FIX: Show membership requests link just for group owners. (PR #7543)

GitHub

You’ve signed the CLA, nbianca. Thank you! This pull request is ready for review.

I don’t think this link is subfolder safe?

This pull request has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/why-is-there-handle-membership-request-for-users-who-are-not-owners-of-that-group/117500/4

Are we able to figure out if we should show the membership request link in the TopicView serializer instead? The worry I have here is that the membership request links are only for PMs but we’re adding additional fields to the current user payload for every page load.

I am with @tgxworld here I think I would like one less query by default, so we need to feed this information in on demand, vast majority of the time the client does not need to keep track of which groups are owned by current user vs not. (note when sending them down we should use ids anyway)

I would like this feature, but it feels a bit to big to fit into 2.3 for now. pushing it back.

Bouncing this for @ZogStriP who I believe was the last one we were waiting on a review from.

What if the name of the group changes in the meantime? I think using the id would be much safer.

If you have the id of the group, then this could become

group_id = object.custom_fields["membership_request"]

if scope&.user && GroupUser.where(user: scope.user, group_id: group_id, owner: true).exists?
  group = Group.find(group_id)
  cooked << <<~HTML
    <hr />
    <a href="#{Discourse.base_uri}/g/#{group.name}/requests">
      #{I18n.t('groups.request_membership_pm.handle')}
    </a>
  HTML
end

Also membership_request might not be the best name for that custom field? What about requested_group_id?