From 8a2995f7196e5383e901c7c4d35a9a41b32029ef Mon Sep 17 00:00:00 2001 From: David Battersby Date: Wed, 1 Mar 2023 12:23:29 +0800 Subject: [PATCH] FIX: only show approved users in search_user results when site setting enabled (#20493) Returns only approved users when using @ in composer (if must_approve_users site setting enabled). --- app/models/user_search.rb | 1 + spec/models/user_search_spec.rb | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/app/models/user_search.rb b/app/models/user_search.rb index 118e6d9bd1c..5f848666721 100644 --- a/app/models/user_search.rb +++ b/app/models/user_search.rb @@ -26,6 +26,7 @@ class UserSearch def scoped_users users = User.where(active: true) + users = users.where(approved: true) if SiteSetting.must_approve_users? users = users.where(staged: false) unless @include_staged_users users = users.not_suspended unless @searching_user&.staff? diff --git a/spec/models/user_search_spec.rb b/spec/models/user_search_spec.rb index 175a5ee02dc..bd5f7f05eab 100644 --- a/spec/models/user_search_spec.rb +++ b/spec/models/user_search_spec.rb @@ -226,6 +226,18 @@ RSpec.describe UserSearch do expect(results).to be_blank end + it "does not show unapproved users when must_approve_users enabled" do + SiteSetting.must_approve_users = true + unapproved = Fabricate(:user, username: "mrunapproved", active: true, approved: false) + approved = Fabricate(:user, username: "mrapproved", active: true, approved: true) + + users = search_for(unapproved.username) + expect(users).to be_blank + + users = search_for(approved.username) + expect(users).not_to be_blank + end + it "prioritises exact matches" do results = search_for("mrB") expect(results).to eq [mr_b, mr_brown, mr_blue].map(&:username)