discourse/lib/guardian
Ted Johansson b50b63808c
DEV: Make Guardian#can_see? default to false for unwatched objects (#20412)
When invoking e.g. `can_see?(Foo.new)`, the guardian checks if there's a method `#can_see_foo?` defined and if so uses that to determine whether the user can see it or not.

When such a method is not defined, the guardian currently returns `true`, but it is probably a better call (pun intended) to make it "safe by default" and return `false` instead. I.e. if you can't explicitly see it, you can't see it at all.

This change makes the change to `Guardian#can_see?` to fall back to `false` if no visibility check method is defined.

For `#can_see_user?` and `#can_see_tag?` we don't have any particular logic that prevents viewing. We previously relied on the implicit `true` value, but since that's now change to `false`, I have explicitly implemented these two methods in `UserGuardian` and `TagGuardian` modules. If in the future we want to add some logic for it, this would be the place.

To be clear, **the behaviour remains the same**, but the `true` value is now explicit rather than implicit.
2023-02-24 15:57:01 +08:00
..
bookmark_guardian.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
category_guardian.rb DEV: Apply syntax_tree formatting to lib/* 2023-01-09 12:10:19 +00:00
ensure_magic.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
group_guardian.rb DEV: Apply syntax_tree formatting to lib/* 2023-01-09 12:10:19 +00:00
post_guardian.rb DEV: Enable unless cops 2023-02-21 10:30:48 +01:00
post_revision_guardian.rb FEATURE: Allow admins to permanently delete revisions (#19913) 2023-01-19 15:09:01 -06:00
sidebar_guardian.rb DEV: configurable public sidebar sections (#20303) 2023-02-22 08:55:44 +11:00
tag_guardian.rb DEV: Make Guardian#can_see? default to false for unwatched objects (#20412) 2023-02-24 15:57:01 +08:00
topic_guardian.rb DEV: Enable unless cops 2023-02-21 10:30:48 +01:00
user_guardian.rb DEV: Make Guardian#can_see? default to false for unwatched objects (#20412) 2023-02-24 15:57:01 +08:00