From a3a1285dc5f839b7b83649113b0b2c700e0fde77 Mon Sep 17 00:00:00 2001
From: Martin Brennan <martin@discourse.org>
Date: Wed, 6 Dec 2023 12:01:41 +1000
Subject: [PATCH] FIX: Use Guardian.basic_user instead of new (anon) (#332)

c.f. de983796e1b66aa2ab039a4fb6e32cec8a65a098

There will soon be additional login_required checks
for Guardian, and the intent of many checks by automated
systems is better fulfilled by using BasicUser, which
simulates a logged in TL0 forum user, rather than an
anon user.
---
 lib/ai_bot/commands/read_command.rb                 | 7 ++++---
 lib/ai_bot/commands/search_command.rb               | 6 +++---
 lib/ai_bot/commands/summarize_command.rb            | 2 +-
 spec/lib/modules/embeddings/semantic_search_spec.rb | 4 ++--
 spec/lib/modules/toxicity/entry_point_spec.rb       | 2 +-
 spec/models/reviewable_ai_post_spec.rb              | 2 +-
 spec/serializers/ai_chat_channel_serializer_spec.rb | 4 ++--
 7 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/lib/ai_bot/commands/read_command.rb b/lib/ai_bot/commands/read_command.rb
index b8025b51..60b107bf 100644
--- a/lib/ai_bot/commands/read_command.rb
+++ b/lib/ai_bot/commands/read_command.rb
@@ -41,11 +41,12 @@ module DiscourseAi::AiBot::Commands
       topic_id = topic_id.to_i
 
       topic = Topic.find_by(id: topic_id)
-      return not_found if !topic || !Guardian.new.can_see?(topic)
+      return not_found if !topic || !Guardian.basic_user.can_see?(topic)
 
       @title = topic.title
 
-      posts = Post.secured(Guardian.new).where(topic_id: topic_id).order(:post_number).limit(40)
+      posts =
+        Post.secured(Guardian.basic_user).where(topic_id: topic_id).order(:post_number).limit(40)
       @url = topic.relative_url(post_number)
 
       posts = posts.where("post_number = ?", post_number) if post_number
@@ -60,7 +61,7 @@ module DiscourseAi::AiBot::Commands
       content << "\ncategories: #{category_names}" if category_names.present?
 
       if topic.tags.length > 0
-        tags = DiscourseTagging.filter_visible(topic.tags, Guardian.new)
+        tags = DiscourseTagging.filter_visible(topic.tags, Guardian.basic_user)
         content << "\ntags: #{tags.map(&:name).join(", ")}\n\n" if tags.length > 0
       end
 
diff --git a/lib/ai_bot/commands/search_command.rb b/lib/ai_bot/commands/search_command.rb
index 528191a7..78c567b7 100644
--- a/lib/ai_bot/commands/search_command.rb
+++ b/lib/ai_bot/commands/search_command.rb
@@ -123,7 +123,7 @@ module DiscourseAi::AiBot::Commands
         Search.execute(
           search_string.to_s + " status:public",
           search_type: :full_page,
-          guardian: Guardian.new(),
+          guardian: Guardian.basic_user,
         )
 
       # let's be frugal with tokens, 50 results is too much and stuff gets cut off
@@ -140,10 +140,10 @@ module DiscourseAi::AiBot::Commands
       posts = posts[0..limit - 1]
 
       if should_try_semantic_search
-        semantic_search = DiscourseAi::Embeddings::SemanticSearch.new(Guardian.new())
+        semantic_search = DiscourseAi::Embeddings::SemanticSearch.new(Guardian.basic_user)
         topic_ids = Set.new(posts.map(&:topic_id))
 
-        search = Search.new(search_string, guardian: Guardian.new)
+        search = Search.new(search_string, guardian: Guardian.basic_user)
 
         results = nil
         begin
diff --git a/lib/ai_bot/commands/summarize_command.rb b/lib/ai_bot/commands/summarize_command.rb
index b8fcd13b..a3769ccd 100644
--- a/lib/ai_bot/commands/summarize_command.rb
+++ b/lib/ai_bot/commands/summarize_command.rb
@@ -51,7 +51,7 @@ module DiscourseAi::AiBot::Commands
       topic = nil
       if topic_id > 0
         topic = Topic.find_by(id: topic_id)
-        topic = nil if !topic || !Guardian.new.can_see?(topic)
+        topic = nil if !topic || !Guardian.basic_user.can_see?(topic)
       end
 
       @last_summary = nil
diff --git a/spec/lib/modules/embeddings/semantic_search_spec.rb b/spec/lib/modules/embeddings/semantic_search_spec.rb
index 47c88c4f..54017623 100644
--- a/spec/lib/modules/embeddings/semantic_search_spec.rb
+++ b/spec/lib/modules/embeddings/semantic_search_spec.rb
@@ -5,7 +5,7 @@ RSpec.describe DiscourseAi::Embeddings::SemanticSearch do
   fab!(:user) { Fabricate(:user) }
 
   let(:query) { "test_query" }
-  let(:subject) { described_class.new(Guardian.new(user)) }
+  let(:subject) { described_class.new(user.guardian) }
 
   describe "#search_for_topics" do
     let(:hypothetical_post) { "This is an hypothetical post generated from the keyword test_query" }
@@ -129,7 +129,7 @@ RSpec.describe DiscourseAi::Embeddings::SemanticSearch do
             posts =
               DiscourseAi::Completions::Llm.with_prepared_responses(
                 ["<ai>#{hypothetical_post}</ai>"],
-              ) { described_class.new(Guardian.new(nil)).search_for_topics(query) }
+              ) { described_class.new(Guardian.basic_user).search_for_topics(query) }
 
             expect(posts).to be_empty
           end
diff --git a/spec/lib/modules/toxicity/entry_point_spec.rb b/spec/lib/modules/toxicity/entry_point_spec.rb
index 8e66d56a..9ac46a43 100644
--- a/spec/lib/modules/toxicity/entry_point_spec.rb
+++ b/spec/lib/modules/toxicity/entry_point_spec.rb
@@ -58,7 +58,7 @@ describe DiscourseAi::Toxicity::EntryPoint do
       fab!(:chat_message) { Fabricate(:chat_message) }
       let(:updater) do
         Chat::UpdateMessage.call(
-          guardian: Guardian.new(chat_message.user),
+          guardian: chat_message.user.guardian,
           message_id: chat_message.id,
           message: "This is my updated message",
         )
diff --git a/spec/models/reviewable_ai_post_spec.rb b/spec/models/reviewable_ai_post_spec.rb
index 5c786c7a..b4d3d675 100644
--- a/spec/models/reviewable_ai_post_spec.rb
+++ b/spec/models/reviewable_ai_post_spec.rb
@@ -6,7 +6,7 @@ describe ReviewableAiPost do
   fab!(:target) { Fabricate(:post) }
 
   describe "#build_actions" do
-    let(:guardian) { Guardian.new }
+    let(:guardian) { Guardian.basic_user }
 
     let(:reviewable) do
       subject.tap do |r|
diff --git a/spec/serializers/ai_chat_channel_serializer_spec.rb b/spec/serializers/ai_chat_channel_serializer_spec.rb
index 0ef48983..b49c1e5a 100644
--- a/spec/serializers/ai_chat_channel_serializer_spec.rb
+++ b/spec/serializers/ai_chat_channel_serializer_spec.rb
@@ -8,7 +8,7 @@ RSpec.describe AiChatChannelSerializer do
       fab!(:dm_channel) { Fabricate(:direct_message_channel) }
 
       it "display every participant" do
-        serialized = described_class.new(dm_channel, scope: Guardian.new(admin), root: nil)
+        serialized = described_class.new(dm_channel, scope: admin.guardian, root: nil)
 
         expect(serialized.title).to eq(dm_channel.title(nil))
       end
@@ -18,7 +18,7 @@ RSpec.describe AiChatChannelSerializer do
       fab!(:channel) { Fabricate(:chat_channel) }
 
       it "displays the category title" do
-        serialized = described_class.new(channel, scope: Guardian.new(admin), root: nil)
+        serialized = described_class.new(channel, scope: admin.guardian, root: nil)
 
         expect(serialized.title).to eq(channel.title)
       end