fix(reminders): check remindable access before creating notification (#22651)

Ensure the scheduled reminder job verifies the creator still has
access to the remindable before creating a notification, consistent
with the visibility checks applied elsewhere.

app/workers/reminders/schedule_reminder_job.rb

@@ -39,6 +39,11 @@ module Reminders
     def perform(reminder)
       return if reminder.unread_notifications?
 
+      unless reminder.visible?(reminder.creator)
+        reminder.update_column(:completed_at, Time.current)
+        return
+      end
+
       create_notification_service = create_notification_from_reminder(reminder)
 
       create_notification_service.on_success do |service_result|

spec/workers/reminders/schedule_reminder_job_spec.rb

@@ -45,7 +45,11 @@ RSpec.describe Reminders::ScheduleReminderJob do
   end
 
   describe "#perform" do
-    let(:reminder) { create(:reminder) }
+    let(:role) { create(:project_role, permissions: %i[view_work_packages]) }
+    let(:project) { create(:project) }
+    let(:user) { create(:user, member_with_roles: { project => role }) }
+    let(:work_package) { create(:work_package, project:) }
+    let(:reminder) { create(:reminder, creator: user, remindable: work_package) }
 
     subject { described_class.new.perform(reminder) }
 
@@ -66,6 +70,24 @@ RSpec.describe Reminders::ScheduleReminderJob do
       end
     end
 
+    context "when the creator no longer has access to the remindable" do
+      before { Member.where(principal: user, project:).destroy_all }
+
+      it "does not create a notification" do
+        expect { subject }.not_to change(Notification, :count)
+      end
+
+      it "does not enqueue a NotificationDeliveryJob" do
+        expect { subject }
+          .not_to have_enqueued_job(Mails::Reminders::NotificationDeliveryJob)
+      end
+
+      it "marks the reminder as completed" do
+        subject
+        expect(reminder.reload).to be_completed
+      end
+    end
+
     context "when the reminder is already notified" do
       before do
         create(:reminder_notification, reminder: reminder, notification: create(:notification, read_ian: false))