From 2e202495a3a8065815a34d5d04582d865233247f Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Thu, 1 Mar 2018 00:45:01 +0530
Subject: [PATCH] FIX: do not allow invite notifications from muted user/topic

---
 app/models/topic.rb       | 22 ++++++++++++++++++++++
 spec/models/topic_spec.rb | 22 ++++++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/app/models/topic.rb b/app/models/topic.rb
index 22bfcda8dec..6e9aef04456 100644
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@@ -791,6 +791,8 @@ SQL
       raise UserExists.new(I18n.t("topic_invite.user_exists"))
     end
 
+    return true if target_user && invite_existing_muted?(target_user, invited_by)
+
     if target_user && private_message? && topic_allowed_users.create!(user_id: target_user.id)
       add_small_action(invited_by, "invited_user", target_user.username)
 
@@ -835,6 +837,26 @@ SQL
     Invite.invite_by_email(email, invited_by, self, group_ids, custom_message)
   end
 
+  def invite_existing_muted?(target_user, invited_by)
+    if invited_by.id &&
+       MutedUser.where(user_id: target_user.id, muted_user_id: invited_by.id)
+           .joins(:muted_user)
+           .where('NOT admin AND NOT moderator')
+           .exists?
+      return true
+    end
+
+    if TopicUser.where(
+         topic: self,
+         user: target_user,
+         notification_level: TopicUser.notification_levels[:muted]
+        ).exists?
+      return true
+    end
+
+    false
+  end
+
   def email_already_exists_for?(invite)
     invite.email_already_exists && private_message?
   end
diff --git a/spec/models/topic_spec.rb b/spec/models/topic_spec.rb
index f6138cf04ff..2952a9d9210 100644
--- a/spec/models/topic_spec.rb
+++ b/spec/models/topic_spec.rb
@@ -533,6 +533,17 @@ describe Topic do
           expect(topic.reload.allowed_users).to_not include(another_user)
           expect(Post.last.action_code).to eq("removed_user")
         end
+
+        context "from a muted user" do
+          before { MutedUser.create!(user: another_user, muted_user: user) }
+
+          it 'silently fails' do
+            expect(topic.invite(user, another_user.username)).to eq(true)
+            expect(topic.allowed_users).to_not include(another_user)
+            expect(Post.last).to be_blank
+            expect(Notification.last).to be_blank
+          end
+        end
       end
 
       describe 'by email' do
@@ -599,6 +610,17 @@ describe Topic do
           expect_the_right_notification_to_be_created
         end
 
+        context "for a muted topic" do
+          before { TopicUser.change(another_user.id, topic.id, notification_level: TopicUser.notification_levels[:muted]) }
+
+          it 'silently fails' do
+            expect(topic.invite(user, another_user.username)).to eq(true)
+            expect(topic.allowed_users).to_not include(another_user)
+            expect(Post.last).to be_blank
+            expect(Notification.last).to be_blank
+          end
+        end
+
         describe 'when user can invite via email' do
           before { user.update!(trust_level: TrustLevel[2]) }