FIX: Introduce Guardian::BasicUser for oneboxing checks (#24681)

Through internal discussion, it has become clear that we need a conceptual Guardian user that bridges the gap between anon users and a logged in forum user with an absolute baseline level of access to public topics, which can be used in cases where: 1. Automated systems are running which shouldn't see any private data 1. A baseline level of user access is needed In this case we are fixing the latter; when oneboxing a local topic, and we are linking to a topic in another category from the current one, we need to operate off a baseline level of access, since not all users have access to the same categories, and we don't want e.g. editing a post with an internal link to expose sensitive internal information.
2025-05-21 18:12:32 +08:00 · 2023-12-05 09:25:23 +10:00
parent 7756c210da
commit de983796e1
4 changed files with 166 additions and 5 deletions
--- a/lib/discourse.rb
+++ b/lib/discourse.rb
@ -873,6 +873,10 @@ module Discourse
    @system_users[current_db] ||= User.find_by(id: SYSTEM_USER_ID)
  end

+  def self.basic_user
+    Guardian.basic_user
+  end
+
  def self.store
    if SiteSetting.Upload.enable_s3_uploads
      @s3_store_loaded ||= require "file_store/s3_store"