FIX: guardian always got user but sometimes it is anonymous (#9342)

FIX: guardian always got user but sometimes it is anonymous (#9342)

  • FIX: guardian always got user but sometimes it is anonymous
  def initialize(user = nil, request = nil)
    @user = user.presence || AnonymousUser.new
    @request = request
  end

AnonymouseUser defines blank? method

  class AnonymousUser
    def blank?
      true
    end
    ...
  end

so if we would use @user.present? it would be correct, however, just @user is always true

diff --git a/lib/guardian.rb b/lib/guardian.rb
index fae144f..851dddf 100644
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -319,7 +319,7 @@ class Guardian
   # Support sites that have to approve users
   def can_access_forum?
     return true unless SiteSetting.must_approve_users?
-    return false unless @user
+    return false if anonymous?
 
     # Staff can't lock themselves out of a site
     return true if is_staff?
@@ -442,7 +442,7 @@ class Guardian
   end
 
   def can_export_entity?(entity)
-    return false unless @user
+    return false if anonymous?
     return true if is_admin?
     return entity != 'user_list' if is_moderator?
 
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 14d528f..bea0404 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -2743,6 +2743,7 @@ describe Guardian do
   end
 
   describe '#can_export_entity?' do
+    let(:anonymous_guardian) { Guardian.new }
     let(:user_guardian) { Guardian.new(user) }
     let(:moderator_guardian) { Guardian.new(moderator) }
     let(:admin_guardian) { Guardian.new(admin) }
@@ -2758,6 +2759,10 @@ describe Guardian do
       expect(moderator_guardian.can_export_entity?('staff_action')).to be_truthy
       expect(admin_guardian.can_export_entity?('staff_action')).to be_truthy
     end
+
+    it 'does not allow anonymous to export' do
+      expect(anonymous_guardian.can_export_entity?('user_archive')).to be_falsey
+    end
   end
 
   describe '#can_ignore_user?' do

GitHub sha: ce00da3b

This commit appears in #9342 which was approved by riking and eviltrout. It was merged by lis2.