mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-06 19:53:42 +08:00
0bc1216009
## Summary `ReviewableAiToolAction` records were being created without `topic_id` or `category_id`. `Reviewable#created_new!` only copies those fields when the target is a `Post`, but the target here is `AiToolAction`, so every record landed unscoped. As a result, `Reviewable.viewable_by`'s `category_id IS NULL` allowance made these reviewables visible to **all** moderators — including ones who couldn't access the restricted category the underlying action targeted. This brings `ReviewableAiToolAction` in line with how `ReviewableFlaggedPost` already behaves for the same shape of data: - Override `created_new!` to read the target action's post and copy `topic`/`category_id` onto the reviewable, so category moderation groups route the queue entry to the right reviewers. - Memoize a `target_post` accessor for reuse by the model and serializer. - Backfill migration updates pre-existing rows by joining `ai_tool_actions → posts → topics`. Idempotent via `topic_id IS NULL` guard. This is intentionally a routing/scoping fix only — the serializer is unchanged. AI agents using approval-required tools are admin-configured and opt-in to human review, and reviewers need the full post and tool parameters to make an informed decision; suppressing those would defeat the human-in-the-loop the admin enabled. ## Test plan - [x] `bin/rspec plugins/discourse-ai/spec/models/reviewable_ai_tool_action_spec.rb` passes (new `#created_new!` cases covering private-category routing and the no-post fallback) - [x] `bin/rspec plugins/discourse-ai/spec/db/migrate/20260504211108_backfill_reviewable_ai_tool_action_scope_spec.rb` passes (backfill, no-post stays nil, already-scoped rows untouched) - [x] `bin/lint` clean on all four files |
||
|---|---|---|
| .. | ||
| fixtures | ||
| migrate | ||
| post_migrate | ||
