Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-17 15:23:00 +08:00
Code Packages Activity Actions
discourse/app/controllers/reviewable_claimed_topics_controller.rb
Isaac Janzen 3e45c872e4
DEV: Convert ReviewableClaimedTopicsController#destroy response from 403 to 404 (#38339) 
We can add an extra layer of protection on
`ReviewableClaimedTopicsController#destroy` by 404ing instead of 403ing
(proving presence of topic) for non-existing topic IDs
2026-03-06 15:39:51 -06:00

58 lines
1.8 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
class ReviewableClaimedTopicsController < ApplicationController
requires_login
def create
topic = Topic.with_deleted.find_by(id: params[:reviewable_claimed_topic][:topic_id])
automatic = params[:reviewable_claimed_topic][:automatic] == "true"
guardian.ensure_can_claim_reviewable_topic!(topic, automatic)
begin
ReviewableClaimedTopic.create!(user_id: current_user.id, topic_id: topic.id, automatic:)
rescue ActiveRecord::RecordInvalid
return render_json_error(I18n.t("reviewables.conflict"), status: 409)
end
topic.reviewables.find_each { |reviewable| reviewable.log_history(:claimed, current_user) }
notify_users(topic, current_user, automatic)
render json: success_json
end
def destroy
topic = Topic.with_deleted.find_by(id: params[:id])
automatic = params[:automatic] == "true"
if topic.blank? || !guardian.can_claim_reviewable_topic?(topic, automatic)
raise Discourse::NotFound
end
deleted_count = ReviewableClaimedTopic.where(topic_id: topic.id).delete_all
if deleted_count > 0
topic.reviewables.find_each { |reviewable| reviewable.log_history(:unclaimed, current_user) }
end
notify_users(topic, current_user, automatic, claimed: false)
render json: success_json
end
private
def notify_users(topic, user, automatic, claimed: true)
group_ids = Set.new([Group::AUTO_GROUPS[:staff]])
if SiteSetting.enable_category_group_moderation? && topic.category
group_ids.merge(topic.category.moderating_group_ids)
end
data = {
topic_id: topic.id,
user: BasicUserSerializer.new(user, root: false).as_json,
automatic:,
claimed:,
}
MessageBus.publish("/reviewable_claimed", data, group_ids: group_ids.to_a)
Jobs.enqueue(:refresh_users_reviewable_counts, group_ids: group_ids.to_a)
end
end
View git blame Copy permalink