FIX: extract filter pm and categories from UserAction (#14569)

FIX: extract filter pm and categories from UserAction (#14569)

Those two methods are useful for different places like discourse-reactions:

SECURITY: leaking PMs and secure categories topics (#110) · discourse/discourse-reactions@213d90b · GitHub

diff --git a/app/models/user_action.rb b/app/models/user_action.rb
index 0332c9a..c512c1c 100644
--- a/app/models/user_action.rb
+++ b/app/models/user_action.rb
@@ -417,6 +417,11 @@ class UserAction < ActiveRecord::Base
       builder.where("a.action_type not in (#{BOOKMARK})")
     end
 
+    filter_private_messages(builder, user_id, guardian, ignore_private_messages)
+    filter_categories(builder, guardian)
+  end
+
+  def self.filter_private_messages(builder, user_id, guardian, ignore_private_messages = false)
     if !guardian.can_see_private_messages?(user_id) || ignore_private_messages || !guardian.user
       builder.where("t.archetype <> :private_message", private_message: Archetype::private_message)
     else
@@ -436,7 +441,10 @@ class UserAction < ActiveRecord::Base
         builder.where(sql, private_message: Archetype::private_message, current_user_id: guardian.user.id)
       end
     end
+    builder
+  end
 
+  def self.filter_categories(builder, guardian)
     unless guardian.is_admin?
       allowed = guardian.secure_category_ids
       if allowed.present?
@@ -447,6 +455,7 @@ class UserAction < ActiveRecord::Base
         builder.where("(c.read_restricted IS NULL OR NOT c.read_restricted)")
       end
     end
+    builder
   end
 
   def self.require_parameters(data, *params)

GitHub sha: 300ed6ea7563a6da7073b336b542b42cfac65f57

This commit appears in #14569 which was approved by gschlager. It was merged by SamSaffron.