FIX: Use Guardian.basic_user instead of new (anon) (#24705)

c.f. de983796e1b66aa2ab039a4fb6e32cec8a65a098 There will soon be additional login_required checks for Guardian, and the intent of many checks by automated systems is better fulfilled by using BasicUser, which simulates a logged in TL0 forum user, rather than an anon user. In some cases the use of anon still makes sense (e.g. anonymous_cache), and in that case the more explicit `Guardian.anon_user` is used
2025-06-02 16:29:32 +08:00 · 2023-12-06 11:56:21 +10:00
parent d9dca6482d
commit 9057272ee2
11 changed files with 13 additions and 17 deletions
--- a/lib/middleware/anonymous_cache.rb
+++ b/lib/middleware/anonymous_cache.rb
@ -169,7 +169,7 @@ module Middleware
      def theme_ids
        ids, _ = @request.cookies["theme_ids"]&.split("|")
        id = ids&.split(",")&.map(&:to_i)&.first
-        if id && Guardian.new.allow_themes?([id])
+        if id && Guardian.anon_user.allow_themes?([id])
          Theme.transform_ids(id)
        else
          []