Create new hidePosts permission (#1466)

2025-08-16 13:24:11 +02:00 · 2018-07-15 03:15:40 +07:00
parent 9be13cb1cd
commit 034b82f4d4
8 changed files with 17 additions and 8 deletions
--- a/src/Api/Serializer/PostSerializer.php
+++ b/src/Api/Serializer/PostSerializer.php
@@ -66,7 +66,8 @@ class PostSerializer extends BasicPostSerializer

        $attributes += [
            'canEdit'   => $canEdit,
-            'canDelete' => $gate->allows('delete', $post)
+            'canDelete' => $gate->allows('delete', $post),
+            'canHide'   => $gate->allows('hide', $post)
        ];

        return $attributes;
--- a/src/Install/Console/InstallCommand.php
+++ b/src/Install/Console/InstallCommand.php
@@ -319,6 +319,7 @@ class InstallCommand extends AbstractCommand
            // Moderators can edit + delete stuff
            [Group::MODERATOR_ID, 'discussion.hide'],
            [Group::MODERATOR_ID, 'discussion.editPosts'],
+            [Group::MODERATOR_ID, 'discussion.hidePosts'],
            [Group::MODERATOR_ID, 'discussion.rename'],
            [Group::MODERATOR_ID, 'discussion.viewIpsPosts'],
        ];
--- a/src/Post/Command/EditPostHandler.php
+++ b/src/Post/Command/EditPostHandler.php
@@ -68,7 +68,7 @@ class EditPostHandler
            }

            if (isset($attributes['isHidden'])) {
-                $this->assertCan($actor, 'edit', $post);
+                $this->assertCan($actor, 'hide', $post);

                if ($attributes['isHidden']) {
                    $post->hide($actor);
--- a/src/Post/PostPolicy.php
+++ b/src/Post/PostPolicy.php
@@ -79,7 +79,7 @@ class PostPolicy extends AbstractPolicy
        // Hide hidden posts, unless they are authored by the current user, or
        // the current user has permission to view hidden posts in the
        // discussion.
-        if (! $actor->hasPermission('discussion.editPosts')) {
+        if (! $actor->hasPermission('discussion.hidePosts')) {
            $query->where(function ($query) use ($actor) {
                $query->whereNull('posts.hide_time')
                    ->orWhere('user_id', $actor->id)
@@ -89,7 +89,7 @@ class PostPolicy extends AbstractPolicy
                            ->whereRaw('discussions.id = posts.discussion_id')
                            ->where(function ($query) use ($actor) {
                                $this->events->dispatch(
-                                    new ScopeModelVisibility(Discussion::query()->setQuery($query), $actor, 'editPosts')
+                                    new ScopeModelVisibility(Discussion::query()->setQuery($query), $actor, 'hidePosts')
                                );
                            });
                    });