Guardian bypassed through :skip_validations in TopicCreator but not in PostCreator

meriksson · 7 Enero, 2017 21:26

When creating a topic, the guardian check for permission to create is bypassed if skip_validations is set to true:

https://github.com/discourse/discourse/blob/56ee4ffadc3e686718d25f46be8c08d9289ef396/lib/topic_creator.rb#L118

However, when creating a reply the equivalent check is not bypassed:

https://github.com/discourse/discourse/blob/cf7774bdd9cb5e3337fbcdebc285175d1240aa35/lib/post_creator.rb#L111

Perhaps I am missing something but this looks inconsistent to me, i.e. skip_validations should bypass the guardian check either in both cases or in none of them.

In any case, I fixed this because I needed it myself (to have an importer create posts in private categories). Here is what I did:

https://github.com/discourse/discourse/pull/4641

Isambard · 20 Marzo, 2024 20:35

Acabo de encontrar este error también. Muy frustrante que lo solucionaras hace 6 años y emitieras una solicitud de extracción que al final no fue aceptada.

Tema		Respuestas	Vistas
Which validations can be bypassed and how when using the API to create topics/posts Dev rest-api	5	401	20 Marzo 2024
Cannot Create New Topics Support	8	640	2 Octubre 2023
Cannot create topic via API when category is “see & reply only” Support rest-api	2	41	15 Julio 2025
Urgent, can't create new Topics Bug	8	1113	3 Abril 2017
"Why Not Create a topic?" in category without topic creating permissions Bug	4	1187	10 Enero 2020

Guardian bypassed through :skip_validations in TopicCreator but not in PostCreator

Temas relacionados