Nuke message_bus_observer move to service class and classes

Secure all messages triggered by post creation and all user actions so they don't leak (meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them)
2025-05-22 16:34:31 +08:00 · 2013-05-16 15:03:03 +10:00
parent bae2d252fa
commit e9ebadb414
13 changed files with 214 additions and 145 deletions
--- a/app/models/user_action.rb
+++ b/app/models/user_action.rb
@ -150,6 +150,19 @@ LEFT JOIN categories c on c.id = t.category_id
          User.update_all('likes_received = likes_received + 1', id: user_id)
        end

+        topic = Topic.includes(:category).where(id: hash[:target_topic_id]).first
+
+        # move into Topic perhaps
+        group_ids = nil
+        if topic && topic.category && topic.category.secure
+          group_ids = topic.category.groups.select("groups.id").map{|g| g.id}
+        end
+
+        MessageBus.publish("/users/#{action.user.username.downcase}",
+                              action.id,
+                              user_ids: [user_id],
+                              group_ids: group_ids )
+
      rescue ActiveRecord::RecordNotUnique
        # can happen, don't care already logged
        raise ActiveRecord::Rollback