From 4f7140fb3228ac8177500fd253ce549dbd9dea32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Tue, 22 Sep 2015 00:50:52 +0200 Subject: [PATCH] FIX: properly filter whispers in user stream --- app/models/post.rb | 15 ++++++++------- app/models/topic.rb | 2 +- app/models/user_action.rb | 4 +++- lib/guardian/post_guardian.rb | 2 +- lib/topic_view.rb | 2 +- spec/fabricators/post_fabricator.rb | 1 + spec/models/topic_spec.rb | 9 +++------ 7 files changed, 18 insertions(+), 17 deletions(-) diff --git a/app/models/post.rb b/app/models/post.rb index fc2e7e2179b..c486e327d9d 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -96,17 +96,18 @@ class Post < ActiveRecord::Base end def publish_change_to_clients!(type) - - channel = "/topic/#{topic_id}" - msg = { id: id, - post_number: post_number, - updated_at: Time.now, - type: type } - # special failsafe for posts missing topics consistency checks should fix, but message # is safe to skip return unless topic + channel = "/topic/#{topic_id}" + msg = { + id: id, + post_number: post_number, + updated_at: Time.now, + type: type + } + # Whispers should not be published to everyone if post_type == Post.types[:whisper] user_ids = User.where('admin or moderator or id = ?', user_id).pluck(:id) diff --git a/app/models/topic.rb b/app/models/topic.rb index af47aba1502..0cf7dad3001 100644 --- a/app/models/topic.rb +++ b/app/models/topic.rb @@ -218,7 +218,7 @@ class Topic < ActiveRecord::Base end end - def visible_post_types(viewed_by=nil) + def self.visible_post_types(viewed_by=nil) types = Post.types result = [types[:regular], types[:moderator_action], types[:small_action]] result << types[:whisper] if viewed_by.try(:staff?) diff --git a/app/models/user_action.rb b/app/models/user_action.rb index 090a17754da..fa87a744b48 100644 --- a/app/models/user_action.rb +++ b/app/models/user_action.rb @@ -305,7 +305,6 @@ SQL end def self.apply_common_filters(builder,user_id,guardian,ignore_private_messages=false) - # We never return deleted topics in activity builder.where("t.deleted_at is null") @@ -318,6 +317,9 @@ SQL builder.where("NOT COALESCE(p.hidden, false) OR p.user_id = :current_user_id", current_user_id: current_user_id ) end + visible_post_types = Topic.visible_post_types(guardian.user) + builder.where("COALESCE(p.post_type, p2.post_type) IN (:visible_post_types)", visible_post_types: visible_post_types) + unless (guardian.user && guardian.user.id == user_id) || guardian.is_staff? builder.where("a.action_type not in (#{BOOKMARK})") builder.where("t.visible") diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb index 5b03eff43a3..d668803ab56 100644 --- a/lib/guardian/post_guardian.rb +++ b/lib/guardian/post_guardian.rb @@ -147,7 +147,7 @@ module PostGuardian return false if post.blank? return true if is_admin? return false unless can_see_topic?(post.topic) - return false unless post.user == @user || post.topic.visible_post_types(@user).include?(post.post_type) + return false unless post.user == @user || Topic.visible_post_types(@user).include?(post.post_type) return false if !is_moderator? && post.deleted_at.present? true diff --git a/lib/topic_view.rb b/lib/topic_view.rb index 23a458991b1..24a49d24cf3 100644 --- a/lib/topic_view.rb +++ b/lib/topic_view.rb @@ -331,7 +331,7 @@ class TopicView private def filter_post_types(posts) - visible_types = @topic.visible_post_types(@user) + visible_types = Topic.visible_post_types(@user) if @user.present? posts.where("user_id = ? OR post_type IN (?)", @user.id, visible_types) diff --git a/spec/fabricators/post_fabricator.rb b/spec/fabricators/post_fabricator.rb index 7628ee4ae3b..317238a611e 100644 --- a/spec/fabricators/post_fabricator.rb +++ b/spec/fabricators/post_fabricator.rb @@ -2,6 +2,7 @@ Fabricator(:post) do user topic {|attrs| Fabricate(:topic, user: attrs[:user] ) } raw "Hello world" + post_type Post.types[:regular] end Fabricator(:post_with_long_raw_content, from: :post) do diff --git a/spec/models/topic_spec.rb b/spec/models/topic_spec.rb index b65ec208c67..ccaed7b06e4 100644 --- a/spec/models/topic_spec.rb +++ b/spec/models/topic_spec.rb @@ -15,8 +15,7 @@ describe Topic do let(:types) { Post.types } it "returns the appropriate types for anonymous users" do - topic = Fabricate.build(:topic) - post_types = topic.visible_post_types + post_types = Topic.visible_post_types expect(post_types).to include(types[:regular]) expect(post_types).to include(types[:moderator_action]) @@ -25,8 +24,7 @@ describe Topic do end it "returns the appropriate types for regular users" do - topic = Fabricate.build(:topic) - post_types = topic.visible_post_types(Fabricate.build(:user)) + post_types = Topic.visible_post_types(Fabricate.build(:user)) expect(post_types).to include(types[:regular]) expect(post_types).to include(types[:moderator_action]) @@ -35,8 +33,7 @@ describe Topic do end it "returns the appropriate types for staff users" do - topic = Fabricate.build(:topic) - post_types = topic.visible_post_types(Fabricate.build(:moderator)) + post_types = Topic.visible_post_types(Fabricate.build(:moderator)) expect(post_types).to include(types[:regular]) expect(post_types).to include(types[:moderator_action])