mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 06:30:15 +08:00
b50b63808c
When invoking e.g. `can_see?(Foo.new)`, the guardian checks if there's a method `#can_see_foo?` defined and if so uses that to determine whether the user can see it or not. When such a method is not defined, the guardian currently returns `true`, but it is probably a better call (pun intended) to make it "safe by default" and return `false` instead. I.e. if you can't explicitly see it, you can't see it at all. This change makes the change to `Guardian#can_see?` to fall back to `false` if no visibility check method is defined. For `#can_see_user?` and `#can_see_tag?` we don't have any particular logic that prevents viewing. We previously relied on the implicit `true` value, but since that's now change to `false`, I have explicitly implemented these two methods in `UserGuardian` and `TagGuardian` modules. If in the future we want to add some logic for it, this would be the place. To be clear, **the behaviour remains the same**, but the `true` value is now explicit rather than implicit. |
||
---|---|---|
.. | ||
topic_guardian_spec.rb | ||
user_guardian_spec.rb |