discourse/app/serializers/admin_detailed_user_seriali...

# frozen_string_literal: true

class AdminDetailedUserSerializer < AdminUserSerializer

  attributes :moderator,
             :can_grant_admin,
             :can_revoke_admin,
             :can_grant_moderation,
             :can_revoke_moderation,
             :can_impersonate,
             :like_count,
             :like_given_count,
             :post_count,
             :topic_count,
             :post_edits_count,
             :flags_given_count,
             :flags_received_count,
             :private_topics_count,
             :can_delete_all_posts,
             :can_be_deleted,
             :can_be_anonymized,
             :can_be_merged,
             :full_suspend_reason,
             :suspended_till,
             :silence_reason,
             :penalty_counts,
             :next_penalty,
             :primary_group_id,
             :badge_count,
             :warnings_received_count,
             :user_fields,
             :bounce_score,
             :reset_bounce_score_after,
             :can_view_action_logs,
             :second_factor_enabled,
             :can_disable_second_factor,
             :can_delete_sso_record,
             :api_key_count,
             :external_ids

  has_one :approved_by, serializer: BasicUserSerializer, embed: :objects
  has_one :suspended_by, serializer: BasicUserSerializer, embed: :objects
  has_one :silenced_by, serializer: BasicUserSerializer, embed: :objects
  has_one :tl3_requirements, serializer: TrustLevel3RequirementsSerializer, embed: :objects
  has_many :groups, embed: :object, serializer: BasicGroupSerializer

  def second_factor_enabled
    object.totp_enabled? || object.security_keys_enabled? || object.backup_codes_enabled?
  end

  def can_disable_second_factor
    scope.is_admin? && (object&.id != scope.user.id)
  end

  def can_revoke_admin
    scope.can_revoke_admin?(object)
  end

  def can_grant_admin
    scope.can_grant_admin?(object)
  end

  def can_revoke_moderation
    scope.can_revoke_moderation?(object)
  end

  def can_grant_moderation
    scope.can_grant_moderation?(object)
  end

  def can_delete_all_posts
    scope.can_delete_all_posts?(object)
  end

  def can_be_deleted
    scope.can_delete_user?(object)
  end

  def can_be_anonymized
    scope.can_anonymize_user?(object)
  end

  def can_be_merged
    scope.can_merge_user?(object)
  end

  def topic_count
    object.topics.count
  end

  def include_api_key?
    scope.is_admin? && api_key.present?
  end

  def suspended_by
    object.suspend_record.try(:acting_user)
  end

  def silence_reason
    object.silence_reason
  end

  def penalty_counts
    TrustLevel3Requirements.new(object).penalty_counts
  end

  def next_penalty
    step_number = penalty_counts.total
    steps = SiteSetting.penalty_step_hours.split('|')
    step_number = [step_number, steps.length].min
    penalty_hours = steps[step_number]
    Integer(penalty_hours, 10).hours.from_now
  rescue
    nil
  end

  def silenced_by
    object.silenced_record.try(:acting_user)
  end

  def include_tl3_requirements?
    object.has_trust_level?(TrustLevel[2])
  end

  def include_user_fields?
    object.user_fields.present?
  end

  def bounce_score
    object.user_stat.bounce_score
  end

  def reset_bounce_score_after
    object.user_stat.reset_bounce_score_after
  end

  def can_view_action_logs
    scope.can_view_action_logs?(object)
  end

  def post_count
    object.posts.count
  end

  def api_key_count
    object.api_keys.active.count
  end

  def external_ids
    external_ids = {}

    object.user_associated_accounts.map do |user_associated_account|
      external_ids[user_associated_account.provider_name] = user_associated_account.provider_uid
    end

    external_ids
  end

  def can_delete_sso_record
    scope.can_delete_sso_record?(object)
  end
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`class AdminDetailedUserSerializer < AdminUserSerializer`

			`attributes :moderator,`
Fix all the trailing whitespace 2013-02-07 10:45:24 -05:00			`:can_grant_admin,`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`:can_revoke_admin,`
Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-12 17:58:08 -05:00			`:can_grant_moderation,`
			`:can_revoke_moderation,`
			`:can_impersonate,`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`:like_count,`
Show total likes given. Put likes given/received and flags given/received together. 2014-08-22 15:23:10 -04:00			`:like_given_count,`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`:post_count,`
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too 2013-07-26 15:40:08 -04:00			`:topic_count,`
FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00			`:post_edits_count,`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`:flags_given_count,`
			`:flags_received_count,`
added delete all posts button wired up the ability to enable all themes 2013-02-07 02:11:56 -05:00			`:private_topics_count,`
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too 2013-07-26 15:40:08 -04:00			`:can_delete_all_posts,`
When banning a user, a reason can be provided. The user will see this reason when trying to log in. Also log bans and unbans in the staff action logs. 2013-11-01 10:47:03 -04:00			`:can_be_deleted,`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`:can_be_anonymized,`
UX: display 'merge' button in all non-staff user profiles. 2020-04-22 08:12:09 -04:00			`:can_be_merged,`
FIX: Only show the full suspension reason on the admin side 2017-12-07 13:20:42 -05:00			`:full_suspend_reason,`
UX: Nicer selection of suspend duration 2017-09-13 16:44:47 -04:00			`:suspended_till,`
FEATURE: Support an end date for user silencing 2017-11-13 13:41:36 -05:00			`:silence_reason,`
FEATURE: Penalty history improvements (#13359) * FEATURE: add penalty history when silencing a user Display penalty history (last 6 months) when silencing/suspending a user * FEATURE: allow default penalty values to be chosen Adds a site setting that designates default penalty values in hours. Silence/suspend modals will auto-fill in the default values, but otherwise will still allow moderators to pick and overwrite values as normal. First silence/suspend: first value Second silence/suspend: second value etc. Penalty counts are forgiven at the same rate as tl3 promotion requirements do. Co-authored-by: jjaffeux <j.jaffeux@gmail.com> 2021-07-12 14:36:56 -04:00			`:penalty_counts,`
			`:next_penalty,`
Display badge count in the user admin page. 2014-04-16 06:22:21 -04:00			`:primary_group_id,`
Revert "Revert "FEATURE: Can create warnings for users via PM"" This reverts commit 1c7559380c145136726028ae9f2aeea6f351eb78. 2014-09-08 11:11:56 -04:00			`:badge_count,`
FEATURE: Show user fields when the user is signing up 2014-09-26 14:48:34 -04:00			`:warnings_received_count,`
Lots bounce emails related fixes - Show bounce score on user admin page - Added reset bounce score button on user admin page - Only whitelisted email types are sent to emails with high bounce score - FIX: properly detect bounces even when there is no TO: header in the email - Don't desactivate a user when reaching the bounce threshold 2016-05-06 13:34:33 -04:00			`:user_fields,`
			`:bounce_score,`
FEATURE: add a button on admin user page that links to action log 2017-02-21 07:45:30 -05:00			`:reset_bounce_score_after,`
FEATURE: Implement 2factor login TOTP implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts 2017-12-21 20:18:12 -05:00			`:can_view_action_logs,`
			`:second_factor_enabled,`
FEATURE: Overhaul of admin API key system (#8284) - Allow revoking keys without deleting them - Auto-revoke keys after a period of no use (default 6 months) - Allow multiple keys per user - Allow attaching a description to each key, for easier auditing - Log changes to keys in the staff action log - Move all key management to one place, and improve the UI 2019-11-05 09:10:23 -05:00			`:can_disable_second_factor,`
FEATURE: Allow admins to delete user SSO records in the UI (#10669) Also displays the user's last payload in the admin UI to help with debugging SSO issues. 2020-09-15 10:00:10 -04:00			`:can_delete_sso_record,`
FEATURE: API to create user's associated account (#15737) Discourse users and associated accounts are created or updated when a user logins or connects the account using their account preferences. This new API can be used to create associated accounts and users too, if necessary. 2022-03-03 11:17:02 -05:00			`:api_key_count,`
			`:external_ids`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`has_one :approved_by, serializer: BasicUserSerializer, embed: :objects`
Used the term suspended instead of banned. 2013-11-07 13:53:32 -05:00			`has_one :suspended_by, serializer: BasicUserSerializer, embed: :objects`
FEATURE: Support an end date for user silencing 2017-11-13 13:41:36 -05:00			`has_one :silenced_by, serializer: BasicUserSerializer, embed: :objects`
Rename 'leader' -> 'tl3' 2014-09-24 20:19:26 -04:00			`has_one :tl3_requirements, serializer: TrustLevel3RequirementsSerializer, embed: :objects`
Improved Group Member Management on User Administration Allows for a quick and easy group membership management on the user-administration page. Uses the select2 UI component to autosuggest other groups, remove existing ones and lock in automatic groups. 2014-07-13 14:11:38 -04:00			`has_many :groups, embed: :object, serializer: BasicGroupSerializer`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 01:44:51 -05:00			`def second_factor_enabled`
FIX: do not lock account if backup codes are available (#18982) Currently, we have available three 2fa methods: - Token-Based Authenticators - Physical Security Keys - Two-Factor Backup Codes If the first two are deleted, user lose visibility of their backup codes, which suggests that 2fa is disabled. However, when they try to authenticate, the account is locked, and they have to ask admin to fix that problem. This PR is fixing the issue. User still sees backup codes in their panel and can use them to authenticate. In next PR, I will improve UI to clearly notify the user when 2fa is fully disabled and when it is still active. 2022-11-10 21:00:06 -05:00			`object.totp_enabled? \|\| object.security_keys_enabled? \|\| object.backup_codes_enabled?`
FEATURE: Implement 2factor login TOTP implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts 2017-12-21 20:18:12 -05:00			`end`

			`def can_disable_second_factor`
FIX: Disable security keys at same time as TOTP 2FA (#10144) Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior. * FIX: Only offer disabling 2FA to admins 2020-07-07 15:19:30 -04:00			`scope.is_admin? && (object&.id != scope.user.id)`
FEATURE: Implement 2factor login TOTP implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts 2017-12-21 20:18:12 -05:00			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`def can_revoke_admin`
			`scope.can_revoke_admin?(object)`
			`end`

			`def can_grant_admin`
			`scope.can_grant_admin?(object)`
			`end`
Fix all the trailing whitespace 2013-02-07 10:45:24 -05:00
Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-12 17:58:08 -05:00			`def can_revoke_moderation`
			`scope.can_revoke_moderation?(object)`
			`end`

			`def can_grant_moderation`
			`scope.can_grant_moderation?(object)`
			`end`

added delete all posts button wired up the ability to enable all themes 2013-02-07 02:11:56 -05:00			`def can_delete_all_posts`
			`scope.can_delete_all_posts?(object)`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too 2013-07-26 15:40:08 -04:00			`def can_be_deleted`
			`scope.can_delete_user?(object)`
			`end`

FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`def can_be_anonymized`
			`scope.can_anonymize_user?(object)`
			`end`

UX: display 'merge' button in all non-staff user profiles. 2020-04-22 08:12:09 -04:00			`def can_be_merged`
			`scope.can_merge_user?(object)`
			`end`

Add button to delete a spammer in the flag modal Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI Moderators can delete users too 2013-07-26 15:40:08 -04:00			`def topic_count`
			`object.topics.count`
			`end`

Support for per-user API keys 2013-10-22 15:53:08 -04:00			`def include_api_key?`
SECURITY: Moderators should not see API keys 2015-10-14 15:40:23 -04:00			`scope.is_admin? && api_key.present?`
Support for per-user API keys 2013-10-22 15:53:08 -04:00			`end`

Used the term suspended instead of banned. 2013-11-07 13:53:32 -05:00			`def suspended_by`
			`object.suspend_record.try(:acting_user)`
When banning a user, a reason can be provided. The user will see this reason when trying to log in. Also log bans and unbans in the staff action logs. 2013-11-01 10:47:03 -04:00			`end`

FEATURE: Support an end date for user silencing 2017-11-13 13:41:36 -05:00			`def silence_reason`
			`object.silence_reason`
			`end`

FEATURE: Penalty history improvements (#13359) * FEATURE: add penalty history when silencing a user Display penalty history (last 6 months) when silencing/suspending a user * FEATURE: allow default penalty values to be chosen Adds a site setting that designates default penalty values in hours. Silence/suspend modals will auto-fill in the default values, but otherwise will still allow moderators to pick and overwrite values as normal. First silence/suspend: first value Second silence/suspend: second value etc. Penalty counts are forgiven at the same rate as tl3 promotion requirements do. Co-authored-by: jjaffeux <j.jaffeux@gmail.com> 2021-07-12 14:36:56 -04:00			`def penalty_counts`
			`TrustLevel3Requirements.new(object).penalty_counts`
			`end`

			`def next_penalty`
			`step_number = penalty_counts.total`
			`steps = SiteSetting.penalty_step_hours.split('\|')`
			`step_number = [step_number, steps.length].min`
			`penalty_hours = steps[step_number]`
			`Integer(penalty_hours, 10).hours.from_now`
			`rescue`
			`nil`
			`end`

FEATURE: Support an end date for user silencing 2017-11-13 13:41:36 -05:00			`def silenced_by`
			`object.silenced_record.try(:acting_user)`
			`end`

Rename 'leader' -> 'tl3' 2014-09-24 20:19:26 -04:00			`def include_tl3_requirements?`
Internal renaming of elder,leader,regular,basic to numbers Changed internals so trust levels are referred to with TrustLevel[1], TrustLevel[2] etc. This gives us much better flexibility naming trust levels, these names are meant to be controlled by various communities. 2014-09-05 01:20:39 -04:00			`object.has_trust_level?(TrustLevel[2])`
Add a page in admin to view trust level 3 requirements for a user. Only shows for users who are currently at trust level 2. 2014-01-22 17:09:56 -05:00			`end`

FEATURE: Show user fields when the user is signing up 2014-09-26 14:48:34 -04:00			`def include_user_fields?`
			`object.user_fields.present?`
			`end`

Lots bounce emails related fixes - Show bounce score on user admin page - Added reset bounce score button on user admin page - Only whitelisted email types are sent to emails with high bounce score - FIX: properly detect bounces even when there is no TO: header in the email - Don't desactivate a user when reaching the bounce threshold 2016-05-06 13:34:33 -04:00			`def bounce_score`
			`object.user_stat.bounce_score`
			`end`

			`def reset_bounce_score_after`
			`object.user_stat.reset_bounce_score_after`
			`end`

FEATURE: add a button on admin user page that links to action log 2017-02-21 07:45:30 -05:00			`def can_view_action_logs`
			`scope.can_view_action_logs?(object)`
			`end`

FIX: admin user page should show count of all posts, including private messages, so admins can delete them. This bug was making it impossible to delete users. 2017-03-17 17:01:45 -04:00			`def post_count`
			`object.posts.count`
			`end`

FEATURE: Overhaul of admin API key system (#8284) - Allow revoking keys without deleting them - Auto-revoke keys after a period of no use (default 6 months) - Allow multiple keys per user - Allow attaching a description to each key, for easier auditing - Log changes to keys in the staff action log - Move all key management to one place, and improve the UI 2019-11-05 09:10:23 -05:00			`def api_key_count`
			`object.api_keys.active.count`
			`end`
FEATURE: Allow admins to delete user SSO records in the UI (#10669) Also displays the user's last payload in the admin UI to help with debugging SSO issues. 2020-09-15 10:00:10 -04:00
FEATURE: API to create user's associated account (#15737) Discourse users and associated accounts are created or updated when a user logins or connects the account using their account preferences. This new API can be used to create associated accounts and users too, if necessary. 2022-03-03 11:17:02 -05:00			`def external_ids`
			`external_ids = {}`

			`object.user_associated_accounts.map do \|user_associated_account\|`
			`external_ids[user_associated_account.provider_name] = user_associated_account.provider_uid`
			`end`

			`external_ids`
			`end`

FEATURE: Allow admins to delete user SSO records in the UI (#10669) Also displays the user's last payload in the admin UI to help with debugging SSO issues. 2020-09-15 10:00:10 -04:00			`def can_delete_sso_record`
			`scope.can_delete_sso_record?(object)`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`