Class: Guardian

Overview

The guardian is responsible for confirming access to various site resources and operations

Defined Under Namespace

Classes: AnonymousUser

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from UserGuardian

#allowed_user_field_ids, #can_anonymize_user?, #can_change_tracking_preferences?, #can_check_emails?, #can_check_sso_details?, #can_claim_reviewable_topic?, #can_delete_sso_record?, #can_delete_user?, #can_delete_user_associated_accounts?, #can_disable_second_factor?, #can_edit_email?, #can_edit_name?, #can_edit_user?, #can_edit_username?, #can_feature_topic?, #can_merge_user?, #can_merge_users?, #can_pick_avatar?, #can_reset_bounce_score?, #can_see_notifications?, #can_see_profile?, #can_see_review_queue?, #can_see_staff_info?, #can_see_summary_stats?, #can_see_suspension_reason?, #can_see_user?, #can_see_user_actions?, #can_see_warnings?, #can_silence_user?, #can_unsilence_user?, #can_upload_external?, #can_upload_profile_header?, #can_upload_user_card_background?, #public_can_see_profiles?, #restrict_user_fields?

Methods included from TopicGuardian

#affected_by_slow_mode?, #can_banner_topic?, #can_convert_topic?, #can_create_post_on_topic?, #can_create_shared_draft?, #can_create_topic?, #can_create_topic_on_category?, #can_create_unlisted_topic?, #can_create_whisper?, #can_delete_topic?, #can_edit_featured_link?, #can_edit_tags?, #can_edit_topic?, #can_get_access_to_topic?, #can_moderate_topic?, #can_move_posts?, #can_move_topic_to_category?, #can_perform_action_available_to_group_moderators?, #can_permanently_delete_topic?, #can_publish_topic?, #can_recover_topic?, #can_remove_allowed_users?, #can_reply_as_new_topic?, #can_review_topic?, #can_see_deleted_topics?, #can_see_shared_draft?, #can_see_topic?, #can_see_topic_ids, #can_see_unlisted_topics?, #can_see_whispers?, #can_toggle_topic_visibility?, #can_update_bumped_at?, #filter_allowed_categories, #is_in_edit_topic_groups?

Methods included from TagGuardian

#can_admin_tag_groups?, #can_admin_tags?, #can_create_tag?, #can_see_tag?, #can_tag_pms?, #can_tag_topics?, #hidden_tag_names

Methods included from SidebarGuardian

#can_create_public_sidebar_section?, #can_delete_sidebar_section?, #can_edit_sidebar_section?

Methods included from PostRevisionGuardian

#can_hide_post_revision?, #can_permanently_delete_post_revisions?, #can_see_post_revision?, #can_show_post_revision?, #can_view_hidden_post_revisions?

Methods included from PostGuardian

#can_change_post_owner?, #can_change_post_timestamps?, #can_change_post_type?, #can_create_post?, #can_delete_all_posts?, #can_delete_post?, #can_delete_post_action?, #can_delete_post_or_topic?, #can_edit_hidden_post?, #can_edit_post?, #can_lock_post?, #can_permanently_delete_post?, #can_post_link?, #can_rebake?, #can_receive_post_notifications?, #can_recover_post?, #can_see_deleted_post?, #can_see_deleted_posts?, #can_see_flagged_posts?, #can_see_hidden_post?, #can_see_post?, #can_see_post_actors?, #can_skip_bump?, #can_unhide?, #can_view_edit_history?, #can_view_raw_email?, #can_wiki?, #is_in_edit_post_groups?, #link_posting_access, #post_can_act?, #trusted_with_post_edits?, #unrestricted_link_posting?

Methods included from GroupGuardian

#can_admin_group?, #can_associate_groups?, #can_create_group?, #can_edit_group?, #can_see_group_messages?

Methods included from FlagGuardian

#can_create_flag?, #can_edit_flag?, #can_reorder_flag?, #can_toggle_flag?

Methods included from EnsureMagic

#ensure_can_see!, #method_missing

Methods included from CategoryGuardian

#allowed_category_ids, #can_create_category?, #can_delete_category?, #can_edit_category?, #can_edit_category_description?, #can_edit_serialized_category?, #can_post_in_category?, #can_see_category?, #can_see_serialized_category?, #secure_category_ids, #topic_featured_link_allowed_category_ids

Methods included from BookmarkGuardian

#can_delete_bookmark?, #can_edit_bookmark?, #can_see_bookmarkable?

Constructor Details

#initialize(user = nil, request = nil) ⇒ Guardian

Returns a new instance of Guardian.



101
102
103
104
# File 'lib/guardian.rb', line 101

def initialize(user = nil, request = nil)
  @user = user.presence || Guardian::AnonymousUser.new
  @request = request
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class EnsureMagic

Instance Attribute Details

#requestObject (readonly)

Returns the value of attribute request.



99
100
101
# File 'lib/guardian.rb', line 99

def request
  @request
end

Instance Method Details

#allow_themes?(theme_ids, include_preview: false) ⇒ Boolean

Returns:

  • (Boolean)


588
589
590
591
592
593
594
595
596
597
598
599
600
601
# File 'lib/guardian.rb', line 588

def allow_themes?(theme_ids, include_preview: false)
  return true if theme_ids.blank?

  if allowed_theme_ids = Theme.allowed_remote_theme_ids
    return false if (theme_ids - allowed_theme_ids).present?
  end

  return true if include_preview && is_staff? && (theme_ids - Theme.theme_ids).blank?

  parent = theme_ids.first
  components = theme_ids[1..-1] || []

  Theme.user_theme_ids.include?(parent) && (components - Theme.components_for(parent)).empty?
end

#allowed_theme_repo_import?(repo) ⇒ Boolean

Returns:

  • (Boolean)


576
577
578
579
580
581
582
583
584
585
586
# File 'lib/guardian.rb', line 576

def allowed_theme_repo_import?(repo)
  return false if !@user.admin?

  allowed_repos = GlobalSetting.allowed_theme_repos
  if !allowed_repos.blank?
    urls = allowed_repos.split(",").map(&:strip)
    return urls.include?(repo)
  end

  true
end

#anonymous?Boolean

Returns:

  • (Boolean)


111
112
113
# File 'lib/guardian.rb', line 111

def anonymous?
  !authenticated?
end

#auth_tokenObject



620
621
622
623
624
625
626
627
628
629
630
631
# File 'lib/guardian.rb', line 620

def auth_token
  return if !request

  token = Auth::DefaultCurrentUserProvider.find_v0_auth_cookie(request).presence

  if !token
    cookie = Auth::DefaultCurrentUserProvider.find_v1_auth_cookie(request.env)
    token = cookie[:token] if cookie
  end

  UserAuthToken.hash_token(token) if token
end

#authenticated?Boolean

Returns:

  • (Boolean)


115
116
117
# File 'lib/guardian.rb', line 115

def authenticated?
  @user.present?
end

#can_access_forum?Boolean

Support sites that have to approve users

Returns:

  • (Boolean)


400
401
402
403
404
405
406
407
408
# File 'lib/guardian.rb', line 400

def can_access_forum?
  return true unless SiteSetting.must_approve_users?
  return false if anonymous?

  # Staff can't lock themselves out of a site
  return true if is_staff?

  @user.approved?
end

#can_activate?(target) ⇒ Boolean

Returns:

  • (Boolean)


336
337
338
# File 'lib/guardian.rb', line 336

def can_activate?(target)
  is_staff? && target && not(target.active?)
end

#can_approve?(target) ⇒ Boolean

Can we approve it?

Returns:

  • (Boolean)


332
333
334
# File 'lib/guardian.rb', line 332

def can_approve?(target)
  is_staff? && target && target.active? && !target.approved?
end

#can_bulk_invite_to_forum?(user) ⇒ Boolean

Returns:

  • (Boolean)


453
454
455
# File 'lib/guardian.rb', line 453

def can_bulk_invite_to_forum?(user)
  user.admin?
end

#can_change_primary_group?(user, group) ⇒ Boolean

Returns:

  • (Boolean)


391
392
393
# File 'lib/guardian.rb', line 391

def can_change_primary_group?(user, group)
  user && can_edit_group?(group)
end

#can_change_trust_level?(user) ⇒ Boolean

Returns:

  • (Boolean)


395
396
397
# File 'lib/guardian.rb', line 395

def can_change_trust_level?(user)
  user && is_staff?
end

#can_create?(klass, parent = nil) ⇒ Boolean

Returns:

  • (Boolean)


181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# File 'lib/guardian.rb', line 181

def can_create?(klass, parent = nil)
  return false unless authenticated? && klass

  # If no parent is provided, we look for a can_create_klass?
  # custom method.
  #
  # If a parent is provided, we look for a method called
  # can_create_klass_on_parent?
  target = klass.name.underscore
  if parent.present?
    return false unless can_see?(parent)
    target << "_on_#{parent.class.name.underscore}"
  end
  create_method = :"can_create_#{target}?"

  return public_send(create_method, parent) if respond_to?(create_method)

  true
end

#can_delete?(obj) ⇒ Boolean

Can we delete the object

Returns:

  • (Boolean)


211
212
213
# File 'lib/guardian.rb', line 211

def can_delete?(obj)
  can_do?(:delete, obj)
end

#can_delete_reviewable_queued_post?(reviewable) ⇒ Boolean

Returns:

  • (Boolean)


246
247
248
249
250
251
252
# File 'lib/guardian.rb', line 246

def can_delete_reviewable_queued_post?(reviewable)
  return false if reviewable.blank?
  return false if !authenticated?
  return true if is_api? && is_admin?

  reviewable.target_created_by_id == @user.id
end

#can_destroy_all_invites?(user) ⇒ Boolean

Returns:

  • (Boolean)


461
462
463
# File 'lib/guardian.rb', line 461

def can_destroy_all_invites?(user)
  user.staff?
end

#can_edit?(obj) ⇒ Boolean

Can the user edit the obj

Returns:

  • (Boolean)


206
207
208
# File 'lib/guardian.rb', line 206

def can_edit?(obj)
  can_do?(:edit, obj)
end

#can_enable_safe_mode?Boolean

Returns:

  • (Boolean)


201
202
203
# File 'lib/guardian.rb', line 201

def can_enable_safe_mode?
  SiteSetting.enable_safe_mode? || is_staff?
end

#can_export_entity?(entity) ⇒ Boolean

Returns:

  • (Boolean)


539
540
541
542
543
544
545
546
547
548
549
550
551
# File 'lib/guardian.rb', line 539

def can_export_entity?(entity)
  return false if anonymous?
  return true if is_admin?
  return can_see_emails? if entity == "screened_email"
  return entity != "user_list" if is_moderator?

  # Regular users can only export their archives
  return false unless entity == "user_archive"
  UserExport.where(
    user_id: @user.id,
    created_at: (Time.zone.now.beginning_of_day..Time.zone.now.end_of_day),
  ).count == 0
end

#can_grant_admin?(user) ⇒ Boolean

Returns:

  • (Boolean)


349
350
351
# File 'lib/guardian.rb', line 349

def can_grant_admin?(user)
  can_administer_user?(user) && !user.admin?
end

#can_grant_badges?(_user) ⇒ Boolean

Returns:

  • (Boolean)


242
243
244
# File 'lib/guardian.rb', line 242

def can_grant_badges?(_user)
  SiteSetting.enable_badges && is_staff?
end

#can_grant_moderation?(user) ⇒ Boolean

Returns:

  • (Boolean)


357
358
359
# File 'lib/guardian.rb', line 357

def can_grant_moderation?(user)
  can_administer?(user) && !user.moderator?
end

#can_grant_title?(user, title = nil) ⇒ Boolean

Returns:

  • (Boolean)


361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
# File 'lib/guardian.rb', line 361

def can_grant_title?(user, title = nil)
  return true if user && is_staff?
  return false if title.nil?
  return true if title.empty? # A title set to '(none)' in the UI is an empty string
  return false if user != @user

  if user
       .badges
       .where(allow_title: true)
       .pluck(:name)
       .any? { |name| Badge.display_name(name) == title }
    return true
  end

  user.groups.where(title: title).exists?
end

#can_ignore_user?(target_user) ⇒ Boolean

Returns:

  • (Boolean)


567
568
569
# File 'lib/guardian.rb', line 567

def can_ignore_user?(target_user)
  can_ignore_users? && @user.id != target_user.id && !target_user.staff?
end

#can_ignore_users?Boolean

Returns:

  • (Boolean)


571
572
573
574
# File 'lib/guardian.rb', line 571

def can_ignore_users?
  return false if anonymous?
  @user.staff? || @user.in_any_groups?(SiteSetting.ignore_allowed_groups_map)
end

#can_impersonate?(target) ⇒ Boolean

Can we impersonate this user?

Returns:

  • (Boolean)


315
316
317
318
319
320
321
322
323
324
325
# File 'lib/guardian.rb', line 315

def can_impersonate?(target)
  GlobalSetting.allow_impersonation && target &&
    # You must be an admin to impersonate
    is_admin? &&
    # You may not impersonate other admins unless you are a dev
    (!target.admin? || is_developer?)

  # Additionally, you may not impersonate yourself;
  # but the two tests for different admin statuses
  # make it impossible to be the same user.
end

#can_invite_group_to_private_message?(group, topic) ⇒ Boolean

Returns:

  • (Boolean)


469
470
471
# File 'lib/guardian.rb', line 469

def can_invite_group_to_private_message?(group, topic)
  can_see_topic?(topic) && can_send_private_message?(group)
end

#can_invite_to?(object, groups = nil) ⇒ Boolean

Returns:

  • (Boolean)


424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
# File 'lib/guardian.rb', line 424

def can_invite_to?(object, groups = nil)
  return false if !authenticated?
  return false if !object.is_a?(Topic) || !can_see?(object)
  return false if groups.present?

  if object.is_a?(Topic)
    if object.private_message?
      return true if is_admin?

      return false if !@user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)
      return false if object.reached_recipients_limit? && !is_staff?
    end

    if (category = object.category) && category.read_restricted
      return category.groups&.where(automatic: false)&.any? { |g| can_edit_group?(g) }
    end
  end

  true
end

#can_invite_to_forum?(groups = nil) ⇒ Boolean

Returns:

  • (Boolean)


418
419
420
421
422
# File 'lib/guardian.rb', line 418

def can_invite_to_forum?(groups = nil)
  authenticated? && (is_staff? || SiteSetting.max_invites_per_day.to_i.positive?) &&
    (is_staff? || @user.in_any_groups?(SiteSetting.invite_allowed_groups_map)) &&
    (is_admin? || groups.blank? || groups.all? { |g| can_edit_group?(g) })
end

#can_invite_via_email?(object) ⇒ Boolean

Returns:

  • (Boolean)


445
446
447
448
449
450
451
# File 'lib/guardian.rb', line 445

def can_invite_via_email?(object)
  return false if !can_invite_to_forum?
  return false if !can_invite_to?(object)

  (SiteSetting.enable_local_logins || SiteSetting.enable_discourse_connect) &&
    (!SiteSetting.must_approve_users? || is_staff?)
end

#can_lazy_load_categories?Boolean

Returns:

  • (Boolean)


642
643
644
645
# File 'lib/guardian.rb', line 642

def can_lazy_load_categories?
  SiteSetting.lazy_load_categories_groups_map.include?(Group::AUTO_GROUPS[:everyone]) ||
    @user.in_any_groups?(SiteSetting.lazy_load_categories_groups_map)
end

#can_mention_here?Boolean

Returns:

  • (Boolean)


633
634
635
636
637
638
639
640
# File 'lib/guardian.rb', line 633

def can_mention_here?
  return false if SiteSetting.here_mention.blank?
  return false if SiteSetting.max_here_mentioned < 1
  return false if !authenticated?
  return false if User.where(username_lower: SiteSetting.here_mention).exists?

  @user.in_any_groups?(SiteSetting.here_mention_allowed_groups_map)
end

#can_moderate?(obj) ⇒ Boolean Also known as: can_see_flags?

Returns:

  • (Boolean)


219
220
221
222
223
224
225
# File 'lib/guardian.rb', line 219

def can_moderate?(obj)
  obj && authenticated? && !is_silenced? &&
    (
      is_staff? ||
        (obj.is_a?(Topic) && @user.has_trust_level?(TrustLevel[4]) && can_see_topic?(obj))
    )
end

#can_mute_user?(target_user) ⇒ Boolean

Returns:

  • (Boolean)


558
559
560
# File 'lib/guardian.rb', line 558

def can_mute_user?(target_user)
  can_mute_users? && @user.id != target_user.id && !target_user.staff?
end

#can_mute_users?Boolean

Returns:

  • (Boolean)


562
563
564
565
# File 'lib/guardian.rb', line 562

def can_mute_users?
  return false if anonymous?
  @user.staff? || @user.trust_level >= TrustLevel.levels[:basic]
end

#can_permanently_delete?(obj) ⇒ Boolean

Returns:

  • (Boolean)


215
216
217
# File 'lib/guardian.rb', line 215

def can_permanently_delete?(obj)
  can_do?(:permanently_delete, obj)
end

#can_publish_page?(topic) ⇒ Boolean

Returns:

  • (Boolean)


603
604
605
606
607
608
609
610
# File 'lib/guardian.rb', line 603

def can_publish_page?(topic)
  return false if !SiteSetting.enable_page_publishing?
  return false if SiteSetting.secure_uploads?
  return false if topic.blank?
  return false if topic.private_message?
  return false unless can_see_topic?(topic)
  is_staff?
end

#can_resend_all_invites?(user) ⇒ Boolean

Returns:

  • (Boolean)


457
458
459
# File 'lib/guardian.rb', line 457

def can_resend_all_invites?(user)
  user.staff?
end

#can_revoke_admin?(admin) ⇒ Boolean

Returns:

  • (Boolean)


345
346
347
# File 'lib/guardian.rb', line 345

def can_revoke_admin?(admin)
  can_administer_user?(admin) && admin.admin?
end

#can_revoke_moderation?(moderator) ⇒ Boolean

Returns:

  • (Boolean)


353
354
355
# File 'lib/guardian.rb', line 353

def can_revoke_moderation?(moderator)
  can_administer?(moderator) && moderator.moderator?
end

#can_see?(obj) ⇒ Boolean

Can the user see the object?

Returns:

  • (Boolean)


174
175
176
177
178
179
# File 'lib/guardian.rb', line 174

def can_see?(obj)
  if obj
    see_method = method_name_for :see, obj
    see_method && public_send(see_method, obj)
  end
end

#can_see_about_stats?Boolean

Returns:

  • (Boolean)


612
613
614
# File 'lib/guardian.rb', line 612

def can_see_about_stats?
  true
end

#can_see_emails?Boolean

Returns:

  • (Boolean)


553
554
555
556
# File 'lib/guardian.rb', line 553

def can_see_emails?
  return true if is_admin?
  SiteSetting.moderators_view_emails && is_moderator?
end

#can_see_group?(group) ⇒ Boolean

Returns:

  • (Boolean)


254
255
256
# File 'lib/guardian.rb', line 254

def can_see_group?(group)
  group.present? && can_see_groups?([group])
end

#can_see_group_members?(group) ⇒ Boolean

Returns:

  • (Boolean)


258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
# File 'lib/guardian.rb', line 258

def can_see_group_members?(group)
  return false if group.blank?
  return true if is_admin? || group.members_visibility_level == Group.visibility_levels[:public]
  return true if is_staff? && group.members_visibility_level == Group.visibility_levels[:staff]
  return true if is_staff? && group.members_visibility_level == Group.visibility_levels[:members]
  if authenticated? && group.members_visibility_level == Group.visibility_levels[:logged_on_users]
    return true
  end
  return false if user.blank?

  return false unless membership = GroupUser.find_by(group_id: group.id, user_id: user.id)
  return true if membership.owner

  return false if group.members_visibility_level == Group.visibility_levels[:owners]
  return false if group.members_visibility_level == Group.visibility_levels[:staff]

  true
end

#can_see_groups?(groups) ⇒ Boolean

Returns:

  • (Boolean)


277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
# File 'lib/guardian.rb', line 277

def can_see_groups?(groups)
  return false if groups.blank?
  if is_admin? || groups.all? { |g| g.visibility_level == Group.visibility_levels[:public] }
    return true
  end
  if is_staff? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:staff] }
    return true
  end
  if is_staff? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:members] }
    return true
  end
  if authenticated? &&
       groups.all? { |g| g.visibility_level == Group.visibility_levels[:logged_on_users] }
    return true
  end
  return false if user.blank?

  memberships = GroupUser.where(group: groups, user_id: user.id).pluck(:owner)
  return false if memberships.size < groups.size
  return true if memberships.all? # owner of all groups

  return false if groups.all? { |g| g.visibility_level == Group.visibility_levels[:owners] }
  return false if groups.all? { |g| g.visibility_level == Group.visibility_levels[:staff] }

  true
end

#can_see_groups_members?(groups) ⇒ Boolean

Returns:

  • (Boolean)


304
305
306
307
308
309
310
311
312
# File 'lib/guardian.rb', line 304

def can_see_groups_members?(groups)
  return false if groups.blank?

  requested_group_ids = groups.map(&:id) # Can't use pluck, groups could be a regular array
  matching_group_ids =
    Group.where(id: requested_group_ids).members_visible_groups(user).pluck(:id)

  matching_group_ids.sort == requested_group_ids.sort
end

#can_see_invite_details?(user) ⇒ Boolean

Returns:

  • (Boolean)


410
411
412
# File 'lib/guardian.rb', line 410

def can_see_invite_details?(user)
  is_staff? || is_me?(user)
end

#can_see_invite_emails?(user) ⇒ Boolean

Returns:

  • (Boolean)


414
415
416
# File 'lib/guardian.rb', line 414

def can_see_invite_emails?(user)
  is_staff? || is_me?(user)
end

#can_see_private_messages?(user_id) ⇒ Boolean

Returns:

  • (Boolean)


465
466
467
# File 'lib/guardian.rb', line 465

def can_see_private_messages?(user_id)
  is_admin? || (authenticated? && @user.id == user_id)
end

#can_see_site_contact_details?Boolean

Returns:

  • (Boolean)


616
617
618
# File 'lib/guardian.rb', line 616

def can_see_site_contact_details?
  !SiteSetting. || authenticated?
end

#can_see_tags?(topic) ⇒ Boolean

Returns:

  • (Boolean)


234
235
236
# File 'lib/guardian.rb', line 234

def can_see_tags?(topic)
  SiteSetting.tagging_enabled && topic.present? && (!topic.private_message? || can_tag_pms?)
end

#can_send_activation_email?(user) ⇒ Boolean

Returns:

  • (Boolean)


238
239
240
# File 'lib/guardian.rb', line 238

def can_send_activation_email?(user)
  user && is_staff? && !SiteSetting.must_approve_users?
end

#can_send_private_message?(target, notify_moderators: false) ⇒ Boolean

This should be used as a final check for when a user is sending a message to a target user or group.

Returns:

  • (Boolean)


497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
# File 'lib/guardian.rb', line 497

def can_send_private_message?(target, notify_moderators: false)
  target_is_user = target.is_a?(User)
  target_is_group = target.is_a?(Group)
  from_system = @user.is_system_user?

  # Must be a valid target
  return false if !(target_is_group || target_is_user)

  can_send_private_message =
    DiscoursePluginRegistry.apply_modifier(
      :guardian_can_send_private_message,
      target: target,
      user: @user,
    )
  return false if !can_send_private_message

  # Users can send messages to certain groups with the `everyone` messageable_level
  # even if they are not in personal_message_enabled_groups
  group_is_messageable = target_is_group && Group.messageable(@user).where(id: target.id).exists?

  # User is authenticated and can send PMs, this can be covered by trust levels as well via AUTO_GROUPS
  (can_send_private_messages?(notify_moderators: notify_moderators) || group_is_messageable) &&
    # User disabled private message
    (is_staff? || target_is_group || target.user_option.allow_private_messages) &&
    # Can't send PMs to suspended users
    (is_staff? || target_is_group || !target.suspended?) &&
    # Check group messageable level
    (from_system || target_is_user || group_is_messageable || notify_moderators) &&
    # Silenced users can only send PM to staff
    (!is_silenced? || target.staff?)
end

#can_send_private_messages?(notify_moderators: false) ⇒ Boolean

This should be used as a general, but not definitive, check for whether the user can send private messages generally, which is mostly useful for changing the UI.

Please otherwise use can_send_private_message?(target, notify_moderators) to check if a single target can be messaged.

Returns:

  • (Boolean)


480
481
482
483
484
485
486
487
488
489
490
491
492
# File 'lib/guardian.rb', line 480

def can_send_private_messages?(notify_moderators: false)
  from_system = @user.is_system_user?
  from_bot = @user.bot?

  # User is authenticated
  authenticated? &&
    # User can send PMs, this can be covered by trust levels as well via AUTO_GROUPS
    (
      is_staff? || from_bot || from_system ||
        (@user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)) ||
        notify_moderators
    )
end

#can_send_private_messages_to_email?Boolean

Returns:

  • (Boolean)


529
530
531
532
533
534
535
536
537
# File 'lib/guardian.rb', line 529

def can_send_private_messages_to_email?
  # Staged users must be enabled to create a temporary user.
  return false if !SiteSetting.enable_staged_users
  # User is authenticated
  return false if !authenticated?
  # User is trusted enough
  @user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map) &&
    @user.in_any_groups?(SiteSetting.send_email_messages_allowed_groups_map)
end

#can_suspend?(user) ⇒ Boolean Also known as: can_deactivate?

Returns:

  • (Boolean)


340
341
342
# File 'lib/guardian.rb', line 340

def can_suspend?(user)
  user && is_staff? && user.regular?
end

#can_tag?(topic) ⇒ Boolean

Returns:

  • (Boolean)


228
229
230
231
232
# File 'lib/guardian.rb', line 228

def can_tag?(topic)
  return false if topic.blank?

  topic.private_message? ? can_tag_pms? : can_tag_topics?
end

#can_use_flair_group?(user, group_id = nil) ⇒ Boolean

Returns:

  • (Boolean)


385
386
387
388
389
# File 'lib/guardian.rb', line 385

def can_use_flair_group?(user, group_id = nil)
  return false if !user || !group_id || !user.group_ids.include?(group_id.to_i)
  flair_icon, flair_upload_id = Group.where(id: group_id.to_i).pick(:flair_icon, :flair_upload_id)
  flair_icon.present? || flair_upload_id.present?
end

#can_use_primary_group?(user, group_id = nil) ⇒ Boolean

Returns:

  • (Boolean)


378
379
380
381
382
383
# File 'lib/guardian.rb', line 378

def can_use_primary_group?(user, group_id = nil)
  return false if !user || !group_id
  group = Group.find_by(id: group_id.to_i)

  user.group_ids.include?(group_id.to_i) && (group ? !group.automatic : false)
end

#can_view_action_logs?(target) ⇒ Boolean

Returns:

  • (Boolean)


327
328
329
# File 'lib/guardian.rb', line 327

def can_view_action_logs?(target)
  target.present? && is_staff?
end

#is_admin?Boolean

Returns:

  • (Boolean)


119
120
121
# File 'lib/guardian.rb', line 119

def is_admin?
  @user.admin?
end

#is_anonymous?Boolean

Returns:

  • (Boolean)


169
170
171
# File 'lib/guardian.rb', line 169

def is_anonymous?
  @user.anonymous?
end

#is_category_group_moderator?(category) ⇒ Boolean

Returns:

  • (Boolean)


135
136
137
138
139
140
141
142
143
144
145
146
147
148
# File 'lib/guardian.rb', line 135

def is_category_group_moderator?(category)
  return false if !category
  return false if !category_group_moderation_allowed?

  @group_moderator_categories ||= {}

  if @group_moderator_categories.key?(category.id)
    @group_moderator_categories[category.id]
  else
    @group_moderator_categories[category.id] = category_group_moderator_scope.exists?(
      id: category.id,
    )
  end
end

#is_developer?Boolean

Returns:

  • (Boolean)


154
155
156
157
158
159
160
161
162
163
# File 'lib/guardian.rb', line 154

def is_developer?
  @user &&
    (
      Rails.env.development? || (is_admin? && Developer.user_ids.include?(@user.id)) ||
        (
          Rails.configuration.respond_to?(:developer_emails) &&
            Rails.configuration.developer_emails.include?(@user.email)
        )
    )
end

#is_me?(other) ⇒ Boolean

Returns:

  • (Boolean)


647
648
649
# File 'lib/guardian.rb', line 647

def is_me?(other)
  other && authenticated? && other.is_a?(User) && @user == other
end

#is_moderator?Boolean

Returns:

  • (Boolean)


127
128
129
# File 'lib/guardian.rb', line 127

def is_moderator?
  @user.moderator?
end

#is_silenced?Boolean

Returns:

  • (Boolean)


150
151
152
# File 'lib/guardian.rb', line 150

def is_silenced?
  @user.silenced?
end

#is_staff?Boolean

Returns:

  • (Boolean)


123
124
125
# File 'lib/guardian.rb', line 123

def is_staff?
  @user.staff?
end

#is_staged?Boolean

Returns:

  • (Boolean)


165
166
167
# File 'lib/guardian.rb', line 165

def is_staged?
  @user.staged?
end

#is_whisperer?Boolean

Returns:

  • (Boolean)


131
132
133
# File 'lib/guardian.rb', line 131

def is_whisperer?
  @user.whisperer?
end

#userObject Also known as: current_user



106
107
108
# File 'lib/guardian.rb', line 106

def user
  @user.presence
end