FIX: do not allow creation of topic if there is no category available for posting (#7786)

FIX: do not allow creation of topic if there is no category available for posting (#7786)

diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index 941d76e..97f2425 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -39,7 +39,8 @@ module TopicGuardian
     is_staff? ||
     (user &&
       user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i &&
-      can_create_post?(parent))
+      can_create_post?(parent) &&
+      Category.topic_create_allowed(self).limit(1).count == 1)
   end
 
   def can_create_topic_on_category?(category)
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 13369ec..98eeb94 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -1668,6 +1668,40 @@ describe Guardian do
     end
   end
 
+  context "can_create_topic?" do
+    it 'returns true for staff user' do
+      expect(Guardian.new(moderator).can_create_topic?(topic)).to eq(true)
+    end
+
+    it 'returns false for user with insufficient trust level' do
+      SiteSetting.min_trust_to_create_topic = 3
+      expect(Guardian.new(user).can_create_topic?(topic)).to eq(false)
+    end
+
+    it 'returns true for user with sufficient trust level' do
+      SiteSetting.min_trust_to_create_topic = 3
+      expect(Guardian.new(trust_level_4).can_create_topic?(topic)).to eq(true)
+    end
+
+    it 'returns false when posting in "uncategorized" is disabled and there is no other category available for posting' do
+      SiteSetting.allow_uncategorized_topics = false
+
+      plain_category.set_permissions(group => :readonly)
+      plain_category.save
+      expect(Guardian.new(user).can_create_topic?(topic)).to eq(false)
+    end
+
+    it 'returns true when there is a category available for posting' do
+      SiteSetting.allow_uncategorized_topics = false
+
+      plain_category.set_permissions(group => :full)
+      plain_category.save
+      group.add(user)
+      group.save
+      expect(Guardian.new(user).can_create_topic?(topic)).to eq(true)
+    end
+  end
+
   context 'can_move_posts?' do
 
     it 'returns false with a nil object' do

GitHub sha: 3c64dc3e

1 Like