meriksson
2017 年 1 月 7 日午後 9:26
1
When creating a topic, the guardian check for permission to create is bypassed if skip_validations is set to true:
https://github.com/discourse/discourse/blob/56ee4ffadc3e686718d25f46be8c08d9289ef396/lib/topic_creator.rb#L118
However, when creating a reply the equivalent check is not bypassed:
https://github.com/discourse/discourse/blob/cf7774bdd9cb5e3337fbcdebc285175d1240aa35/lib/post_creator.rb#L111
Perhaps I am missing something but this looks inconsistent to me, i.e. skip_validations should bypass the guardian check either in both cases or in none of them.
In any case, I fixed this because I needed it myself (to have an importer create posts in private categories). Here is what I did:
https://github.com/discourse/discourse/pull/4641
「いいね!」 2
Isambard
2024 年 3 月 20 日午後 8:35
2
I think there is a bug in the skip validations.
When I use skip validations to create a Topic, this works and it is possible for user to create a topic in a category even if normally he would have no rights to do so.
However, when trying to reply to that same topic, the validation check is not skipped and this post create fails.
私もこのバグに遭遇しました。6年前に修正してプルリクエストを発行したのに、最終的に受け入れられなかったのは非常に残念です。
「いいね!」 1
