FEATURE: Implement SiteSetting to Allow Anonymous Likes (#22131)

Allow anonymous users (logged-in, but set to anonymous posting) to like posts --------- Co-authored-by: Emmett Ling <eling@zendesk.com> Co-authored-by: Nat <natalie.tay@discourse.org>
2025-05-29 01:31:35 +08:00 · 2023-07-21 06:21:07 -07:00
parent 8ffc274438
commit 978d52841a
7 changed files with 221 additions and 4 deletions
--- a/spec/lib/guardian_spec.rb
+++ b/spec/lib/guardian_spec.rb
@ -98,6 +98,38 @@ RSpec.describe Guardian do
    fab!(:user) { Fabricate(:user) }
    fab!(:post) { Fabricate(:post) }

+    describe "an anonymous user" do
+      before { SiteSetting.allow_anonymous_posting = true }
+
+      context "when allow_anonymous_likes is enabled" do
+        before { SiteSetting.allow_anonymous_likes = true }
+
+        it "returns true when liking" do
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :like)).to be_truthy
+        end
+
+        it "cannot perform any other action" do
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :flag)).to be_falsey
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :bookmark)).to be_falsey
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :notify_user)).to be_falsey
+        end
+      end
+
+      context "when allow_anonymous_likes is disabled" do
+        before { SiteSetting.allow_anonymous_likes = false }
+
+        it "returns false when liking" do
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :like)).to be_falsey
+        end
+
+        it "cannot perform any other action" do
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :flag)).to be_falsey
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :bookmark)).to be_falsey
+          expect(Guardian.new(anonymous_user).post_can_act?(post, :notify_user)).to be_falsey
+        end
+      end
+    end
+
    it "returns false when the user is nil" do
      expect(Guardian.new(nil).post_can_act?(post, :like)).to be_falsey
    end
@ -2443,6 +2475,122 @@ RSpec.describe Guardian do
    end
  end

+  describe "#can_delete_post_action" do
+    before do
+      SiteSetting.allow_anonymous_posting = true
+      Guardian.any_instance.stubs(:anonymous?).returns(true)
+    end
+
+    context "with allow_anonymous_likes enabled" do
+      before { SiteSetting.allow_anonymous_likes = true }
+      describe "an anonymous user" do
+        let(:post_action) do
+          user.id = anonymous_user.id
+          post.id = 1
+
+          a =
+            PostAction.new(
+              user: anonymous_user,
+              post: post,
+              post_action_type_id: PostActionType.types[:like],
+            )
+          a.created_at = 1.minute.ago
+          a
+        end
+
+        let(:non_like_post_action) do
+          user.id = anonymous_user.id
+          post.id = 1
+
+          a =
+            PostAction.new(
+              user: anonymous_user,
+              post: post,
+              post_action_type_id: PostActionType.types[:reply],
+            )
+          a.created_at = 1.minute.ago
+          a
+        end
+
+        let(:other_users_post_action) do
+          user.id = user.id
+          post.id = 1
+
+          a =
+            PostAction.new(user: user, post: post, post_action_type_id: PostActionType.types[:like])
+          a.created_at = 1.minute.ago
+          a
+        end
+
+        it "returns true if the post belongs to the anonymous user" do
+          expect(Guardian.new(anonymous_user).can_delete_post_action?(post_action)).to be_truthy
+        end
+
+        it "return false if the post belongs to another user" do
+          expect(
+            Guardian.new(anonymous_user).can_delete_post_action?(other_users_post_action),
+          ).to be_falsey
+        end
+
+        it "returns false for any other action" do
+          expect(
+            Guardian.new(anonymous_user).can_delete_post_action?(non_like_post_action),
+          ).to be_falsey
+        end
+
+        it "returns false if the window has expired" do
+          post_action.created_at = 20.minutes.ago
+          SiteSetting.post_undo_action_window_mins = 10
+
+          expect(Guardian.new(anonymous_user).can_delete?(post_action)).to be_falsey
+        end
+      end
+    end
+
+    context "with allow_anonymous_likes disabled" do
+      before do
+        SiteSetting.allow_anonymous_likes = false
+        SiteSetting.allow_anonymous_posting = true
+      end
+      describe "an anonymous user" do
+        let(:post_action) do
+          user.id = anonymous_user.id
+          post.id = 1
+
+          a =
+            PostAction.new(
+              user: anonymous_user,
+              post: post,
+              post_action_type_id: PostActionType.types[:like],
+            )
+          a.created_at = 1.minute.ago
+          a
+        end
+
+        let(:non_like_post_action) do
+          user.id = anonymous_user.id
+          post.id = 1
+
+          a =
+            PostAction.new(
+              user: anonymous_user,
+              post: post,
+              post_action_type_id: PostActionType.types[:reply],
+            )
+          a.created_at = 1.minute.ago
+          a
+        end
+
+        it "any action returns false" do
+          expect(Guardian.new(anonymous_user).can_delete_post_action?(post_action)).to be_falsey
+          expect(
+            Guardian.new(anonymous_user).can_delete_post_action?(non_like_post_action),
+          ).to be_falsey
+        end
+      end
+    end
+  end
+
  describe "#can_see_deleted_posts?" do
    it "returns true if the user is an admin" do
      expect(Guardian.new(admin).can_see_deleted_posts?(post.topic.category)).to be_truthy