FIX: gists are not html safe (#931)

Also allow "Everyone" in ai_hot_topic_gists_allowed_groups
2024-11-20 10:54:49 +11:00 · 2024-11-20 10:54:49 +11:00 · a0aec48606
parent f09e74c05e
commit a0aec48606
3 changed files with 28 additions and 8 deletions
--- a/assets/javascripts/discourse/components/ai-topic-gist.gjs
+++ b/assets/javascripts/discourse/components/ai-topic-gist.gjs
@ -1,7 +1,6 @@
 import Component from "@glimmer/component";
 import { service } from "@ember/service";
 import { htmlSafe } from "@ember/template";
-import { emojiUnescape, sanitize } from "discourse/lib/text";

 export default class AiTopicGist extends Component {
  @service gists;
@ -10,20 +9,30 @@ export default class AiTopicGist extends Component {
    return this.gists.preference === "table-ai" && this.gists.shouldShow;
  }

-  get gistOrExcerpt() {
-    const topic = this.args.topic;
-    const gist = topic.get("ai_topic_gist");
-    const excerpt = emojiUnescape(sanitize(topic.get("excerpt")));
+  get hasGist() {
+    return !!this.gist;
+  }

-    return gist || excerpt;
+  get gist() {
+    return this.args.topic.get("ai_topic_gist");
+  }
+
+  get escapedExceprt() {
+    return this.args.topic.get("escapedExcerpt");
  }

  <template>
    {{#if this.shouldShow}}
-      {{#if this.gistOrExcerpt}}
+      {{#if this.hasGist}}
        <div class="excerpt">
-          <div>{{htmlSafe this.gistOrExcerpt}}</div>
+          <div>{{this.gist}}</div>
        </div>
+      {{else}}
+        {{#if this.esacpedExceprt}}
+          <div class="excerpt">
+            <div>{{htmlSafe this.escapedExceprt}}</div>
+          </div>
+        {{/if}}
      {{/if}}
    {{/if}}
  </template>
--- a/lib/guardian_extensions.rb
+++ b/lib/guardian_extensions.rb
@ -24,6 +24,9 @@ module DiscourseAi
    def can_see_gists?
      return false if !SiteSetting.ai_summarization_enabled
      return false if SiteSetting.ai_summarize_max_hot_topics_gists_per_batch.zero?
+      if SiteSetting.ai_hot_topic_gists_allowed_groups.to_s == Group::AUTO_GROUPS[:everyone].to_s
+        return true
+      end
      return false if anonymous?
      return false if SiteSetting.ai_hot_topic_gists_allowed_groups_map.empty?

--- a/spec/lib/guardian_extensions_spec.rb
+++ b/spec/lib/guardian_extensions_spec.rb
@ -89,6 +89,14 @@ describe DiscourseAi::GuardianExtensions do
      end
    end

+    context "when setting is set to everyone" do
+      before { SiteSetting.ai_hot_topic_gists_allowed_groups = Group::AUTO_GROUPS[:everyone] }
+
+      it "returns true" do
+        expect(guardian.can_see_gists?).to eq(true)
+      end
+    end
+
    context "when there is a user but it's not a member of the allowed groups" do
      before { SiteSetting.ai_hot_topic_gists_allowed_groups = "" }