IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: moderators can't see private topics that they aren't invited to see.

Browse Source
This commit is contained in:
Neil Lalonde
2014-05-12 15:26:36 -04:00
parent 447cfa8dfe
commit e68e97d986
6 changed files with 33 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/guardian/topic_guardian.rb
View File

@@ -46,7 +46,7 @@ module TopicGuardian
def can_see_topic?(topic)
return false unless topic
return true if is_staff?
return true if is_admin?
return false if topic.deleted_at
# NOTE
@@ -56,7 +56,7 @@ module TopicGuardian
# not secure, or I can see it
(not(topic.read_restricted_category?) || can_see_category?(topic.category)) &&
# not private, or I am allowed (or is staff)
(not(topic.private_message?) || (authenticated? && (is_staff? || topic.all_allowed_users.where(id: @user.id).exists?)))
(not(topic.private_message?) || (authenticated? && (is_admin? || topic.all_allowed_users.where(id: @user.id).exists?)))
end
end