[Hotfix] (fix): Comments without user (#558)

* (fix): Explicitly check for user when adding a comment

* (feat): Fallback to Unknown user

* (chore): Don't send a username

Author: edgebal

Core/Comments/Comment.php

@@ -8,6 +8,7 @@
 use Minds\Entities\RepositoryEntity;
 use Minds\Entities\User;
 use Minds\Helpers\Flags;
+use Minds\Helpers\Unknown;
 
 /**
  * Comment Entity
@@ -271,6 +272,13 @@ protected function _extendExport(array $export)
         $output['ownerObj'] = $this->getOwnerObj();
         $output['description'] = $this->getBody();
 
+        if (!$output['ownerObj'] && !$this->getOwnerGuid()) {
+            $unknown = Unknown::user();
+
+            $output['ownerObj'] = $unknown->export();
+            $output['owner_guid'] = $unknown->guid;
+        }
+
         if ($export['attachments']) {
             foreach ($export['attachments'] as $key => $value) {
                 $output['attachments'][$key] = $this->getAttachment($key);

Core/Comments/Manager.php

@@ -77,7 +77,10 @@ public function add(Comment $comment)
     {
         $entity = $this->entitiesBuilder->single($comment->getEntityGuid());
 
-        if (!$this->acl->interact($entity)) {
+        if (
+            !$comment->getOwnerGuid() ||
+            !$this->acl->interact($entity, $comment->getOwnerEntity(true))
+        ) {
             throw new BlockedUserException();
         }
 

Helpers/Unknown.php

@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * Description
+ *
+ * @author emi
+ */
+
+namespace Minds\Helpers;
+
+use Minds\Entities\User;
+
+class Unknown
+{
+    /**
+     * @return User
+     * @throws \Exception
+     */
+    public static function user()
+    {
+        $user = new User();
+
+        $user->guid = 0;
+        $user->username = '';
+        $user->name = 'Unknown User';
+
+        return $user;
+    }
+}

Spec/Core/Comments/ManagerSpec.php

@@ -13,6 +13,7 @@
 use Minds\Core\Luid;
 use Minds\Core\Security\ACL;
 use Minds\Entities\Entity;
+use Minds\Entities\User;
 use Minds\Exceptions\BlockedUserException;
 use PhpSpec\ObjectBehavior;
 use Prophecy\Argument;
@@ -81,9 +82,18 @@ function it_is_initializable()
 
     function it_should_add(
         Comment $comment,
-        Entity $entity
+        Entity $entity,
+        User $owner
     )
     {
+        $comment->getOwnerEntity(true)
+            ->shouldBeCalled()
+            ->willReturn($owner);
+
+        $comment->getOwnerGuid()
+            ->shouldBeCalled()
+            ->willReturn(1000);
+
         $comment->getEntityGuid()
             ->shouldBeCalled()
             ->willReturn(5000);
@@ -92,7 +102,7 @@ function it_should_add(
             ->shouldBeCalled()
             ->willReturn($entity);
 
-        $this->acl->interact($entity)
+        $this->acl->interact($entity, $owner)
             ->shouldBeCalled()
             ->willReturn(true);
 
@@ -127,9 +137,18 @@ function it_should_add(
 
     function it_should_throw_if_blocked_user_during_add(
         Comment $comment,
-        Entity $entity
+        Entity $entity,
+        User $owner
     )
     {
+        $comment->getOwnerEntity(true)
+            ->shouldBeCalled()
+            ->willReturn($owner);
+
+        $comment->getOwnerGuid()
+            ->shouldBeCalled()
+            ->willReturn(1000);
+
         $comment->getEntityGuid()
             ->shouldBeCalled()
             ->willReturn(5000);
@@ -138,7 +157,7 @@ function it_should_throw_if_blocked_user_during_add(
             ->shouldBeCalled()
             ->willReturn($entity);
 
-        $this->acl->interact($entity)
+        $this->acl->interact($entity, $owner)
             ->shouldBeCalled()
             ->willReturn(false);