Merge pull request #5635 from techAPJ/invite-muted

FIX: do not allow invite notifications from muted user/topic
2018-03-02 18:10:17 +04:00 · 2018-03-02 18:10:17 +04:00 · 334ed74346
parent 6b59a2827d 2e202495a3
commit 334ed74346
2 changed files with 44 additions and 0 deletions
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@ -791,6 +791,8 @@ SQL
      raise UserExists.new(I18n.t("topic_invite.user_exists"))
    end

+    return true if target_user && invite_existing_muted?(target_user, invited_by)
+
    if target_user && private_message? && topic_allowed_users.create!(user_id: target_user.id)
      add_small_action(invited_by, "invited_user", target_user.username)

@ -835,6 +837,26 @@ SQL
    Invite.invite_by_email(email, invited_by, self, group_ids, custom_message)
  end

+  def invite_existing_muted?(target_user, invited_by)
+    if invited_by.id &&
+       MutedUser.where(user_id: target_user.id, muted_user_id: invited_by.id)
+           .joins(:muted_user)
+           .where('NOT admin AND NOT moderator')
+           .exists?
+      return true
+    end
+
+    if TopicUser.where(
+         topic: self,
+         user: target_user,
+         notification_level: TopicUser.notification_levels[:muted]
+        ).exists?
+      return true
+    end
+
+    false
+  end
+
  def email_already_exists_for?(invite)
    invite.email_already_exists && private_message?
  end
--- a/spec/models/topic_spec.rb
+++ b/spec/models/topic_spec.rb
@ -533,6 +533,17 @@ describe Topic do
          expect(topic.reload.allowed_users).to_not include(another_user)
          expect(Post.last.action_code).to eq("removed_user")
        end
+
+        context "from a muted user" do
+          before { MutedUser.create!(user: another_user, muted_user: user) }
+
+          it 'silently fails' do
+            expect(topic.invite(user, another_user.username)).to eq(true)
+            expect(topic.allowed_users).to_not include(another_user)
+            expect(Post.last).to be_blank
+            expect(Notification.last).to be_blank
+          end
+        end
      end

      describe 'by email' do
@ -599,6 +610,17 @@ describe Topic do
          expect_the_right_notification_to_be_created
        end

+        context "for a muted topic" do
+          before { TopicUser.change(another_user.id, topic.id, notification_level: TopicUser.notification_levels[:muted]) }
+
+          it 'silently fails' do
+            expect(topic.invite(user, another_user.username)).to eq(true)
+            expect(topic.allowed_users).to_not include(another_user)
+            expect(Post.last).to be_blank
+            expect(Notification.last).to be_blank
+          end
+        end
+
        describe 'when user can invite via email' do
          before { user.update!(trust_level: TrustLevel[2]) }