Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: trashed channel thread view bug (#29192) 

When chat channels are deleted, some users may be able to click the thread before it gets removed from the UI. This leads to a 500 error causing log noise. We can use the safe navigational operator to prevent calling chatable when the channel is not found (due to deleted_at constraint in query).
This commit is contained in:
David Battersby 2024-10-14 17:45:50 +04:00 committed by GitHub
parent 9a922e5128
commit 492cf52bab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/chat/lib/chat/guardian_extensions.rb
View File

@ -98,7 +98,7 @@ module Chat
end end
def can_preview_chat_channel?(chat_channel) def can_preview_chat_channel?(chat_channel)
return false unless chat_channel.chatable return false if !chat_channel&.chatable
if chat_channel.direct_message_channel? if chat_channel.direct_message_channel?
chat_channel.chatable.user_can_access?(@user) chat_channel.chatable.user_can_access?(@user)

9
plugins/chat/spec/requests/chat/api/channel_threads_controller_spec.rb
View File

@ -59,6 +59,15 @@ RSpec.describe Chat::Api::ChannelThreadsController do
end end
end end
context "when channel was deleted" do
before { thread.channel.trash! }
it "returns 403" do
get "/chat/api/channels/#{thread.channel_id}/threads/#{thread.id}"
expect(response.status).to eq(403)
end
end
context "when user cannot access the channel" do context "when user cannot access the channel" do
before do before do
thread.channel.update!(chatable: Fabricate(:private_category, group: Fabricate(:group))) thread.channel.update!(chatable: Fabricate(:private_category, group: Fabricate(:group)))