FIX: do not allow invite notifications from muted user/topic

This commit is contained in:
Arpit Jalan 2018-03-01 00:45:01 +05:30
parent d39d2b9352
commit 2e202495a3
2 changed files with 44 additions and 0 deletions

View File

@ -791,6 +791,8 @@ SQL
raise UserExists.new(I18n.t("topic_invite.user_exists"))
end
return true if target_user && invite_existing_muted?(target_user, invited_by)
if target_user && private_message? && topic_allowed_users.create!(user_id: target_user.id)
add_small_action(invited_by, "invited_user", target_user.username)
@ -835,6 +837,26 @@ SQL
Invite.invite_by_email(email, invited_by, self, group_ids, custom_message)
end
def invite_existing_muted?(target_user, invited_by)
if invited_by.id &&
MutedUser.where(user_id: target_user.id, muted_user_id: invited_by.id)
.joins(:muted_user)
.where('NOT admin AND NOT moderator')
.exists?
return true
end
if TopicUser.where(
topic: self,
user: target_user,
notification_level: TopicUser.notification_levels[:muted]
).exists?
return true
end
false
end
def email_already_exists_for?(invite)
invite.email_already_exists && private_message?
end

View File

@ -533,6 +533,17 @@ describe Topic do
expect(topic.reload.allowed_users).to_not include(another_user)
expect(Post.last.action_code).to eq("removed_user")
end
context "from a muted user" do
before { MutedUser.create!(user: another_user, muted_user: user) }
it 'silently fails' do
expect(topic.invite(user, another_user.username)).to eq(true)
expect(topic.allowed_users).to_not include(another_user)
expect(Post.last).to be_blank
expect(Notification.last).to be_blank
end
end
end
describe 'by email' do
@ -599,6 +610,17 @@ describe Topic do
expect_the_right_notification_to_be_created
end
context "for a muted topic" do
before { TopicUser.change(another_user.id, topic.id, notification_level: TopicUser.notification_levels[:muted]) }
it 'silently fails' do
expect(topic.invite(user, another_user.username)).to eq(true)
expect(topic.allowed_users).to_not include(another_user)
expect(Post.last).to be_blank
expect(Notification.last).to be_blank
end
end
describe 'when user can invite via email' do
before { user.update!(trust_level: TrustLevel[2]) }