FIX: Don't allow users to edit topic information when the OP is locked

FIX: Don’t allow users to edit topic information when the OP is locked

see: User able to edit title of locked post - support - Discourse Meta

diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index 242cfbd..e7cc4f2 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -97,7 +97,9 @@ module TopicGuardian
     )
 
     return false if topic.archived
-    is_my_own?(topic) && !topic.edit_time_limit_expired?
+    is_my_own?(topic) &&
+      !topic.edit_time_limit_expired? &&
+      !Post.where(topic_id: topic.id, post_number: 1).where.not(locked_by_id: nil).exists?
   end
 
   # Recovery Method
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index ae6b742..c5c9b2b 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -1419,6 +1419,16 @@ describe Guardian do
         expect(Guardian.new(coding_horror).can_edit?(topic)).to be_falsey
       end
 
+      context "locked" do
+        let(:post) { Fabricate(:post, locked_by_id: admin.id) }
+        let(:topic) { post.topic }
+
+        it "doesn't allow users to edit locked topics" do
+          expect(Guardian.new(topic.user).can_edit?(topic)).to eq(false)
+          expect(Guardian.new(admin).can_edit?(topic)).to eq(true)
+        end
+      end
+
       context 'not archived' do
         it 'returns true as a moderator' do
           expect(Guardian.new(moderator).can_edit?(topic)).to eq(true)

GitHub sha: e8b9f383

1 Like

This commit has been mentioned on Discourse Meta. There might be relevant details there: