FIX: only show participants the user can see

2025-05-30 15:28:37 +08:00 · 2017-09-13 17:14:03 +02:00
parent e5db126a8e
commit 0096ee40da
3 changed files with 30 additions and 34 deletions
--- a/app/serializers/topic_view_serializer.rb
+++ b/app/serializers/topic_view_serializer.rb
@ -21,7 +21,6 @@ class TopicViewSerializer < ApplicationSerializer
                        :created_at,
                        :views,
                        :reply_count,
-                        :participant_count,
                        :like_count,
                        :last_posted_at,
                        :visible,
@ -35,17 +34,18 @@ class TopicViewSerializer < ApplicationSerializer
                        :deleted_at,
                        :pending_posts_count,
                        :user_id,
-                        :pm_with_non_human_user?
+                        :pm_with_non_human_user?,
+                        :featured_link,
+                        :pinned_globally,
+                        :pinned_at,
+                        :pinned_until

  attributes :draft,
             :draft_key,
             :draft_sequence,
             :posted,
             :unpinned,
-             :pinned_globally,
-             :pinned,    # Is topic pinned and viewer hasn't cleared the pin?
-             :pinned_at, # Ignores clear pin
-             :pinned_until,
+             :pinned,
             :details,
             :highest_post_number,
             :last_read_post_number,
@ -59,10 +59,10 @@ class TopicViewSerializer < ApplicationSerializer
             :bookmarked,
             :message_archived,
             :tags,
-             :featured_link,
             :topic_timer,
             :unicode_title,
-             :message_bus_last_id
+             :message_bus_last_id,
+             :participant_count

  # TODO: Split off into proper object / serializer
  def details
@ -193,10 +193,6 @@ class TopicViewSerializer < ApplicationSerializer
  end
  alias_method :include_posted?, :has_topic_user?

-  def pinned_globally
-    object.topic.pinned_globally
-  end
-
  def pinned
    PinnedCheck.pinned?(object.topic, object.topic_user)
  end
@ -205,14 +201,6 @@ class TopicViewSerializer < ApplicationSerializer
    PinnedCheck.unpinned?(object.topic, object.topic_user)
  end

-  def pinned_at
-    object.topic.pinned_at
-  end
-
-  def pinned_until
-    object.topic.pinned_until
-  end
-
  def actions_summary
    result = []
    return [] unless post = object.posts&.first
@ -243,7 +231,7 @@ class TopicViewSerializer < ApplicationSerializer
  end

  def bookmarked
-    object.topic_user.try(:bookmarked)
+    object.topic_user&.bookmarked
  end

  def include_pending_posts_count?
@ -266,10 +254,6 @@ class TopicViewSerializer < ApplicationSerializer
    SiteSetting.topic_featured_link_enabled
  end

-  def featured_link
-    object.topic.featured_link
-  end
-
  def include_unicode_title?
    !!(object.topic.title =~ /:([\w\-+]*):/)
  end
@ -282,6 +266,10 @@ class TopicViewSerializer < ApplicationSerializer
    private_message?(object.topic)
  end

+  def participant_count
+    object.participants.size
+  end
+
  private

    def private_message?(topic)