FIX: Do not allow anonymous users to be anonymized (#20776)

app/services/user_anonymizer.rb

@@ -3,6 +3,8 @@
 class UserAnonymizer
   attr_reader :user_history
 
+  EMAIL_SUFFIX = "@anonymized.invalid"
+
   # opts:
   #   anonymize_ip  - an optional new IP to update their logs with
   def initialize(user, actor = nil, opts = nil)
@@ -38,7 +40,7 @@ class UserAnonymizer
       end
 
       @user.save!
-      @user.primary_email.update_attribute(:email, "#{@user.username}@anonymized.invalid")
+      @user.primary_email.update_attribute(:email, "#{@user.username}#{EMAIL_SUFFIX}")
 
       options = @user.user_option
       options.mailing_list_mode = false

lib/guardian/user_guardian.rb

@@ -74,7 +74,7 @@ module UserGuardian
   end
 
   def can_anonymize_user?(user)
-    is_staff? && !user.nil? && !user.staff?
+    is_staff? && !user.nil? && !user.staff? && !user.email.ends_with?(UserAnonymizer::EMAIL_SUFFIX)
   end
 
   def can_merge_user?(user)

spec/lib/guardian_spec.rb

@@ -2773,6 +2773,10 @@ RSpec.describe Guardian do
       expect(Guardian.new(user).can_anonymize_user?(user)).to be_falsey
     end
 
+    it "it false for an anonymized user" do
+      expect(Guardian.new(user).can_anonymize_user?(anonymous_user)).to be_falsey
+    end
+
     it "is true for admin anonymizing a regular user" do
       expect(Guardian.new(admin).can_anonymize_user?(user)).to eq(true)
     end