Guard against nil user in Mentor::Discussion#viewable_by? (#8623)

iHiD · claude · web-flow · commit 89b85faca725 · 2026-02-12T22:35:58.000Z
When an unauthenticated user subscribes to DiscussionPostListChannel, current_user is nil. Use safe navigation operator (&.) to prevent NoMethodError when calling admin? on nil. Closes #8622 Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/app/models/mentor/discussion.rb b/app/models/mentor/discussion.rb
@@ -95,13 +95,13 @@ def finished_for_mentor? = %i[mentor_finished finished student_timed_out mentor_
   def timed_out? = %i[student_timed_out mentor_timed_out].include?(status)
 
   def viewable_by?(user)
-    return true if user.admin?
+    return true if user&.admin?
 
     [mentor, student].include?(user)
   end
 
   def viewable_by_mentor?(user)
-    return true if user.admin?
+    return true if user&.admin?
 
     user == mentor
   end
diff --git a/test/models/mentor/discussion_test.rb b/test/models/mentor/discussion_test.rb
@@ -82,6 +82,12 @@ class Mentor::DiscussionTest < ActiveSupport::TestCase
     refute discussion.viewable_by?(user)
   end
 
+  test "#viewable_by? returns false if user is nil" do
+    discussion = create :mentor_discussion
+
+    refute discussion.viewable_by?(nil)
+  end
+
   test "finished?" do
     skip # TODO: Can this be deleted?
     discussion = create :mentor_discussion
