    assert.true(DiscourseURL.redirectTo.calledWith("/"));
+  });
+});