Maintenance: Improve handling of config updates.

app/models/setting.rb

@@ -183,7 +183,7 @@ reload config settings
     true
   end
 
-  # notify clients about public config changes
+  # Notify clients about config changes.
   def check_broadcast
     return true if frontend != true
 
@@ -196,7 +196,7 @@ reload config settings
         event: 'config_update',
         data:  { name: name, value: value }
       },
-      'public'
+      preferences[:authentication] ? 'authenticated' : 'public'
     )
     true
   end

spec/models/setting_spec.rb

@@ -56,4 +56,36 @@ RSpec.describe Setting, type: :model do
       end
     end
   end
+
+  describe 'check_broadcast' do
+    context 'when setting is non-frontend' do
+      subject(:setting) { build(:setting, name: 'broadcast_test', state: 'foo', frontend: false) }
+
+      it 'does not broadcast' do
+        allow(Sessions).to receive(:broadcast)
+        setting.save
+        expect(Sessions).not_to have_received(:broadcast)
+      end
+    end
+
+    context 'when setting is public' do
+      subject(:setting) { build(:setting, name: 'broadcast_test', state: 'foo', frontend: true) }
+
+      it 'broadcasts to public' do
+        allow(Sessions).to receive(:broadcast)
+        setting.save
+        expect(Sessions).to have_received(:broadcast).with({ data: { name: 'broadcast_test', value: 'foo' }, event: 'config_update' }, 'public')
+      end
+    end
+
+    context 'when setting requires authentication' do
+      subject(:setting) { build(:setting, name: 'broadcast_test', state: 'foo', frontend: true, preferences: { authentication: true }) }
+
+      it 'broadcasts to authenticated only' do
+        allow(Sessions).to receive(:broadcast)
+        setting.save
+        expect(Sessions).to have_received(:broadcast).with({ data: { name: 'broadcast_test', value: 'foo' }, event: 'config_update' }, 'authenticated')
+      end
+    end
+  end
 end