From 75beb5a84f2848be031e484f7374a6f8a1e9ce93 Mon Sep 17 00:00:00 2001
From: Gabriel Grubba <70247653+Grubba27@users.noreply.github.com>
Date: Wed, 6 Nov 2024 09:28:28 -0300
Subject: [PATCH] FIX: Change create_post_for_category_and_tag_changes setting
 to use whispers instead of small actions (#29602)

It currently can leak private tags/categories, to address this we are moving to whispers.
---
 lib/post_revisor.rb           | 12 ++++++++----
 spec/lib/post_revisor_spec.rb | 15 ++++++++++++++-
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/lib/post_revisor.rb b/lib/post_revisor.rb
index 5f0a70b5fca..706588d5347 100644
--- a/lib/post_revisor.rb
+++ b/lib/post_revisor.rb
@@ -154,7 +154,8 @@ class PostRevisor
   end
 
   def self.create_small_action_for_category_change(topic:, user:, old_category:, new_category:)
-    if !old_category || !new_category || !SiteSetting.create_post_for_category_and_tag_changes
+    if !old_category || !new_category || !SiteSetting.create_post_for_category_and_tag_changes ||
+         SiteSetting.whispers_allowed_groups.blank?
       return
     end
 
@@ -165,18 +166,21 @@ class PostRevisor
         from: "##{old_category.slug_ref}",
         to: "##{new_category.slug_ref}",
       ),
-      post_type: Post.types[:small_action],
+      post_type: Post.types[:whisper],
       action_code: "category_changed",
     )
   end
 
   def self.create_small_action_for_tag_changes(topic:, user:, added_tags:, removed_tags:)
-    return if !SiteSetting.create_post_for_category_and_tag_changes
+    if !SiteSetting.create_post_for_category_and_tag_changes ||
+         SiteSetting.whispers_allowed_groups.blank?
+      return
+    end
 
     topic.add_moderator_post(
       user,
       tags_changed_raw(added: added_tags, removed: removed_tags),
-      post_type: Post.types[:small_action],
+      post_type: Post.types[:whisper],
       action_code: "tags_changed",
       custom_fields: {
         tags_added: added_tags,
diff --git a/spec/lib/post_revisor_spec.rb b/spec/lib/post_revisor_spec.rb
index 69f417ea37b..95314cbeed2 100644
--- a/spec/lib/post_revisor_spec.rb
+++ b/spec/lib/post_revisor_spec.rb
@@ -233,7 +233,10 @@ RSpec.describe PostRevisor do
       fab!(:tag1) { Fabricate(:tag, name: "First tag") }
       fab!(:tag2) { Fabricate(:tag, name: "Second tag") }
 
-      before { SiteSetting.create_post_for_category_and_tag_changes = true }
+      before do
+        SiteSetting.create_post_for_category_and_tag_changes = true
+        SiteSetting.whispers_allowed_groups = Group::AUTO_GROUPS[:staff]
+      end
 
       it "Creates a small_action post with correct translation when both adding and removing tags" do
         post.topic.update!(tags: [tag1])
@@ -292,6 +295,16 @@ RSpec.describe PostRevisor do
         )
       end
 
+      it "Creates a small_action as a whisper when category is changed" do
+        category = Fabricate(:category)
+
+        expect { post_revisor.revise!(admin, category_id: category.id) }.to change {
+          Post.where(topic_id: post.topic_id, action_code: "category_changed").count
+        }.by(1)
+
+        expect(post.topic.ordered_posts.last.post_type).to eq(Post.types[:whisper])
+      end
+
       describe "with PMs" do
         fab!(:pm) { Fabricate(:private_message_topic) }
         let(:first_post) { create_post(user: admin, topic: pm, allow_uncategorized_topics: false) }