From e52ccaa51f18cf0969fb686a952fac045a4cf05a Mon Sep 17 00:00:00 2001
From: Roman Rizzi <rizziromanalejandro@gmail.com>
Date: Wed, 13 Jan 2021 11:27:23 -0300
Subject: [PATCH] FIX: Users can remove themselves from a PM even if they can
 still access it through a group. (#11693)

If a group you're a member of is invited to a PM, you can no longer remove yourself from it. This means you won't be able to remove the message from your inbox, and even if you archive it, it'll come back once someone replies.
---
 .../topic_view_details_serializer.rb          |  4 ++-
 .../topic_view_details_serializer_spec.rb     | 29 +++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 spec/serializers/topic_view_details_serializer_spec.rb

diff --git a/app/serializers/topic_view_details_serializer.rb b/app/serializers/topic_view_details_serializer.rb
index 16a28e40f5..2576bf7406 100644
--- a/app/serializers/topic_view_details_serializer.rb
+++ b/app/serializers/topic_view_details_serializer.rb
@@ -163,7 +163,9 @@ class TopicViewDetailsSerializer < ApplicationSerializer
   end
 
   def allowed_users
-    object.topic.allowed_users.reject { |user| object.group_allowed_user_ids.include?(user.id) }
+    object.topic.allowed_users.reject do |user|
+      object.group_allowed_user_ids.include?(user.id) && user != scope.user
+    end
   end
 
   def include_allowed_users?
diff --git a/spec/serializers/topic_view_details_serializer_spec.rb b/spec/serializers/topic_view_details_serializer_spec.rb
new file mode 100644
index 0000000000..0705ee4e84
--- /dev/null
+++ b/spec/serializers/topic_view_details_serializer_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe TopicViewDetailsSerializer do
+  describe '#allowed_users' do
+    it "add the current user to the allowed user's list even if they are an allowed group member" do
+      participant = Fabricate(:user)
+      another_participant = Fabricate(:user)
+
+      participant_group = Fabricate(:group)
+      participant_group.add(participant)
+      participant_group.add(another_participant)
+
+      pm = Fabricate(:private_message_topic,
+        topic_allowed_users: [
+          Fabricate.build(:topic_allowed_user, user: participant),
+          Fabricate.build(:topic_allowed_user, user: another_participant)
+        ],
+        topic_allowed_groups: [Fabricate.build(:topic_allowed_group, group: participant_group)]
+      )
+
+      serializer = described_class.new(TopicView.new(pm, participant), scope: Guardian.new(participant))
+      allowed_users = serializer.as_json.dig(:topic_view_details, :allowed_users).map { |u| u[:id] }
+
+      expect(allowed_users).to contain_exactly(participant.id)
+    end
+  end
+end