FIX: Do not allow anonymous users to be anonymized (#20776)
This commit is contained in:
parent
7070f81596
commit
f12e77d500
|
@ -3,6 +3,8 @@
|
|||
class UserAnonymizer
|
||||
attr_reader :user_history
|
||||
|
||||
EMAIL_SUFFIX = "@anonymized.invalid"
|
||||
|
||||
# opts:
|
||||
# anonymize_ip - an optional new IP to update their logs with
|
||||
def initialize(user, actor = nil, opts = nil)
|
||||
|
@ -38,7 +40,7 @@ class UserAnonymizer
|
|||
end
|
||||
|
||||
@user.save!
|
||||
@user.primary_email.update_attribute(:email, "#{@user.username}@anonymized.invalid")
|
||||
@user.primary_email.update_attribute(:email, "#{@user.username}#{EMAIL_SUFFIX}")
|
||||
|
||||
options = @user.user_option
|
||||
options.mailing_list_mode = false
|
||||
|
|
|
@ -74,7 +74,7 @@ module UserGuardian
|
|||
end
|
||||
|
||||
def can_anonymize_user?(user)
|
||||
is_staff? && !user.nil? && !user.staff?
|
||||
is_staff? && !user.nil? && !user.staff? && !user.email.ends_with?(UserAnonymizer::EMAIL_SUFFIX)
|
||||
end
|
||||
|
||||
def can_merge_user?(user)
|
||||
|
|
|
@ -2773,6 +2773,10 @@ RSpec.describe Guardian do
|
|||
expect(Guardian.new(user).can_anonymize_user?(user)).to be_falsey
|
||||
end
|
||||
|
||||
it "it false for an anonymized user" do
|
||||
expect(Guardian.new(user).can_anonymize_user?(anonymous_user)).to be_falsey
|
||||
end
|
||||
|
||||
it "is true for admin anonymizing a regular user" do
|
||||
expect(Guardian.new(admin).can_anonymize_user?(user)).to eq(true)
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue