FIX: Use Guardian.basic_user instead of new (anon) (#24705)

c.f. de983796e1b66aa2ab039a4fb6e32cec8a65a098 There will soon be additional login_required checks for Guardian, and the intent of many checks by automated systems is better fulfilled by using BasicUser, which simulates a logged in TL0 forum user, rather than an anon user. In some cases the use of anon still makes sense (e.g. anonymous_cache), and in that case the more explicit `Guardian.anon_user` is used
2025-06-03 02:48:28 +08:00 · 2023-12-06 11:56:21 +10:00
parent d9dca6482d
commit 9057272ee2
11 changed files with 13 additions and 17 deletions
--- a/plugins/poll/lib/polls_updater.rb
+++ b/plugins/poll/lib/polls_updater.rb
@ -114,7 +114,7 @@ module DiscoursePoll
              polls,
              each_serializer: PollSerializer,
              root: false,
-              scope: Guardian.new(nil),
+              scope: Guardian.basic_user,
            ).as_json
          post.publish_message!("/polls/#{post.topic_id}", post_id: post.id, polls: polls)
        end