FEATURE: Allow category group moderators to delete topics (#11069)

* FEATURE - allow category group moderators to delete topics

* Allow individual posts to be deleted

* DEV - refactor for new `can_moderate_topic?` method

lib/guardian.rb

@@ -94,6 +94,9 @@ class Guardian
   end
 
   def is_category_group_moderator?(category)
+    return false unless category
+    return false unless authenticated?
+
     @is_category_group_moderator ||= begin
       SiteSetting.enable_category_group_moderation? &&
         category.present? &&

lib/guardian/post_guardian.rb

@@ -181,17 +181,22 @@ module PostGuardian
     return false if post.is_first_post?
 
     # Can't delete posts in archived topics unless you are staff
-    return false if !is_staff? && post.topic.archived?
+    can_moderate = can_moderate_topic?(post.topic)
+    return false if !can_moderate && post.topic&.archived?
 
     # You can delete your own posts
     return !post.user_deleted? if is_my_own?(post)
 
-    is_staff?
+    can_moderate
   end
 
   # Recovery Method
   def can_recover_post?(post)
-    if is_staff?
+    return false unless post
+
+    topic = Topic.with_deleted.find(post.topic_id) if post.topic_id
+
+    if can_moderate_topic?(topic)
       !!post.deleted_at
     else
       is_my_own?(post) && post.user_deleted && !post.deleted_at
@@ -212,7 +217,7 @@ module PostGuardian
     return true if is_admin?
     return false unless can_see_topic?(post.topic)
     return false unless post.user == @user || Topic.visible_post_types(@user).include?(post.post_type)
-    return false if !is_moderator? && post.deleted_at.present?
+    return false if !(is_moderator? || is_category_group_moderator?(post.topic.category)) && post.deleted_at.present?
 
     true
   end
@@ -261,8 +266,8 @@ module PostGuardian
     is_staff?
   end
 
-  def can_see_deleted_posts?
-    is_staff?
+  def can_see_deleted_posts?(category = nil)
+    is_staff? || is_category_group_moderator?(category)
   end
 
   def can_view_raw_email?(post)

lib/guardian/topic_guardian.rb

@@ -19,6 +19,7 @@ module TopicGuardian
 
     is_category_group_moderator?(topic.category)
   end
+  alias :can_moderate_topic? :can_review_topic?
 
   def can_create_shared_draft?
     is_staff? && SiteSetting.shared_drafts_enabled?
@@ -115,7 +116,7 @@ module TopicGuardian
 
   # Recovery Method
   def can_recover_topic?(topic)
-    if is_staff?
+    if is_staff? || (topic&.category && is_category_group_moderator?(topic.category))
       !!(topic && topic.deleted_at)
     else
       topic && can_recover_post?(topic.ordered_posts.first)
@@ -124,7 +125,7 @@ module TopicGuardian
 
   def can_delete_topic?(topic)
     !topic.trashed? &&
-    (is_staff? || (is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at && topic.created_at > 24.hours.ago)) &&
+    (is_staff? || (is_my_own?(topic) && topic.posts_count <= 1 && topic.created_at && topic.created_at > 24.hours.ago) || is_category_group_moderator?(topic.category)) &&
     !topic.is_category_topic? &&
     !Discourse.static_doc_topic_ids.include?(topic.id)
   end
@@ -142,14 +143,14 @@ module TopicGuardian
     authenticated? && topic && @user.has_trust_level?(TrustLevel[1])
   end
 
-  def can_see_deleted_topics?
-    is_staff?
+  def can_see_deleted_topics?(category)
+    is_staff? || is_category_group_moderator?(category)
   end
 
   def can_see_topic?(topic, hide_deleted = true)
     return false unless topic
     return true if is_admin?
-    return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?
+    return false if hide_deleted && topic.deleted_at && !can_see_deleted_topics?(topic.category)
 
     if topic.private_message?
       return authenticated? && topic.all_allowed_users.where(id: @user.id).exists?

lib/post_destroyer.rb

@@ -66,7 +66,7 @@ class PostDestroyer
 
     delete_removed_posts_after = @opts[:delete_removed_posts_after] || SiteSetting.delete_removed_posts_after
 
-    if @user.staff? || delete_removed_posts_after < 1 || post_is_reviewable?
+    if delete_removed_posts_after < 1 || post_is_reviewable? || Guardian.new(@user).can_moderate_topic?(topic)
       perform_delete
     elsif @user.id == @post.user_id
       mark_for_deletion(delete_removed_posts_after)
@@ -86,7 +86,7 @@ class PostDestroyer
   end
 
   def recover
-    if (@user.staff? || post_is_reviewable?) && @post.deleted_at
+    if (post_is_reviewable? || Guardian.new(@user).can_moderate_topic?(@post.topic)) && @post.deleted_at
       staff_recovered
     elsif @user.staff? || @user.id == @post.user_id
       user_recovered
@@ -221,6 +221,8 @@ class PostDestroyer
   private
 
   def post_is_reviewable?
+    return true if @user.staff?
+
     topic = @post.topic || Topic.with_deleted.find(@post.topic_id)
     Guardian.new(@user).can_review_topic?(topic) && Reviewable.exists?(target: @post)
   end

lib/topic_view.rb

@@ -704,7 +704,7 @@ class TopicView
       .includes({ user: :primary_group }, :reply_to_user, :deleted_by, :incoming_email, :topic)
       .order('sort_order')
     @posts = filter_post_types(@posts)
-    @posts = @posts.with_deleted if @guardian.can_see_deleted_posts?
+    @posts = @posts.with_deleted if @guardian.can_see_deleted_posts?(@topic.category)
     @posts
   end
 
@@ -720,7 +720,7 @@ class TopicView
 
   def unfiltered_posts
     result = filter_post_types(@topic.posts)
-    result = result.with_deleted if @guardian.can_see_deleted_posts?
+    result = result.with_deleted if @guardian.can_see_deleted_posts?(@topic.category)
     result = result.where("user_id IS NOT NULL") if @exclude_deleted_users
     result = result.where(hidden: false) if @exclude_hidden
     result
@@ -776,7 +776,7 @@ class TopicView
     # copy the filter for has_deleted? method
     @predelete_filtered_posts = @filtered_posts.spawn
 
-    if @guardian.can_see_deleted_posts? && !@show_deleted && has_deleted?
+    if @guardian.can_see_deleted_posts?(@topic.category) && !@show_deleted && has_deleted?
       @filtered_posts = @filtered_posts.where(
         "posts.deleted_at IS NULL OR posts.post_number = 1"
       )