FEATURE: per-topic unsubscribe option in emails#9
Conversation
|
bugbot run |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| tu.notification_level = TopicUser.notification_levels[:muted] | ||
| end | ||
|
|
||
| tu.save! |
There was a problem hiding this comment.
Unsubscribe crashes without topic-user row
Medium Severity
topics_controller.rb assumes TopicUser.find_by always returns a record. If a logged-in user can view a topic but has no topic_users row yet, tu.notification_level raises and the unsubscribe page fails with a server error instead of updating preferences.
| get "t/:slug/:topic_id/moderator-liked" => "topics#moderator_liked", constraints: {topic_id: /\d+/} | ||
| get "t/:slug/:topic_id/summary" => "topics#show", defaults: {summary: true}, constraints: {topic_id: /\d+/} | ||
| get "t/:slug/:topic_id/unsubscribe" => "topics#unsubscribe", constraints: {topic_id: /\d+/} | ||
| get "t/:topic_id/unsubscribe" => "topics#unsubscribe", constraints: {topic_id: /\d+/} |
There was a problem hiding this comment.
State-changing unsubscribe uses GET route
Medium Severity
The new GET unsubscribe endpoints mutate TopicUser.notification_level in topics#unsubscribe. Because this state change is performed via GET, third-party pages can trigger unsolicited preference changes for authenticated users through cross-site requests.
Additional Locations (1)
2 participants
Test 2
Summary by CodeRabbit
Release Notes
✏️ Tip: You can customize this high-level summary in your review settings.
Replicated from ai-code-review-evaluation/discourse-coderabbit#2
Note
Medium Risk
Touches email template/translation interpolation and adds a new topic-level state toggle endpoint, so mistakes could affect unsubscribe links or notification levels for users.
Overview
Adds a per-topic unsubscribe flow: notification emails now include an
unsubscribe_url, and the serverunsubscribe_linkcopy is expanded to offer a per-topic “stop notifications” link alongside the existing global preferences link.Implements new backend routes/controller action (
TopicsController#unsubscribe) plusTopic#unsubscribe_urlto toggle a user’sTopicUser.notification_levelbetweenregularandmuted, and wires a new Ember route/template/controller/view for/t/:slug/:id/unsubscribewith minimal styling.Includes small related cleanups/refactors (e.g., conditional dropdown title rendering, minor JS/Ruby formatting, and ensuring
topic-from-paramsjumps to the resolved post).Written by Cursor Bugbot for commit 6669a2d. Configure here.