FIX: should not receive topic invites from ignored users. (#14746)

FIX: should not receive topic invites from ignored users. (#14746)

Previously, ignored users can send notifications by inviting the ignorer to topics or PMs.

diff --git a/app/models/topic.rb b/app/models/topic.rb
index 2dd6f95..f79a177 100644
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@@ -1022,13 +1022,7 @@ class Topic < ActiveRecord::Base
         raise UserExists.new(I18n.t("topic_invite.user_exists"))
       end
 
-      if MutedUser
-          .where(user: target_user, muted_user: invited_by)
-          .joins(:muted_user)
-          .where('NOT admin AND NOT moderator')
-          .exists?
-        raise NotAllowed.new(I18n.t("topic_invite.muted_invitee"))
-      end
+      ensure_can_invite!(target_user, invited_by)
 
       if TopicUser
           .where(topic: self,
@@ -1066,6 +1060,22 @@ class Topic < ActiveRecord::Base
     end
   end
 
+  def ensure_can_invite!(target_user, invited_by)
+    if MutedUser
+        .where(user: target_user, muted_user: invited_by)
+        .joins(:muted_user)
+        .where('NOT admin AND NOT moderator')
+        .exists?
+      raise NotAllowed
+    elsif IgnoredUser
+        .where(user: target_user, ignored_user: invited_by)
+        .joins(:ignored_user)
+        .where('NOT admin AND NOT moderator')
+        .exists?
+      raise NotAllowed
+    end
+  end
+
   def email_already_exists_for?(invite)
     invite.email_already_exists && private_message?
   end
@@ -1733,6 +1743,9 @@ class Topic < ActiveRecord::Base
   end
 
   def create_invite_notification!(target_user, notification_type, username)
+    invited_by = User.find_by_username(username)
+    ensure_can_invite!(target_user, invited_by)
+
     target_user.notifications.create!(
       notification_type: notification_type,
       topic_id: self.id,
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index ae51ce9..ce1740e 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -270,7 +270,6 @@ en:
   topic_invite:
     failed_to_invite: "The user cannot be invited into this topic without a group membership in either one of the following groups: %{group_names}."
     user_exists: "Sorry, that user has already been invited. You may only invite a user to a topic once."
-    muted_invitee: "Sorry, that user muted you."
     muted_topic: "Sorry, that user muted this topic."
     receiver_does_not_allow_pm: "Sorry, that user does not allow you to send them private messages."
     sender_does_not_allow_pm: "Sorry, you do not allow that user to send you private messages."
diff --git a/spec/models/topic_spec.rb b/spec/models/topic_spec.rb
index e356d11..20d1721 100644
--- a/spec/models/topic_spec.rb
+++ b/spec/models/topic_spec.rb
@@ -711,12 +711,23 @@ describe Topic do
         end
 
         context "from a muted user" do
-          before { MutedUser.create!(user: another_user, muted_user: user) }
+          before { Fabricate(:muted_user, user: another_user, muted_user: user) }
 
-          it 'fails with an error message' do
+          it 'fails with an error' do
+            expect { topic.invite(user, another_user.username) }
+              .to raise_error(Topic::NotAllowed)
+            expect(topic.allowed_users).to_not include(another_user)
+            expect(Post.last).to be_blank
+            expect(Notification.last).to be_blank
+          end
+        end
+
+        context "from a ignored user" do
+          before { Fabricate(:ignored_user, user: another_user, ignored_user: user) }
+
+          it 'fails with an error' do
             expect { topic.invite(user, another_user.username) }
               .to raise_error(Topic::NotAllowed)
-              .with_message(I18n.t("topic_invite.muted_invitee"))
             expect(topic.allowed_users).to_not include(another_user)
             expect(Post.last).to be_blank
             expect(Notification.last).to be_blank

GitHub sha: c62242c6b38654b3ebc222a83b8b25749f259098

This commit appears in #14746 which was approved by eviltrout. It was merged by vinothkannans.