search: fix searches for private favgroups raising privilege errors.

Change favgroup:<name> searches to return no results instead of raising
a UserPrivilege error when an unpermitted user searches for a private
favgroup.

Partial fix for #4389.

app/logical/post_query_builder.rb

@@ -485,12 +485,14 @@ class PostQueryBuilder
       relation = relation.joins("JOIN (#{pool_posts.to_sql}) pool_posts ON pool_posts.post_id = posts.id").order("pool_posts.pool_index ASC")
     end
 
-    q[:favgroups_neg].to_a.each do |favgroup|
-      relation = relation.where.not(id: FavoriteGroup.where(id: favgroup.id).select("unnest(post_ids)"))
+    q[:favgroup_neg].to_a.each do |favgroup_name|
+      favgroup = FavoriteGroup.visible(CurrentUser.user).name_or_id_matches(favgroup_name, CurrentUser.user)
+      relation = relation.where.not(id: favgroup.select("unnest(post_ids)"))
     end
 
-    q[:favgroups].to_a.each do |favgroup|
-      relation = relation.where(id: FavoriteGroup.where(id: favgroup.id).select("unnest(post_ids)"))
+    q[:favgroup].to_a.each do |favgroup_name|
+      favgroup = FavoriteGroup.visible(CurrentUser.user).name_or_id_matches(favgroup_name, CurrentUser.user)
+      relation = relation.where(id: favgroup.select("unnest(post_ids)"))
     end
 
     q[:upvoter].to_a.each do |upvoter|
@@ -782,18 +784,12 @@ class PostQueryBuilder
               q[:ordpool] = g2
 
             when "-favgroup"
-              favgroup = FavoriteGroup.find_by_name_or_id!(g2, CurrentUser.user)
-              raise User::PrivilegeError unless Pundit.policy!([CurrentUser.user, nil], favgroup).show?
-
-              q[:favgroups_neg] ||= []
-              q[:favgroups_neg] << favgroup
+              q[:favgroup_neg] ||= []
+              q[:favgroup_neg] << g2
 
             when "favgroup"
-              favgroup = FavoriteGroup.find_by_name_or_id!(g2, CurrentUser.user)
-              raise User::PrivilegeError unless Pundit.policy!([CurrentUser.user, nil], favgroup).show?
-
-              q[:favgroups] ||= []
-              q[:favgroups] << favgroup
+              q[:favgroup] ||= []
+              q[:favgroup] << g2
 
             when "-fav"
               favuser = User.find_by_name(g2)

app/logical/post_sets/post.rb

@@ -52,7 +52,7 @@ module PostSets
       name = Tag.has_metatag?(tag_array, :favgroup)
       return nil unless is_single_tag? && name.present?
 
-      @favgroup ||= FavoriteGroup.find_by_name_or_id(name, CurrentUser.user)
+      @favgroup ||= FavoriteGroup.visible(CurrentUser.user).find_by_name_or_id(name, CurrentUser.user)
     end
 
     def has_explicit?

app/models/favorite_group.rb

@@ -89,14 +89,18 @@ class FavoriteGroup < ApplicationRecord
     self.name = FavoriteGroup.normalize_name(name)
   end
 
-  def self.find_by_name_or_id(name, user)
+  def self.name_or_id_matches(name, user)
     if name =~ /\A\d+\z/
-      find_by(id: name)
+      where(id: name)
     else
-      user.favorite_groups.where_iequals(:name, normalize_name(name)).first
+      where(creator: user).where_iequals(:name, normalize_name(name))
     end
   end
 
+  def self.find_by_name_or_id(name, user)
+    name_or_id_matches(name, user).first
+  end
+
   def self.find_by_name_or_id!(name, user)
     find_by_name_or_id(name, user) or raise ActiveRecord::RecordNotFound
   end