Guardian bypassed through :skip_validations in TopicCreator but not in PostCreator

When creating a topic, the guardian check for permission to create is bypassed if skip_validations is set to true:

https://github.com/discourse/discourse/blob/56ee4ffadc3e686718d25f46be8c08d9289ef396/lib/topic_creator.rb#L118

However, when creating a reply the equivalent check is not bypassed:

https://github.com/discourse/discourse/blob/cf7774bdd9cb5e3337fbcdebc285175d1240aa35/lib/post_creator.rb#L111

Perhaps I am missing something but this looks inconsistent to me, i.e. skip_validations should bypass the guardian check either in both cases or in none of them.

In any case, I fixed this because I needed it myself (to have an importer create posts in private categories). Here is what I did:

https://github.com/discourse/discourse/pull/4641

2 Likes

I just hit this bug too. Very frustrating that you fixed it 6 years ago and issued a pull request which was not accepted in the end. :frowning:

1 Like