FIX: do not allow invite notifications from muted user/topic
This commit is contained in:
parent
d39d2b9352
commit
2e202495a3
|
@ -791,6 +791,8 @@ SQL
|
|||
raise UserExists.new(I18n.t("topic_invite.user_exists"))
|
||||
end
|
||||
|
||||
return true if target_user && invite_existing_muted?(target_user, invited_by)
|
||||
|
||||
if target_user && private_message? && topic_allowed_users.create!(user_id: target_user.id)
|
||||
add_small_action(invited_by, "invited_user", target_user.username)
|
||||
|
||||
|
@ -835,6 +837,26 @@ SQL
|
|||
Invite.invite_by_email(email, invited_by, self, group_ids, custom_message)
|
||||
end
|
||||
|
||||
def invite_existing_muted?(target_user, invited_by)
|
||||
if invited_by.id &&
|
||||
MutedUser.where(user_id: target_user.id, muted_user_id: invited_by.id)
|
||||
.joins(:muted_user)
|
||||
.where('NOT admin AND NOT moderator')
|
||||
.exists?
|
||||
return true
|
||||
end
|
||||
|
||||
if TopicUser.where(
|
||||
topic: self,
|
||||
user: target_user,
|
||||
notification_level: TopicUser.notification_levels[:muted]
|
||||
).exists?
|
||||
return true
|
||||
end
|
||||
|
||||
false
|
||||
end
|
||||
|
||||
def email_already_exists_for?(invite)
|
||||
invite.email_already_exists && private_message?
|
||||
end
|
||||
|
|
|
@ -533,6 +533,17 @@ describe Topic do
|
|||
expect(topic.reload.allowed_users).to_not include(another_user)
|
||||
expect(Post.last.action_code).to eq("removed_user")
|
||||
end
|
||||
|
||||
context "from a muted user" do
|
||||
before { MutedUser.create!(user: another_user, muted_user: user) }
|
||||
|
||||
it 'silently fails' do
|
||||
expect(topic.invite(user, another_user.username)).to eq(true)
|
||||
expect(topic.allowed_users).to_not include(another_user)
|
||||
expect(Post.last).to be_blank
|
||||
expect(Notification.last).to be_blank
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'by email' do
|
||||
|
@ -599,6 +610,17 @@ describe Topic do
|
|||
expect_the_right_notification_to_be_created
|
||||
end
|
||||
|
||||
context "for a muted topic" do
|
||||
before { TopicUser.change(another_user.id, topic.id, notification_level: TopicUser.notification_levels[:muted]) }
|
||||
|
||||
it 'silently fails' do
|
||||
expect(topic.invite(user, another_user.username)).to eq(true)
|
||||
expect(topic.allowed_users).to_not include(another_user)
|
||||
expect(Post.last).to be_blank
|
||||
expect(Notification.last).to be_blank
|
||||
end
|
||||
end
|
||||
|
||||
describe 'when user can invite via email' do
|
||||
before { user.update!(trust_level: TrustLevel[2]) }
|
||||
|
||||
|
|
Loading…
Reference in New Issue