FIX: Change create_post_for_category_and_tag_changes setting to use whispers instead of small actions (#29602)

It currently can leak private tags/categories, to address this we are moving to whispers.
2024-11-06 09:28:28 -03:00 · 2024-11-06 09:28:28 -03:00 · 75beb5a84f
parent 5177aef37d
commit 75beb5a84f
2 changed files with 22 additions and 5 deletions
--- a/lib/post_revisor.rb
+++ b/lib/post_revisor.rb
@ -154,7 +154,8 @@ class PostRevisor
  end

  def self.create_small_action_for_category_change(topic:, user:, old_category:, new_category:)
-    if !old_category || !new_category || !SiteSetting.create_post_for_category_and_tag_changes
+    if !old_category || !new_category || !SiteSetting.create_post_for_category_and_tag_changes ||
+         SiteSetting.whispers_allowed_groups.blank?
      return
    end

@ -165,18 +166,21 @@ class PostRevisor
        from: "##{old_category.slug_ref}",
        to: "##{new_category.slug_ref}",
      ),
-      post_type: Post.types[:small_action],
+      post_type: Post.types[:whisper],
      action_code: "category_changed",
    )
  end

  def self.create_small_action_for_tag_changes(topic:, user:, added_tags:, removed_tags:)
-    return if !SiteSetting.create_post_for_category_and_tag_changes
+    if !SiteSetting.create_post_for_category_and_tag_changes ||
+         SiteSetting.whispers_allowed_groups.blank?
+      return
+    end

    topic.add_moderator_post(
      user,
      tags_changed_raw(added: added_tags, removed: removed_tags),
-      post_type: Post.types[:small_action],
+      post_type: Post.types[:whisper],
      action_code: "tags_changed",
      custom_fields: {
        tags_added: added_tags,
--- a/spec/lib/post_revisor_spec.rb
+++ b/spec/lib/post_revisor_spec.rb
@ -233,7 +233,10 @@ RSpec.describe PostRevisor do
      fab!(:tag1) { Fabricate(:tag, name: "First tag") }
      fab!(:tag2) { Fabricate(:tag, name: "Second tag") }

-      before { SiteSetting.create_post_for_category_and_tag_changes = true }
+      before do
+        SiteSetting.create_post_for_category_and_tag_changes = true
+        SiteSetting.whispers_allowed_groups = Group::AUTO_GROUPS[:staff]
+      end

      it "Creates a small_action post with correct translation when both adding and removing tags" do
        post.topic.update!(tags: [tag1])
@ -292,6 +295,16 @@ RSpec.describe PostRevisor do
        )
      end

+      it "Creates a small_action as a whisper when category is changed" do
+        category = Fabricate(:category)
+
+        expect { post_revisor.revise!(admin, category_id: category.id) }.to change {
+          Post.where(topic_id: post.topic_id, action_code: "category_changed").count
+        }.by(1)
+
+        expect(post.topic.ordered_posts.last.post_type).to eq(Post.types[:whisper])
+      end
+
      describe "with PMs" do
        fab!(:pm) { Fabricate(:private_message_topic) }
        let(:first_post) { create_post(user: admin, topic: pm, allow_uncategorized_topics: false) }