FIX: TL4 users cannot delete others posts (#13554)

FIX: TL4 users cannot delete others posts (#13554)

diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb
index e1d1842..99ac97c 100644
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@@ -190,7 +190,7 @@ module PostGuardian
     # Can't delete the first post
     return false if post.is_first_post?
 
-    return true if can_moderate_topic?(post.topic)
+    return true if is_staff? || is_category_group_moderator?(post.topic&.category)
 
     # Can't delete posts in archived topics unless you are staff
     return false if post.topic&.archived?
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 911cfff..2d49dfc 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -2139,6 +2139,12 @@ describe Guardian do
 
       it 'returns true when trying to delete your own post' do
         expect(Guardian.new(user).can_delete?(post)).to be_truthy
+
+        expect(Guardian.new(trust_level_0).can_delete?(post)).to be_falsey
+        expect(Guardian.new(trust_level_1).can_delete?(post)).to be_falsey
+        expect(Guardian.new(trust_level_2).can_delete?(post)).to be_falsey
+        expect(Guardian.new(trust_level_3).can_delete?(post)).to be_falsey
+        expect(Guardian.new(trust_level_4).can_delete?(post)).to be_falsey
       end
 
       it 'returns false when self deletions are disabled' do
@@ -2164,6 +2170,16 @@ describe Guardian do
         expect(Guardian.new(admin).can_delete?(post)).to be_truthy
       end
 
+      it "returns true for category moderators" do
+        SiteSetting.enable_category_group_moderation = true
+        group = Fabricate(:group)
+        GroupUser.create(group: group, user: user)
+        category = Fabricate(:category, reviewable_by_group_id: group.id)
+        post.topic.update!(category: category)
+
+        expect(Guardian.new(user).can_delete?(post)).to eq(true)
+      end
+
       it 'returns false when post is first in a static doc topic' do
         tos_topic = Fabricate(:topic, user: Discourse.system_user)
         SiteSetting.tos_topic_id = tos_topic.id
diff --git a/spec/components/post_merger_spec.rb b/spec/components/post_merger_spec.rb
index e8efd4b..6c9d6ae 100644
--- a/spec/components/post_merger_spec.rb
+++ b/spec/components/post_merger_spec.rb
@@ -44,7 +44,7 @@ describe PostMerger do
       expect { PostMerger.new(admin, [reply2, post, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
     end
 
-    it "should only allow staff or TL4 user to merge posts" do
+    it "should only allow staff to merge posts" do
       reply1 = create_post(topic: topic, post_number: post.post_number, user: user)
       reply2 = create_post(topic: topic, post_number: post.post_number, user: user)
 
@@ -58,8 +58,9 @@ describe PostMerger do
       expect { PostMerger.new(tl1, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
       expect { PostMerger.new(tl2, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
       expect { PostMerger.new(tl3, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
+      expect { PostMerger.new(tl4, [reply2, reply1]).merge }.to raise_error(Discourse::InvalidAccess)
 
-      PostMerger.new(tl4, [reply2, reply1]).merge
+      PostMerger.new(Fabricate(:admin), [reply2, reply1]).merge
 
       expect(reply1.trashed?).to eq(true)
       expect(reply2.trashed?).to eq(false)

GitHub sha: 715ecabd853f930adbdb4bb1998f3da367109859

This commit appears in #13554 which was approved by eviltrout. It was merged by nbianca.