Module: UserGuardian
- Included in:
- Guardian
- Defined in:
- lib/guardian/user_guardian.rb
Overview
mixin for all Guardian methods dealing with user permissions
Instance Method Summary collapse
- #allowed_user_field_ids(user) ⇒ Object
- #can_anonymize_user?(user) ⇒ Boolean
- #can_change_tracking_preferences?(user) ⇒ Boolean
- #can_check_emails?(user) ⇒ Boolean
- #can_check_sso_details?(user) ⇒ Boolean
- #can_claim_reviewable_topic?(topic) ⇒ Boolean
- #can_delete_sso_record?(user) ⇒ Boolean
- #can_delete_user?(user) ⇒ Boolean
- #can_delete_user_associated_accounts?(user) ⇒ Boolean
- #can_disable_second_factor?(user) ⇒ Boolean
- #can_edit_email?(user) ⇒ Boolean
- #can_edit_name?(user) ⇒ Boolean
- #can_edit_user?(user) ⇒ Boolean
- #can_edit_username?(user) ⇒ Boolean
- #can_feature_topic?(user, topic) ⇒ Boolean
- #can_merge_user?(user) ⇒ Boolean
- #can_merge_users?(source_user, target_user) ⇒ Boolean
- #can_pick_avatar?(user_avatar, upload) ⇒ Boolean
- #can_reset_bounce_score?(user) ⇒ Boolean
- #can_see_notifications?(user) ⇒ Boolean
- #can_see_profile?(user) ⇒ Boolean
- #can_see_review_queue? ⇒ Boolean
- #can_see_staff_info?(user) ⇒ Boolean
- #can_see_summary_stats?(target_user) ⇒ Boolean
- #can_see_suspension_reason?(user) ⇒ Boolean
- #can_see_user?(_user) ⇒ Boolean
- #can_see_user_actions?(user, action_types) ⇒ Boolean
- #can_see_warnings?(user) ⇒ Boolean
- #can_silence_user?(user) ⇒ Boolean
- #can_unsilence_user?(user) ⇒ Boolean
- #can_upload_external? ⇒ Boolean
- #can_upload_profile_header?(user) ⇒ Boolean
- #can_upload_user_card_background?(user) ⇒ Boolean
- #public_can_see_profiles? ⇒ Boolean
- #restrict_user_fields?(user) ⇒ Boolean
Instance Method Details
#allowed_user_field_ids(user) ⇒ Object
154 155 156 157 158 159 160 161 162 163 164 165 166 167 |
# File 'lib/guardian/user_guardian.rb', line 154 def allowed_user_field_ids(user) @allowed_user_field_ids ||= {} is_staff_or_is_me = is_staff? || is_me?(user) cache_key = is_staff_or_is_me ? :staff_or_me : :other @allowed_user_field_ids[cache_key] ||= begin if is_staff_or_is_me UserField.pluck(:id) else UserField.where("show_on_profile OR show_on_user_card").pluck(:id) end end end |
#can_anonymize_user?(user) ⇒ Boolean
76 77 78 |
# File 'lib/guardian/user_guardian.rb', line 76 def can_anonymize_user?(user) is_staff? && !user.nil? && !user.staff? && !user.email&.ends_with?(UserAnonymizer::EMAIL_SUFFIX) end |
#can_change_tracking_preferences?(user) ⇒ Boolean
220 221 222 |
# File 'lib/guardian/user_guardian.rb', line 220 def can_change_tracking_preferences?(user) (SiteSetting.allow_changing_staged_user_tracking || !user.staged) && can_edit_user?(user) end |
#can_check_emails?(user) ⇒ Boolean
96 97 98 |
# File 'lib/guardian/user_guardian.rb', line 96 def can_check_emails?(user) is_admin? || (is_staff? && SiteSetting.moderators_view_emails) end |
#can_check_sso_details?(user) ⇒ Boolean
100 101 102 |
# File 'lib/guardian/user_guardian.rb', line 100 def can_check_sso_details?(user) user && is_admin? end |
#can_claim_reviewable_topic?(topic) ⇒ Boolean
5 6 7 |
# File 'lib/guardian/user_guardian.rb', line 5 def can_claim_reviewable_topic?(topic) SiteSetting.reviewable_claiming != "disabled" && can_review_topic?(topic) end |
#can_delete_sso_record?(user) ⇒ Boolean
212 213 214 |
# File 'lib/guardian/user_guardian.rb', line 212 def can_delete_sso_record?(user) SiteSetting.enable_discourse_connect && user && is_admin? end |
#can_delete_user?(user) ⇒ Boolean
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/guardian/user_guardian.rb', line 60 def can_delete_user?(user) return false if user.nil? || user.admin? if is_me?(user) !SiteSetting.enable_discourse_connect && !user.has_more_posts_than?(SiteSetting.delete_user_self_max_post_count) else is_staff? && ( user.first_post_created_at.nil? || !user.has_more_posts_than?(User::MAX_STAFF_DELETE_POST_COUNT) || user.first_post_created_at > SiteSetting.delete_user_max_post_age.to_i.days.ago ) end end |
#can_delete_user_associated_accounts?(user) ⇒ Boolean
216 217 218 |
# File 'lib/guardian/user_guardian.rb', line 216 def can_delete_user_associated_accounts?(user) user && is_admin? end |
#can_disable_second_factor?(user) ⇒ Boolean
117 118 119 |
# File 'lib/guardian/user_guardian.rb', line 117 def can_disable_second_factor?(user) user && can_administer_user?(user) end |
#can_edit_email?(user) ⇒ Boolean
32 33 34 35 36 37 38 |
# File 'lib/guardian/user_guardian.rb', line 32 def can_edit_email?(user) return false if SiteSetting.auth_overrides_email? return false unless SiteSetting.email_editable? return true if is_staff? return false if is_anonymous? can_edit?(user) end |
#can_edit_name?(user) ⇒ Boolean
40 41 42 43 44 45 46 |
# File 'lib/guardian/user_guardian.rb', line 40 def can_edit_name?(user) return false unless SiteSetting.enable_names? return false if SiteSetting.auth_overrides_name? return true if is_staff? return false if is_anonymous? can_edit?(user) end |
#can_edit_user?(user) ⇒ Boolean
20 21 22 |
# File 'lib/guardian/user_guardian.rb', line 20 def can_edit_user?(user) is_me?(user) || is_staff? end |
#can_edit_username?(user) ⇒ Boolean
24 25 26 27 28 29 30 |
# File 'lib/guardian/user_guardian.rb', line 24 def can_edit_username?(user) return false if SiteSetting.auth_overrides_username? return true if is_staff? return false if SiteSetting.username_change_period <= 0 return false if is_anonymous? is_me?(user) && user.created_at > SiteSetting.username_change_period.days.ago end |
#can_feature_topic?(user, topic) ⇒ Boolean
169 170 171 172 173 174 175 176 |
# File 'lib/guardian/user_guardian.rb', line 169 def can_feature_topic?(user, topic) return false if topic.nil? return false if !SiteSetting.allow_featured_topic_on_user_profiles? return false if !is_me?(user) && !is_staff? return false if !topic.visible return false if topic.read_restricted_category? || topic. true end |
#can_merge_user?(user) ⇒ Boolean
80 81 82 |
# File 'lib/guardian/user_guardian.rb', line 80 def can_merge_user?(user) is_admin? && !user.nil? && !user.staff? end |
#can_merge_users?(source_user, target_user) ⇒ Boolean
84 85 86 |
# File 'lib/guardian/user_guardian.rb', line 84 def can_merge_users?(source_user, target_user) can_merge_user?(source_user) && !target_user.nil? end |
#can_pick_avatar?(user_avatar, upload) ⇒ Boolean
9 10 11 12 13 14 15 16 17 18 |
# File 'lib/guardian/user_guardian.rb', line 9 def can_pick_avatar?(user_avatar, upload) return false unless self.user return true if is_admin? # can always pick blank avatar return true if !upload return true if user_avatar.contains_upload?(upload.id) return true if upload.user_id == user_avatar.user_id || upload.user_id == user.id UserUpload.exists?(upload_id: upload.id, user_id: user.id) end |
#can_reset_bounce_score?(user) ⇒ Boolean
92 93 94 |
# File 'lib/guardian/user_guardian.rb', line 92 def can_reset_bounce_score?(user) user && is_staff? end |
#can_see_notifications?(user) ⇒ Boolean
48 49 50 |
# File 'lib/guardian/user_guardian.rb', line 48 def can_see_notifications?(user) is_me?(user) || is_admin? end |
#can_see_profile?(user) ⇒ Boolean
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 |
# File 'lib/guardian/user_guardian.rb', line 129 def can_see_profile?(user) return false if user.blank? return true if is_me?(user) || is_staff? profile_hidden = SiteSetting.allow_users_to_hide_profile && user.user_option&.hide_profile? return true if user.staff? && !profile_hidden if user.user_stat.blank? || user.user_stat.post_count == 0 return false if anonymous? || !@user.has_trust_level?(TrustLevel[2]) end if anonymous? || !@user.has_trust_level?(TrustLevel[1]) return user.has_trust_level?(TrustLevel[1]) && !profile_hidden end !profile_hidden end |
#can_see_review_queue? ⇒ Boolean
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'lib/guardian/user_guardian.rb', line 178 def can_see_review_queue? is_staff? || ( SiteSetting.enable_category_group_moderation && Reviewable .joins( "INNER JOIN category_moderation_groups ON category_moderation_groups.category_id = reviewables.category_id", ) .where( category_id: allowed_category_ids, "category_moderation_groups.group_id": @user.group_users.pluck(:group_id), ) .exists? ) end |
#can_see_staff_info?(user) ⇒ Boolean
108 109 110 |
# File 'lib/guardian/user_guardian.rb', line 108 def can_see_staff_info?(user) user && is_staff? end |
#can_see_summary_stats?(target_user) ⇒ Boolean
194 195 196 |
# File 'lib/guardian/user_guardian.rb', line 194 def can_see_summary_stats?(target_user) true end |
#can_see_suspension_reason?(user) ⇒ Boolean
112 113 114 115 |
# File 'lib/guardian/user_guardian.rb', line 112 def can_see_suspension_reason?(user) return true unless SiteSetting.hide_suspension_reasons? user == @user || is_staff? end |
#can_see_user?(_user) ⇒ Boolean
121 122 123 |
# File 'lib/guardian/user_guardian.rb', line 121 def can_see_user?(_user) true end |
#can_see_user_actions?(user, action_types) ⇒ Boolean
148 149 150 151 152 |
# File 'lib/guardian/user_guardian.rb', line 148 def can_see_user_actions?(user, action_types) return true if !@user.anonymous? && (@user.id == user.id || is_admin?) return false if SiteSetting.hide_user_activity_tab? (action_types & UserAction.private_types).empty? end |
#can_see_warnings?(user) ⇒ Boolean
88 89 90 |
# File 'lib/guardian/user_guardian.rb', line 88 def can_see_warnings?(user) user && (is_me?(user) || is_staff?) end |
#can_silence_user?(user) ⇒ Boolean
52 53 54 |
# File 'lib/guardian/user_guardian.rb', line 52 def can_silence_user?(user) user && is_staff? && not(user.staff?) end |
#can_unsilence_user?(user) ⇒ Boolean
56 57 58 |
# File 'lib/guardian/user_guardian.rb', line 56 def can_unsilence_user?(user) user && is_staff? end |
#can_upload_external? ⇒ Boolean
208 209 210 |
# File 'lib/guardian/user_guardian.rb', line 208 def can_upload_external? !ExternalUploadManager.user_banned?(user) end |
#can_upload_profile_header?(user) ⇒ Boolean
198 199 200 201 |
# File 'lib/guardian/user_guardian.rb', line 198 def can_upload_profile_header?(user) (is_me?(user) && user.in_any_groups?(SiteSetting.profile_background_allowed_groups_map)) || is_staff? end |
#can_upload_user_card_background?(user) ⇒ Boolean
203 204 205 206 |
# File 'lib/guardian/user_guardian.rb', line 203 def can_upload_user_card_background?(user) (is_me?(user) && user.in_any_groups?(SiteSetting.user_card_background_allowed_groups_map)) || is_staff? end |
#public_can_see_profiles? ⇒ Boolean
125 126 127 |
# File 'lib/guardian/user_guardian.rb', line 125 def public_can_see_profiles? !SiteSetting.hide_user_profiles_from_public || !anonymous? end |
#restrict_user_fields?(user) ⇒ Boolean
104 105 106 |
# File 'lib/guardian/user_guardian.rb', line 104 def restrict_user_fields?(user) (user.trust_level == TrustLevel[0] && anonymous?) || !can_see_profile?(user) end |