FIX: Topic view breaks with topic timer to publish to restricted category. (#16385)

When a user views a topic that contains a topic timer to publish to a restricted category, an error occurs on the client side because the user does not have access to information about the category. This commit fixes it such that the topic timer is not shown to the user if the user does not have access to the category.
2022-05-05 11:21:01 +08:00 · 2022-05-05 11:21:01 +08:00 · 0328757ffb
parent 36dcf80aff
commit 0328757ffb
3 changed files with 62 additions and 4 deletions
--- a/app/models/topic_timer.rb
+++ b/app/models/topic_timer.rb
@ -112,6 +112,10 @@ class TopicTimer < ActiveRecord::Base
    true
  end

+  def publishing_to_category?
+    self.status_type.to_i == TopicTimer.types[:publish_to_category]
+  end
+
  private

  def duration_in_range?
@ -138,10 +142,6 @@ class TopicTimer < ActiveRecord::Base
    ))
  end

-  def publishing_to_category?
-    self.status_type.to_i == TopicTimer.types[:publish_to_category]
-  end
-
  def schedule_auto_delete_replies_job
    Jobs.enqueue(TopicTimer.type_job_map[:delete_replies], topic_timer_id: id)
  end
--- a/app/serializers/topic_view_serializer.rb
+++ b/app/serializers/topic_view_serializer.rb
@ -203,6 +203,14 @@ class TopicViewSerializer < ApplicationSerializer
  end

  def topic_timer
+    topic_timer = object.topic.public_topic_timer
+
+    return nil if topic_timer.blank?
+
+    if topic_timer.publishing_to_category?
+      return nil if !scope.can_see_category?(Category.find_by(id: topic_timer.category_id))
+    end
+
    TopicTimerSerializer.new(object.topic.public_topic_timer, root: false)
  end

--- a/spec/serializers/topic_view_serializer_spec.rb
+++ b/spec/serializers/topic_view_serializer_spec.rb
@ -544,4 +544,54 @@ describe TopicViewSerializer do
      expect(json[:requested_group_name]).to eq(nil)
    end
  end
+
+  describe '#topic_timer' do
+    it 'does not include the attribute when topic does not have a topic timer' do
+      json = serialize_topic(topic, user)
+
+      expect(json[:topic_timer]).to eq(nil)
+    end
+
+    it 'includes the attribute when topic has a public topic timer' do
+      topic_timer = Fabricate(:topic_timer, topic: topic, execute_at: Time.utc(2022, 4, 6, 16, 23, 56))
+      json = serialize_topic(topic, user)
+
+      expect(json[:topic_timer][:id]).to eq(topic_timer.id)
+      expect(json[:topic_timer][:based_on_last_post]).to eq(false)
+      expect(json[:topic_timer][:category_id]).to eq(nil)
+      expect(json[:topic_timer][:duration_minutes]).to eq(nil)
+      expect(json[:topic_timer][:execute_at]).to eq('2022-04-06T16:23:56.000Z')
+      expect(json[:topic_timer][:status_type]).to eq("close")
+    end
+
+    it 'does not include the attribute for category topic timer where category is restricted to user' do
+      category = Fabricate(:category, read_restricted: true)
+
+      Fabricate(:topic_timer,
+        topic: topic,
+        category_id: category.id,
+        status_type:
+        TopicTimer.types[:publish_to_category]
+      )
+
+      json = serialize_topic(topic, user)
+
+      expect(json[:topic_timer]).to eq(nil)
+    end
+
+    it 'includes the attribute  for category topic timer where category is not restricted to user' do
+      category = Fabricate(:category, read_restricted: false)
+
+      topic_timer = Fabricate(:topic_timer,
+        topic: topic,
+        category_id: category.id,
+        status_type:
+        TopicTimer.types[:publish_to_category]
+      )
+
+      json = serialize_topic(topic, user)
+
+      expect(json[:topic_timer][:id]).to eq(topic_timer.id)
+    end
+  end
 end