FIX: Use Guardian.basic_user instead of new (anon) (#24705)

c.f. de983796e1

There will soon be additional login_required checks
for Guardian, and the intent of many checks by automated
systems is better fulfilled by using BasicUser, which
simulates a logged in TL0 forum user, rather than an
anon user.

In some cases the use of anon still makes sense (e.g.
anonymous_cache), and in that case the more explicit
`Guardian.anon_user` is used

app/controllers/about_controller.rb

@@ -22,7 +22,7 @@ class AboutController < ApplicationController
     end
     category_topic_ids = Category.select(:topic_id).where.not(topic_id: nil)
     public_topics =
-      Topic.listable_topics.visible.secured(Guardian.new(nil)).where.not(id: category_topic_ids)
+      Topic.listable_topics.visible.secured(Guardian.anon_user).where.not(id: category_topic_ids)
     stats = { public_topic_count: public_topics.count }
     stats[:public_post_count] = public_topics.sum(:posts_count) - stats[:public_topic_count]
     render json: stats

app/controllers/email_controller.rb

@@ -47,6 +47,6 @@ class EmailController < ApplicationController
     user = User.find_by_email(@email)
     raise Discourse::NotFound unless user
     topic = Topic.find_by(id: params[:topic_id].to_i) if @topic_id
-    @topic = topic if topic && Guardian.new(nil).can_see?(topic)
+    @topic = topic if topic && Guardian.anon_user.can_see?(topic)
   end
 end

lib/cooked_post_processor.rb

@@ -59,7 +59,7 @@ class CookedPostProcessor
   end
 
   def grant_badges
-    return if @post.user.blank? || !Guardian.new.can_see?(@post)
+    return if @post.user.blank? || !Guardian.basic_user.can_see?(@post)
 
     BadgeGranter.grant(Badge.find(Badge::FirstEmoji), @post.user, post_id: @post.id) if has_emoji?
     if @has_oneboxes

lib/middleware/anonymous_cache.rb

@@ -169,7 +169,7 @@ module Middleware
       def theme_ids
         ids, _ = @request.cookies["theme_ids"]&.split("|")
         id = ids&.split(",")&.map(&:to_i)&.first
-        if id && Guardian.new.allow_themes?([id])
+        if id && Guardian.anon_user.allow_themes?([id])
           Theme.transform_ids(id)
         else
           []

lib/oneboxer.rb

@@ -483,7 +483,7 @@ module Oneboxer
     return unless route[:category_slug_path_with_id]
     category = Category.find_by_slug_path_with_id(route[:category_slug_path_with_id])
 
-    if Guardian.new.can_see_category?(category)
+    if Guardian.basic_user.can_see_category?(category)
       args = {
         url: category.url,
         name: category.name,

lib/pretty_text/helpers.rb

@@ -89,7 +89,7 @@ module PrettyText
       return unless topic_id.is_a?(Integer)
       # TODO this only handles public topics, secured one do not get this
       topic = Topic.find_by(id: topic_id)
-      if topic && Guardian.new.can_see?(topic)
+      if topic && Guardian.basic_user.can_see?(topic)
         { title: Rack::Utils.escape_html(topic.title), href: topic.url }
       elsif topic
         { title: I18n.t("on_another_topic"), href: Discourse.base_url + topic.slugless_url }

plugins/chat/app/services/chat/publisher.rb

@@ -52,7 +52,7 @@ module Chat
             message:
               Chat::MessageSerializer.new(
                 chat_message,
-                { scope: anonymous_guardian, root: false },
+                { scope: Guardian.anon_user, root: false },
               ).as_json,
           },
           permissions(chat_channel),
@@ -69,7 +69,7 @@ module Chat
             message:
               Chat::MessageSerializer.new(
                 chat_message,
-                { scope: anonymous_guardian, root: false },
+                { scope: Guardian.anon_user, root: false },
               ).as_json,
           },
           permissions(chat_channel),
@@ -258,7 +258,7 @@ module Chat
 
     def self.serialize_message_with_type(chat_message, type, options = {})
       Chat::MessageSerializer
-        .new(chat_message, { scope: anonymous_guardian, root: :chat_message })
+        .new(chat_message, { scope: Guardian.anon_user, root: :chat_message })
         .as_json
         .merge(type: type)
         .merge(options)
@@ -470,9 +470,5 @@ module Chat
         group_ids: channel.allowed_group_ids.presence,
       }.compact
     end
-
-    def self.anonymous_guardian
-      Guardian.new(nil)
-    end
   end
 end

plugins/chat/lib/chat/onebox_handler.rb

@@ -19,7 +19,7 @@ module Chat
         thread = Chat::Thread.find_by(id: route[:thread_id]) if route[:thread_id]
       end
 
-      return if !Guardian.new.can_preview_chat_channel?(chat_channel)
+      return if !Guardian.basic_user.can_preview_chat_channel?(chat_channel)
 
       args = build_args(url, chat_channel)
 

plugins/chat/plugin.rb

@@ -105,7 +105,7 @@ after_initialize do
           end
       end
 
-      next if !Guardian.new.can_preview_chat_channel?(chat_channel)
+      next if !Guardian.basic_user.can_preview_chat_channel?(chat_channel)
 
       { url: url, title: title }
     end

plugins/poll/lib/polls_updater.rb

@@ -114,7 +114,7 @@ module DiscoursePoll
               polls,
               each_serializer: PollSerializer,
               root: false,
-              scope: Guardian.new(nil),
+              scope: Guardian.basic_user,
             ).as_json
           post.publish_message!("/polls/#{post.topic_id}", post_id: post.id, polls: polls)
         end

spec/lib/search_spec.rb

@@ -1988,7 +1988,7 @@ RSpec.describe Search do
 
       expect(
         Search
-          .execute("test created:@#{another_user.username}", guardian: Guardian.new())
+          .execute("test created:@#{another_user.username}", guardian: Guardian.basic_user)
           .posts
           .length,
       ).to eq(1)