FIX: Make ChatMessageUpdater check editing access for guardian (#18902)

Follow up to 766bcbc6840c9d665055441bcd77616b3a96e10e

This fixes a gaffe from that commit where I passed in the
guardian to ChatMessageUpdater but then forgot to remove
the old way of setting the guardian and user instance variables
from the chat_message that was passed in.

Also, it moves the ensure_can_edit_message! check from the
controller into ChatMessageUpdater so all the access
checks are in the same place.
This commit is contained in:
Martin Brennan
2022-11-08 09:04:18 +10:00
committed by GitHub
parent 20dc27232e
commit c66743ee3d
4 changed files with 18 additions and 14 deletions

View File

@ -144,7 +144,6 @@ class Chat::ChatController < Chat::ChatBaseController
end
def edit_message
guardian.ensure_can_edit_chat!(@message)
chat_message_updater =
Chat::ChatMessageUpdater.update(
guardian: guardian,