From abcfb63126389146ff7d76bd5ce3e4e7426ea663 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Tue, 15 Nov 2022 17:53:15 -0500
Subject: [PATCH] fix: #11044, allow banned users to post

if given privileges
---
 src/user/posts.js |  6 +-----
 test/user.js      | 41 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/src/user/posts.js b/src/user/posts.js
index 33f7464a71..9ca31cd6e7 100644
--- a/src/user/posts.js
+++ b/src/user/posts.js
@@ -18,7 +18,7 @@ module.exports = function (User) {
 			return;
 		}
 		const [userData, isAdminOrMod] = await Promise.all([
-			User.getUserFields(uid, ['uid', 'banned', 'mutedUntil', 'joindate', 'email', 'reputation'].concat([field])),
+			User.getUserFields(uid, ['uid', 'mutedUntil', 'joindate', 'email', 'reputation'].concat([field])),
 			privileges.categories.isAdminOrMod(cid, uid),
 		]);
 
@@ -30,10 +30,6 @@ module.exports = function (User) {
 			return;
 		}
 
-		if (userData.banned) {
-			throw new Error('[[error:user-banned]]');
-		}
-
 		const now = Date.now();
 		if (userData.mutedUntil > now) {
 			let muteLeft = ((userData.mutedUntil - now) / (1000 * 60));
diff --git a/test/user.js b/test/user.js
index 176ee82827..d05f81778b 100644
--- a/test/user.js
+++ b/test/user.js
@@ -24,6 +24,7 @@ const file = require('../src/file');
 const socketUser = require('../src/socket.io/user');
 const apiUser = require('../src/api/users');
 const utils = require('../src/utils');
+const privileges = require('../src/privileges');
 
 describe('User', () => {
 	let userData;
@@ -1434,6 +1435,32 @@ describe('User', () => {
 			assert.strictEqual(membership.get('verified-users'), true);
 			assert.strictEqual(membership.get('unverified-users'), false);
 		});
+
+		it('should be able to post in category for banned users', async () => {
+			const { cid } = await Categories.create({
+				name: 'Test Category',
+				description: 'A test',
+				order: 1,
+			});
+			const testUid = await User.create({ username: userData.username });
+			await User.bans.ban(testUid);
+			let _err;
+			try {
+				await Topics.post({ title: 'banned topic', content: 'tttttttttttt', cid: cid, uid: testUid });
+			} catch (err) {
+				_err = err;
+			}
+			assert.strictEqual(_err && _err.message, '[[error:no-privileges]]');
+
+			await Promise.all([
+				privileges.categories.give(['groups:topics:create', 'groups:topics:reply'], cid, 'banned-users'),
+				privileges.categories.rescind(['groups:topics:create', 'groups:topics:reply'], cid, 'registered-users'),
+			]);
+
+			const result = await Topics.post({ title: 'banned topic', content: 'tttttttttttt', cid: cid, uid: testUid });
+			assert(result);
+			assert.strictEqual(result.topicData.title, 'banned topic');
+		});
 	});
 
 	describe('Digest.getSubscribers', () => {
@@ -1899,7 +1926,7 @@ describe('User', () => {
 
 		it('should get unread count for user', async () => {
 			const count = await socketUser.getUnreadCount({ uid: testUid });
-			assert.strictEqual(count, 2);
+			assert.strictEqual(count, 3);
 		});
 
 		it('should get unread chat count 0 for guest', async () => {
@@ -1922,15 +1949,15 @@ describe('User', () => {
 			assert.deepStrictEqual(counts, {
 				unreadChatCount: 0,
 				unreadCounts: {
-					'': 2,
-					new: 2,
-					unreplied: 2,
+					'': 3,
+					new: 3,
+					unreplied: 3,
 					watched: 0,
 				},
-				unreadNewTopicCount: 2,
+				unreadNewTopicCount: 3,
 				unreadNotificationCount: 0,
-				unreadTopicCount: 2,
-				unreadUnrepliedTopicCount: 2,
+				unreadTopicCount: 3,
+				unreadUnrepliedTopicCount: 3,
 				unreadWatchedTopicCount: 0,
 			});
 		});