Disable auto watch for the anonymous user (#38238).

Patch by Felix Schäfer. git-svn-id: https://svn.redmine.org/redmine/trunk@22116 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-01-31 11:37:14 +00:00 · 2023-02-26 07:48:19 +00:00 · 2023-02-26 07:48:19 +00:00 · 41b4bc54a5
commit 41b4bc54a5
parent 9a625f2610
4 changed files with 34 additions and 4 deletions
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@ -2025,8 +2025,8 @@ class Issue < ActiveRecord::Base
  end

  def add_auto_watcher
-    if author &&
-        author.allowed_to?(:add_issue_watchers, project) &&
+    if author&.active? &&
+        author&.allowed_to?(:add_issue_watchers, project) &&
        author.pref.auto_watch_on?('issue_created') &&
        self.watcher_user_ids.exclude?(author.id)
      self.set_watcher(author, true)
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@ -336,8 +336,8 @@ class Journal < ActiveRecord::Base
  end

  def add_watcher
-    if user &&
-        user.allowed_to?(:add_issue_watchers, project) &&
+    if user&.active? &&
+        user&.allowed_to?(:add_issue_watchers, project) &&
        user.pref.auto_watch_on?('issue_contributed_to') &&
        !Watcher.any_watched?(Array.wrap(journalized), user)
      journalized.set_watcher(user, true)
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@ -3479,6 +3479,21 @@ class IssueTest < ActiveSupport::TestCase
    end
  end

+  def test_create_should_not_add_anonymous_as_watcher
+    Role.anonymous.add_permission!(:add_issue_watchers)
+
+    user = User.anonymous
+    assert user.pref.auto_watch_on?('issue_contributed_to')
+
+    journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user)
+
+    assert_no_difference 'Watcher.count' do
+      assert journal.save
+      assert journal.valid?
+      assert journal.journalized.valid?
+    end
+  end
+
  def test_like_should_escape_query
    issue = Issue.generate!(:subject => "asdf")
    r = Issue.like('as_f')
--- a/test/unit/journal_test.rb
+++ b/test/unit/journal_test.rb
@ -142,6 +142,21 @@ class JournalTest < ActiveSupport::TestCase
    end
  end

+  def test_create_should_not_add_anonymous_as_watcher
+    Role.anonymous.add_permission!(:add_issue_watchers)
+
+    user = User.anonymous
+    assert user.pref.auto_watch_on?('issue_contributed_to')
+
+    journal = Journal.new(:journalized => Issue.first, :notes => 'notes', :user => user)
+
+    assert_no_difference 'Watcher.count' do
+      assert journal.save
+      assert journal.valid?
+      assert journal.journalized.valid?
+    end
+  end
+
  def test_visible_scope_for_anonymous
    # Anonymous user should see issues of public projects only
    journals = Journal.visible(User.anonymous).to_a