discourse/app/controllers
Isaac Janzen 366ff0e76b
FIX: Don't display destroy reviewable button on client (#21226)
# Context

https://meta.discourse.org/t/missing-translate-in-review-page/262604

![image](https://user-images.githubusercontent.com/50783505/234089049-72332040-e7d5-4081-824a-b0b36e37187a.png)

An additional button was added as a result of dd495a0e19 which was intended to grant access to deleting reviewable from the API. 

We were being too flexible by only checking if the user was an admin

012aaf0ba3/lib/guardian.rb (L237)

where it should instead by scoped to check if the request was an API call.

# Fix

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R237

# Additions

Added a new guard of `is_api?`

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R657-R660

In `app/models/reviewable.rb` we check if the user has the permissions to the destroy action via the `Guardian`. To do this we were instantiating a new `Guardian` class which then caused us to lose the context of the request. The request is a necessary component in the guard of `is_api?` so we needed to pass the already defined Guardian from the `app/controllers/reviewables_controller.rb` to the `#perform` method to ensure the request is present.
2023-04-24 20:22:37 -05:00
..
admin SECURITY: Ensure site setting being updated is a configurable site setting (#21131) 2023-04-18 14:32:18 +08:00
users DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
about_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
application_controller.rb PERF: optimise serialization for topic tracking state (#20860) 2023-03-28 18:09:22 +11:00
associated_groups_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
badges_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
bookmarks_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
bootstrap_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
categories_controller.rb FEATURE: Configurable auto-bump cooldown (#20507) 2023-03-10 13:45:01 +08:00
clicks_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
composer_controller.rb DEV: Remove elder from codebase and also update 'regular' to 'member' (#20065) 2023-01-31 01:41:25 +08:00
composer_messages_controller.rb DEV: Add a test for the "duplicate link" message (#21139) 2023-04-18 22:23:20 +02:00
csp_reports_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
directory_columns_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
directory_items_controller.rb DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
do_not_disturb_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
drafts_controller.rb FIX: Don't render error for bad-sequence (#21187) 2023-04-20 10:26:11 -05:00
edit_directory_columns_controller.rb DEV: Enable unless cops 2023-02-21 10:30:48 +01:00
email_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
embed_controller.rb FEATURE: Update topic/comment embedding parameters (#20181) 2023-02-28 14:31:59 +02:00
exceptions_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
export_csv_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
extra_locales_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
finish_installation_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
forums_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
groups_controller.rb FEATURE: Allow group owners promote more owners (#19768) 2023-01-11 16:43:18 +08:00
hashtags_controller.rb FEATURE: Allow showing hashtag autocomplete results without term (#19219) 2022-12-08 13:47:59 +10:00
highlight_js_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
inline_onebox_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
invites_controller.rb FIX: Display a proper error when user already exists and email addresses are hidden. (#20585) 2023-03-08 12:38:58 -03:00
list_controller.rb DEV: Update experimental /filter route with tags support (#20874) 2023-03-30 09:00:42 +08:00
metadata_controller.rb FIX: Use / for start_url in webmanifest on non-subfolder installs (#20167) 2023-02-03 16:48:05 -03:00
new_topic_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
notifications_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
offline_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
onebox_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
permalinks_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_action_users_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_actions_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_readers_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
posts_controller.rb DEV: Enable unless cops 2023-02-21 10:30:48 +01:00
presence_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
published_pages_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
push_notification_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
qunit_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_claimed_topics_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewables_controller.rb FIX: Don't display destroy reviewable button on client (#21226) 2023-04-24 20:22:37 -05:00
robots_txt_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
safe_mode_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
search_controller.rb FEATURE: rate limit anon searches per second (#19708) 2023-01-27 10:05:27 -08:00
session_controller.rb FEATURE: add a setting to allowlist DiscourseConnect return path domains (#21110) 2023-04-17 22:53:50 +05:30
sidebar_sections_controller.rb FEATURE: public custom sidebar sections visible to anonymous (#20931) 2023-04-06 08:55:47 +10:00
similar_topics_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
site_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
sitemap_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
slugs_controller.rb FEATURE: Allow changing slug on create channel (#19928) 2023-01-23 14:48:33 +10:00
static_controller.rb DEV: Allow accessing sourcemaps on /brotli_asset path (#19894) 2023-01-17 12:49:42 +00:00
steps_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
stylesheets_controller.rb DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
svg_sprite_controller.rb FIX: IconPicker option to display only available icons (#20235) 2023-02-13 09:24:47 +11:00
tag_groups_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
tags_controller.rb FIX: Support tag query param on /tag/{name} routes (#20742) 2023-03-20 13:51:39 -05:00
theme_javascripts_controller.rb DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
topics_controller.rb UX: Improve error message when a topic cannot be moved due to category restrictions (#20900) 2023-03-31 02:18:57 +08:00
uploads_controller.rb DEV: Fix random typos (#19973) 2023-01-24 15:41:01 +01:00
user_actions_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_api_keys_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_avatars_controller.rb DEV: Enable unless cops 2023-02-21 10:30:48 +01:00
user_badges_controller.rb DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
user_status_controller.rb FEATURE: User Status API (#19149) 2022-11-24 19:16:28 +04:00
users_controller.rb FEATURE: Only list watching group messages in messages notifications panel (#20630) 2023-03-13 08:09:38 +08:00
users_email_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
webhooks_controller.rb FEATURE: Verify email webhook signatures (#19690) 2023-01-16 19:16:17 +02:00
wizard_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00