check story tag permissions on editor, not creator
This commit is contained in:
parent
d729d0ad99
commit
285fd82c16
|
@ -34,7 +34,7 @@ class StoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
@story.is_expired = true
|
@story.is_expired = true
|
||||||
@story.editor_user_id = @user.id
|
@story.editor = @user
|
||||||
|
|
||||||
if params[:reason].present? && @story.user_id != @user.id
|
if params[:reason].present? && @story.user_id != @user.id
|
||||||
@story.moderation_reason = params[:reason]
|
@story.moderation_reason = params[:reason]
|
||||||
|
@ -151,7 +151,7 @@ class StoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
@story.is_expired = false
|
@story.is_expired = false
|
||||||
@story.editor_user_id = @user.id
|
@story.editor = @user
|
||||||
@story.save(:validate => false)
|
@story.save(:validate => false)
|
||||||
|
|
||||||
redirect_to @story.comments_url
|
redirect_to @story.comments_url
|
||||||
|
@ -164,7 +164,7 @@ class StoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
@story.is_expired = false
|
@story.is_expired = false
|
||||||
@story.editor_user_id = @user.id
|
@story.editor = @user
|
||||||
|
|
||||||
if @story.url_is_editable_by_user?(@user)
|
if @story.url_is_editable_by_user?(@user)
|
||||||
@story.attributes = story_params
|
@story.attributes = story_params
|
||||||
|
|
|
@ -18,7 +18,7 @@ class Story < ActiveRecord::Base
|
||||||
|
|
||||||
attr_accessor :vote, :already_posted_story, :fetched_content, :previewing,
|
attr_accessor :vote, :already_posted_story, :fetched_content, :previewing,
|
||||||
:seen_previous
|
:seen_previous
|
||||||
attr_accessor :editor_user_id, :moderation_reason
|
attr_accessor :editor, :moderation_reason
|
||||||
|
|
||||||
before_validation :assign_short_id_and_upvote,
|
before_validation :assign_short_id_and_upvote,
|
||||||
:on => :create
|
:on => :create
|
||||||
|
@ -143,13 +143,15 @@ class Story < ActiveRecord::Base
|
||||||
# this has to happen just before save rather than in tags_a= because we need
|
# this has to happen just before save rather than in tags_a= because we need
|
||||||
# to have a valid user_id
|
# to have a valid user_id
|
||||||
def check_tags
|
def check_tags
|
||||||
|
u = self.editor || self.user
|
||||||
|
|
||||||
self.taggings.each do |t|
|
self.taggings.each do |t|
|
||||||
if !t.tag.valid_for?(self.user)
|
if !t.tag.valid_for?(u)
|
||||||
raise "#{self.user.username} does not have permission to use " <<
|
raise "#{u.username} does not have permission to use privileged " <<
|
||||||
"privileged tag #{t.tag.tag}"
|
"tag #{t.tag.tag}"
|
||||||
elsif t.tag.inactive? && !t.new_record?
|
elsif t.tag.inactive? && !t.new_record?
|
||||||
# stories can have inactive tags as long as they existed before
|
# stories can have inactive tags as long as they existed before
|
||||||
raise "#{self.user.username} cannot add inactive tag #{t.tag.tag}"
|
raise "#{u.username} cannot add inactive tag #{t.tag.tag}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -256,15 +258,14 @@ class Story < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def log_moderation
|
def log_moderation
|
||||||
if self.new_record? || !self.editor_user_id ||
|
if self.new_record? || !self.editor || self.editor.id == self.user_id
|
||||||
self.editor_user_id == self.user_id
|
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
all_changes = self.changes.merge(self.tagging_changes)
|
all_changes = self.changes.merge(self.tagging_changes)
|
||||||
|
|
||||||
m = Moderation.new
|
m = Moderation.new
|
||||||
m.moderator_user_id = self.editor_user_id
|
m.moderator_user_id = self.editor.try(:id)
|
||||||
m.story_id = self.id
|
m.story_id = self.id
|
||||||
|
|
||||||
if all_changes["is_expired"] && self.is_expired?
|
if all_changes["is_expired"] && self.is_expired?
|
||||||
|
|
Loading…
Reference in a new issue