FIX: Anon users could not edit their own posts (#26283)

Followup 3094f32ff5, this fixes an issue with the logic in this commit where we were returning false if any of the conditionals here were false, regardless of the type of `obj`, where we should have only done this if `obj` was a `PostAction`, which lead us to return false in cases where we were checking if the user could edit their own post as anon.
2025-02-25 18:55:32 -06:00 · 2024-03-22 08:12:12 +10:00
parent 18a52c56cf
commit 61bd7d5d11
4 changed files with 39 additions and 17 deletions
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -640,16 +640,6 @@ class Guardian
  private

  def is_my_own?(obj)
-    # NOTE: This looks strange...but we are checking if someone is posting anonymously
-    # as a AnonymousUser model, _not_ as Guardian::AnonymousUser which is a different thing
-    # used when !authenticated?
-    if authenticated? && is_anonymous?
-      return(
-        SiteSetting.allow_anonymous_likes? && obj.class == PostAction && obj.is_like? &&
-          obj.user_id == @user.id
-      )
-    end
-
    return false if anonymous?
    return obj.user_id == @user.id if obj.respond_to?(:user_id) && obj.user_id && @user.id
    return obj.user == @user if obj.respond_to?(:user)