From b7e027cfd1590365ac9c85141ff2b02c25e900fb Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Tue, 19 Feb 2013 12:59:46 -0500 Subject: [PATCH] Notifications on PMs respect access rights. --- app/models/post_alert_observer.rb | 3 +++ spec/models/post_alert_observer_spec.rb | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/models/post_alert_observer.rb b/app/models/post_alert_observer.rb index af5c8288c3e..9922fba4039 100644 --- a/app/models/post_alert_observer.rb +++ b/app/models/post_alert_observer.rb @@ -77,6 +77,9 @@ class PostAlertObserver < ActiveRecord::Observer def create_notification(user, type, post, opts={}) return if user.blank? + # Make sure the user can see the post + return unless Guardian.new(user).can_see?(post) + # skip if muted on the topic return if TopicUser.get(post.topic, user).try(:notification_level) == TopicUser::NotificationLevel::MUTED diff --git a/spec/models/post_alert_observer_spec.rb b/spec/models/post_alert_observer_spec.rb index 0daed2202c3..5a8c1fa1935 100644 --- a/spec/models/post_alert_observer_spec.rb +++ b/spec/models/post_alert_observer_spec.rb @@ -35,7 +35,6 @@ describe PostAlertObserver do end end - context 'quotes' do it 'notifies a user by username' do @@ -79,6 +78,7 @@ describe PostAlertObserver do end + it "doesn't notify the user who created the topic in regular mode" do topic.notify_regular!(user) mention_post @@ -93,6 +93,21 @@ describe PostAlertObserver do post.destroy }.should change(evil_trout.notifications, :count).by(-1) end + end + + + context 'private message' do + let(:user) { Fabricate(:user) } + let(:mention_post) { Fabricate(:post, user: user, raw: 'Hello @eviltrout')} + let(:topic) { mention_post.topic } + let(:post) + + it "won't notify someone who can't see the post" do + lambda { + Guardian.any_instance.expects(:can_see?).with(instance_of(Post)).returns(false) + mention_post + }.should_not change(evil_trout.notifications, :count) + end end