IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Disallow user self-delete when user posted in PMs

Browse Source 
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.

It also makes the guardian prevent self-deletes when SSO is enabled.
This commit is contained in:
Gerhard Schlager
2019-08-10 12:02:12 +02:00
parent 9f445bec09
commit e4f14ca3d7
5 changed files with 185 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/guardian/user_guardian.rb
View File

@@ -61,9 +61,14 @@ module UserGuardian
def can_delete_user?(user)
return false if user.nil? || user.admin?
if is_me?(user)
user.post_count <= 1
!SiteSetting.enable_sso &&
!user.has_more_posts_than?(User::MAX_SELF_DELETE_POST_COUNT)
else
is_staff? && (user.first_post_created_at.nil? || user.post_count <= 5 || user.first_post_created_at > SiteSetting.delete_user_max_post_age.to_i.days.ago)
is_staff? && (
user.first_post_created_at.nil? ||
!user.has_more_posts_than?(User::MAX_STAFF_DELETE_POST_COUNT) ||
user.first_post_created_at > SiteSetting.delete_user_max_post_age.to_i.days.ago
)
end
end