FIX: Anon users could not edit their own posts (#26283)

Followup 3094f32ff5,
this fixes an issue with the logic in this commit where
we were returning false if any of the conditionals here
were false, regardless of the type of `obj`, where we should
have only done this if `obj` was a `PostAction`, which lead
us to return false in cases where we were checking if the
user could edit their own post as anon.

lib/guardian.rb

@@ -640,16 +640,6 @@ class Guardian
   private
 
   def is_my_own?(obj)
-    # NOTE: This looks strange...but we are checking if someone is posting anonymously
-    # as a AnonymousUser model, _not_ as Guardian::AnonymousUser which is a different thing
-    # used when !authenticated?
-    if authenticated? && is_anonymous?
-      return(
-        SiteSetting.allow_anonymous_likes? && obj.class == PostAction && obj.is_like? &&
-          obj.user_id == @user.id
-      )
-    end
-
     return false if anonymous?
     return obj.user_id == @user.id if obj.respond_to?(:user_id) && obj.user_id && @user.id
     return obj.user == @user if obj.respond_to?(:user)

lib/guardian/post_guardian.rb

@@ -261,8 +261,21 @@ module PostGuardian
   def can_delete_post_action?(post_action)
     return false unless is_my_own?(post_action) && !post_action.is_private_message?
 
-    post_action.created_at > SiteSetting.post_undo_action_window_mins.minutes.ago &&
-      !post_action.post&.topic&.archived?
+    ok_to_delete =
+      post_action.created_at > SiteSetting.post_undo_action_window_mins.minutes.ago &&
+        !post_action.post&.topic&.archived?
+
+    # NOTE: This looks strange...but we are checking if someone is posting anonymously
+    # as a AnonymousUser model, _not_ as Guardian::AnonymousUser which is a different thing
+    # used when !authenticated?
+    if authenticated? && is_anonymous?
+      return(
+        ok_to_delete && SiteSetting.allow_anonymous_likes? && post_action.is_like? &&
+          is_my_own?(post_action)
+      )
+    end
+
+    ok_to_delete
   end
 
   def can_receive_post_notifications?(post)

spec/lib/guardian/post_guardian_spec.rb

@@ -2,7 +2,7 @@
 
 RSpec.describe PostGuardian do
   fab!(:groupless_user) { Fabricate(:user) }
-  fab!(:user)
+  fab!(:user) { Fabricate(:user, refresh_auto_groups: true) }
   fab!(:anon) { Fabricate(:anonymous) }
   fab!(:admin)
   fab!(:moderator)
@@ -11,6 +11,7 @@ RSpec.describe PostGuardian do
   fab!(:category)
   fab!(:topic) { Fabricate(:topic, category: category) }
   fab!(:hidden_post) { Fabricate(:post, topic: topic, hidden: true) }
+  fab!(:post) { Fabricate(:post, topic: topic) }
 
   describe "#can_see_hidden_post?" do
     context "when the hidden_post_visible_groups contains everyone" do
@@ -76,4 +77,25 @@ RSpec.describe PostGuardian do
       expect(Guardian.new(user).is_in_edit_post_groups?).to eq(false)
     end
   end
+
+  describe "#can_edit_post?" do
+    it "returns true for the author" do
+      post.update!(user: user)
+      expect(Guardian.new(user).can_edit_post?(post)).to eq(true)
+    end
+
+    it "returns false for users who are not the author" do
+      expect(Guardian.new(user).can_edit_post?(post)).to eq(false)
+    end
+
+    it "returns true for admins who are not the author" do
+      expect(Guardian.new(admin).can_edit_post?(post)).to eq(true)
+    end
+
+    it "returns true for the author if they are anonymous" do
+      SiteSetting.allow_anonymous_posting = true
+      post.update!(user: anon)
+      expect(Guardian.new(anon).can_edit_post?(post)).to eq(true)
+    end
+  end
 end

spec/lib/guardian_spec.rb

@@ -2505,10 +2505,7 @@ RSpec.describe Guardian do
   end
 
   describe "#can_delete_post_action?" do
-    before do
-      SiteSetting.allow_anonymous_posting = true
-      Guardian.any_instance.stubs(:anonymous?).returns(true)
-    end
+    before { SiteSetting.allow_anonymous_posting = true }
 
     context "with allow_anonymous_likes enabled" do
       before { SiteSetting.allow_anonymous_likes = true }