FIX: Do not return channels for hashtags if user cannot chat (#19417)

Previously with this experimental feature a user would be
able to search for public channels for public categories
using the new #hashtag system even if they couldn't chat.
This commit fixes the hole.

plugins/chat/lib/chat_channel_hashtag_data_source.rb

@@ -18,6 +18,7 @@ class Chat::ChatChannelHashtagDataSource
 
   def self.lookup(guardian, slugs)
     if SiteSetting.enable_experimental_hashtag_autocomplete
+      return [] if !guardian.can_chat?(guardian.user)
       Chat::ChatChannelFetcher
         .secured_public_channel_slug_lookup(guardian, slugs)
         .map { |channel| channel_to_hashtag_item(guardian, channel) }
@@ -28,6 +29,7 @@ class Chat::ChatChannelHashtagDataSource
 
   def self.search(guardian, term, limit)
     if SiteSetting.enable_experimental_hashtag_autocomplete
+      return [] if !guardian.can_chat?(guardian.user)
       Chat::ChatChannelFetcher
         .secured_public_channel_search(
           guardian,
@@ -47,6 +49,7 @@ class Chat::ChatChannelHashtagDataSource
 
   def self.search_without_term(guardian, limit)
     if SiteSetting.enable_experimental_hashtag_autocomplete
+      return [] if !guardian.can_chat?(guardian.user)
       allowed_channel_ids_sql =
         Chat::ChatChannelFetcher.generate_allowed_channel_ids_sql(
           guardian,

plugins/chat/spec/lib/chat_channel_hashtag_data_source_spec.rb

@@ -26,7 +26,11 @@ RSpec.describe Chat::ChatChannelHashtagDataSource do
   end
   let!(:guardian) { Guardian.new(user) }
 
-  before { SiteSetting.enable_experimental_hashtag_autocomplete = true }
+  before do
+    SiteSetting.enable_experimental_hashtag_autocomplete = true
+    SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:trust_level_1]
+    Group.refresh_automatic_groups!
+  end
 
   describe "#lookup" do
     it "finds a channel by a slug" do
@@ -67,6 +71,12 @@ RSpec.describe Chat::ChatChannelHashtagDataSource do
       result = described_class.lookup(guardian, []).first
       expect(result).to eq(nil)
     end
+
+    it "returns nothing if the user cannot chat" do
+      SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:staff]
+      Group.refresh_automatic_groups!
+      expect(described_class.lookup(Guardian.new(user), ["random"])).to be_empty
+    end
   end
 
   describe "#search" do
@@ -123,6 +133,12 @@ RSpec.describe Chat::ChatChannelHashtagDataSource do
         },
       )
     end
+
+    it "returns nothing if the user cannot chat" do
+      SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:staff]
+      Group.refresh_automatic_groups!
+      expect(described_class.search(Guardian.new(user), "rand", 10)).to be_empty
+    end
   end
 
   describe "#search_without_term" do
@@ -160,5 +176,11 @@ RSpec.describe Chat::ChatChannelHashtagDataSource do
       membership3.update!(following: false)
       expect(described_class.search_without_term(guardian, 5).map(&:slug)).to eq(%w[chat random])
     end
+
+    it "returns nothing if the user cannot chat" do
+      SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:staff]
+      Group.refresh_automatic_groups!
+      expect(described_class.search_without_term(Guardian.new(user), 10)).to be_empty
+    end
   end
 end