discourse/app/models/user_history.rb

# UserHistory stores information about actions that users have taken,
# like deleting users, changing site settings, dimissing notifications, etc.
# Use other classes, like StaffActionLogger, to log records to this table.
class UserHistory < ActiveRecord::Base
  belongs_to :acting_user, class_name: 'User'
  belongs_to :target_user, class_name: 'User'

  belongs_to :post
  belongs_to :topic
  belongs_to :category

  validates_presence_of :action

  scope :only_staff_actions, -> { where("action IN (?)", UserHistory.staff_action_ids) }

  before_save :set_admin_only

  def self.actions
    @actions ||= Enum.new(delete_user: 1,
                          change_trust_level: 2,
                          change_site_setting: 3,
                          change_theme: 4,
                          delete_theme: 5,
                          checked_for_custom_avatar: 6, # not used anymore
                          notified_about_avatar: 7,
                          notified_about_sequential_replies: 8,
                          notified_about_dominating_topic: 9,
                          suspend_user: 10,
                          unsuspend_user: 11,
                          facebook_no_email: 12,
                          grant_badge: 13,
                          revoke_badge: 14,
                          auto_trust_level_change: 15,
                          check_email: 16,
                          delete_post: 17,
                          delete_topic: 18,
                          impersonate: 19,
                          roll_up: 20,
                          change_username: 21,
                          custom: 22,
                          custom_staff: 23,
                          anonymize_user: 24,
                          reviewed_post: 25,
                          change_category_settings: 26,
                          delete_category: 27,
                          create_category: 28,
                          change_site_text: 29,
                          block_user: 30,
                          unblock_user: 31,
                          grant_admin: 32,
                          revoke_admin: 33,
                          grant_moderation: 34,
                          revoke_moderation: 35,
                          backup_create: 36,
                          rate_limited_like: 37, # not used anymore
                          revoke_email: 38,
                          deactivate_user: 39,
                          wizard_step: 40,
                          lock_trust_level: 41,
                          unlock_trust_level: 42,
                          activate_user: 43,
                          change_readonly_mode: 44,
                          backup_download: 45,
                          backup_destroy: 46,
                          notified_about_get_a_room: 47,
                          change_name: 48)
  end

  # Staff actions is a subset of all actions, used to audit actions taken by staff users.
  def self.staff_actions
    @staff_actions ||= [:delete_user,
                        :change_trust_level,
                        :change_site_setting,
                        :change_theme,
                        :delete_theme,
                        :change_site_text,
                        :suspend_user,
                        :unsuspend_user,
                        :grant_badge,
                        :revoke_badge,
                        :check_email,
                        :delete_post,
                        :delete_topic,
                        :impersonate,
                        :roll_up,
                        :change_username,
                        :custom_staff,
                        :anonymize_user,
                        :reviewed_post,
                        :change_category_settings,
                        :delete_category,
                        :create_category,
                        :block_user,
                        :unblock_user,
                        :grant_admin,
                        :revoke_admin,
                        :grant_moderation,
                        :revoke_moderation,
                        :backup_create,
                        :revoke_email,
                        :deactivate_user,
                        :lock_trust_level,
                        :unlock_trust_level,
                        :activate_user,
                        :change_readonly_mode,
                        :backup_download,
                        :backup_destroy]
  end

  def self.staff_action_ids
    @staff_action_ids ||= staff_actions.map { |a| actions[a] }
  end

  def self.admin_only_action_ids
    @admin_only_action_ids ||= [actions[:change_site_setting]]
  end

  def self.with_filters(filters)
    query = self
    query = query.where(action: filters[:action_id]) if filters[:action_id].present?
    query = query.where(custom_type: filters[:custom_type]) if filters[:custom_type].present?

    [:acting_user, :target_user].each do |key|
      if filters[key] && (obj_id = User.where(username_lower: filters[key].downcase).pluck(:id))
        query = query.where("#{key}_id = ?", obj_id)
      end
    end
    query = query.where("subject = ?", filters[:subject]) if filters[:subject]
    query
  end

  def self.for(user, action_type)
    self.where(target_user_id: user.id, action: UserHistory.actions[action_type])
  end

  def self.exists_for_user?(user, action_type, opts = nil)
    opts = opts || {}
    result = self.where(target_user_id: user.id, action: UserHistory.actions[action_type])
    result = result.where(topic_id: opts[:topic_id]) if opts[:topic_id]
    result.exists?
  end

  def self.staff_filters
    [:action_id, :custom_type, :acting_user, :target_user, :subject]
  end

  def self.staff_action_records(viewer, opts = nil)
    opts ||= {}
    query = self.with_filters(opts.slice(*staff_filters)).only_staff_actions.limit(200).order('id DESC').includes(:acting_user, :target_user)
    query = query.where(admin_only: false) unless viewer && viewer.admin?
    query
  end

  def set_admin_only
    self.admin_only = UserHistory.admin_only_action_ids.include?(self.action)
    self
  end

  def new_value_is_json?
    [UserHistory.actions[:change_theme], UserHistory.actions[:delete_theme]].include?(action)
  end

  def previous_value_is_json?
    new_value_is_json?
  end
end

# == Schema Information
#
# Table name: user_histories
#
#  id             :integer          not null, primary key
#  action         :integer          not null
#  acting_user_id :integer
#  target_user_id :integer
#  details        :text
#  created_at     :datetime         not null
#  updated_at     :datetime         not null
#  context        :string
#  ip_address     :string
#  email          :string
#  subject        :text
#  previous_value :text
#  new_value      :text
#  topic_id       :integer
#  admin_only     :boolean          default(FALSE)
#  post_id        :integer
#  custom_type    :string
#  category_id    :integer
#
# Indexes
#
#  index_user_histories_on_acting_user_id_and_action_and_id  (acting_user_id,action,id)
#  index_user_histories_on_action_and_id                     (action,id)
#  index_user_histories_on_category_id                       (category_id)
#  index_user_histories_on_subject_and_id                    (subject,id)
#  index_user_histories_on_target_user_id_and_id             (target_user_id,id)
#
Rename StaffActionLog to UserHistory 2013-09-10 21:21:16 -04:00			`# UserHistory stores information about actions that users have taken,`
			`# like deleting users, changing site settings, dimissing notifications, etc.`
			`# Use other classes, like StaffActionLogger, to log records to this table.`
			`class UserHistory < ActiveRecord::Base`
			`belongs_to :acting_user, class_name: 'User'`
			`belongs_to :target_user, class_name: 'User'`
Add ability to destroy a user with 0 posts 2013-04-11 16:04:20 -04:00
FEATURE: log topic/post deletions from staff members 2014-10-01 11:40:13 -04:00			`belongs_to :post`
			`belongs_to :topic`
FEATURE: Log staff actions for Category changes. 2015-09-17 03:51:32 -04:00			`belongs_to :category`
FEATURE: log topic/post deletions from staff members 2014-10-01 11:40:13 -04:00
Add ability to destroy a user with 0 posts 2013-04-11 16:04:20 -04:00			`validates_presence_of :action`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`scope :only_staff_actions, -> { where("action IN (?)", UserHistory.staff_action_ids) }`
Rename StaffActionLog to UserHistory 2013-09-10 21:21:16 -04:00
FIX: moderators should not be able to see site setting changes in the staff action logs. Fixes #2027 2014-02-28 16:30:45 -05:00			`before_save :set_admin_only`

Add ability to destroy a user with 0 posts 2013-04-11 16:04:20 -04:00			`def self.actions`
Enums that are used in tables need to be stable 2016-01-08 05:53:52 -05:00			`@actions \|\|= Enum.new(delete_user: 1,`
			`change_trust_level: 2,`
			`change_site_setting: 3,`
FEATURE: Native theme support This feature introduces the concept of themes. Themes are an evolution of site customizations. Themes introduce two very big conceptual changes: - A theme may include other "child themes", children can include grand children and so on. - A theme may specify a color scheme The change does away with the idea of "enabled" color schemes. It also adds a bunch of big niceties like - You can source a theme from a git repo - History for themes is much improved - You can only have a single enabled theme. Themes can be selected by users, if you opt for it. On a technical level this change comes with a whole bunch of goodies - All CSS is now compiled using a custom pipeline that uses libsass see /lib/stylesheet - There is a single pipeline for css compilation (in the past we used one for customizations and another one for the rest of the app - The stylesheet pipeline is now divorced of sprockets, there is no reliance on sprockets for CSS bundling - CSS is generated with source maps everywhere (including themes) this makes debugging much easier - Our "live reloader" is smarter and avoid a flash of unstyled content we run a file watcher in "puma" in dev so you no longer need to run rake autospec to watch for CSS changes 2017-04-12 10:52:52 -04:00			`change_theme: 4,`
			`delete_theme: 5,`
Enums that are used in tables need to be stable 2016-01-08 05:53:52 -05:00			`checked_for_custom_avatar: 6, # not used anymore`
			`notified_about_avatar: 7,`
			`notified_about_sequential_replies: 8,`
			`notified_about_dominating_topic: 9,`
			`suspend_user: 10,`
			`unsuspend_user: 11,`
			`facebook_no_email: 12,`
			`grant_badge: 13,`
			`revoke_badge: 14,`
			`auto_trust_level_change: 15,`
			`check_email: 16,`
			`delete_post: 17,`
			`delete_topic: 18,`
			`impersonate: 19,`
			`roll_up: 20,`
			`change_username: 21,`
			`custom: 22,`
			`custom_staff: 23,`
			`anonymize_user: 24,`
			`reviewed_post: 25,`
			`change_category_settings: 26,`
			`delete_category: 27,`
			`create_category: 28,`
log when staff blocks/unblocks someone 2016-01-14 15:05:11 -05:00			`change_site_text: 29,`
			`block_user: 30,`
FEATURE: log admin/moderator grant/revoke action 2016-01-27 04:38:16 -05:00			`unblock_user: 31,`
			`grant_admin: 32,`
			`revoke_admin: 33,`
			`grant_moderation: 34,`
FEATURE: log backup operation 2016-02-27 12:38:24 -05:00			`revoke_moderation: 35,`
FIX: log backups download/destroy staff action FIX: clean up junk left by the specs RENAME: 'backup_operation' to 'backup_create' to match other backup log types 2017-01-16 13:53:31 -05:00			`backup_create: 36,`
FEATURE: handle bounced emails 2016-05-02 17:15:32 -04:00			`rate_limited_like: 37, # not used anymore`
FEATURE: deactive users after too many bounces 2016-07-25 12:57:06 -04:00			`revoke_email: 38,`
			`deactivate_user: 39,`
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 16:45:36 -05:00			`wizard_step: 40,`
			`lock_trust_level: 41,`
			`unlock_trust_level: 42,`
FEATURE: Log admin action when readonly mode is changed. 2017-01-11 01:46:48 -05:00			`activate_user: 43,`
FIX: log backups download/destroy staff action FIX: clean up junk left by the specs RENAME: 'backup_operation' to 'backup_create' to match other backup log types 2017-01-16 13:53:31 -05:00			`change_readonly_mode: 44,`
			`backup_download: 45,`
FEATURE: Warn a user when they're replying to the same user too much 2017-02-03 16:59:05 -05:00			`backup_destroy: 46,`
FEATURE: log all username and name changes 2017-02-23 00:48:57 -05:00			`notified_about_get_a_room: 47,`
			`change_name: 48)`
Add ability to destroy a user with 0 posts 2013-04-11 16:04:20 -04:00			`end`
Add filter by action to staff logs page 2013-08-09 10:06:02 -04:00
Rename StaffActionLog to UserHistory 2013-09-10 21:21:16 -04:00			`# Staff actions is a subset of all actions, used to audit actions taken by staff users.`
			`def self.staff_actions`
			`@staff_actions \|\|= [:delete_user,`
			`:change_trust_level,`
			`:change_site_setting,`
FEATURE: Native theme support This feature introduces the concept of themes. Themes are an evolution of site customizations. Themes introduce two very big conceptual changes: - A theme may include other "child themes", children can include grand children and so on. - A theme may specify a color scheme The change does away with the idea of "enabled" color schemes. It also adds a bunch of big niceties like - You can source a theme from a git repo - History for themes is much improved - You can only have a single enabled theme. Themes can be selected by users, if you opt for it. On a technical level this change comes with a whole bunch of goodies - All CSS is now compiled using a custom pipeline that uses libsass see /lib/stylesheet - There is a single pipeline for css compilation (in the past we used one for customizations and another one for the rest of the app - The stylesheet pipeline is now divorced of sprockets, there is no reliance on sprockets for CSS bundling - CSS is generated with source maps everywhere (including themes) this makes debugging much easier - Our "live reloader" is smarter and avoid a flash of unstyled content we run a file watcher in "puma" in dev so you no longer need to run rake autospec to watch for CSS changes 2017-04-12 10:52:52 -04:00			`:change_theme,`
			`:delete_theme,`
FEATURE: log site text changes 2015-12-18 08:31:04 -05:00			`:change_site_text,`
Used the term suspended instead of banned. 2013-11-07 13:53:32 -05:00			`:suspend_user,`
Log badge grant/revoke to the staff actions log. 2014-03-19 15:30:12 -04:00			`:unsuspend_user,`
			`:grant_badge,`
FEATURE: hide emails behind a button for staff members 2014-09-29 16:31:05 -04:00			`:revoke_badge,`
FEATURE: log topic/post deletions from staff members 2014-10-01 11:40:13 -04:00			`:check_email,`
			`:delete_post,`
FEATURE: log impersonations 2014-11-06 04:58:47 -05:00			`:delete_topic,`
FEATURE: log a new staff action when rolling up banned IP addresses 2014-11-24 13:48:54 -05:00			`:impersonate,`
FEATURE: Log username changes by staff Also fix the tests for changing username 2015-01-16 17:30:46 -05:00			`:roll_up,`
FEATURE: Allow plugins to log staff actions 2015-02-05 14:34:57 -05:00			`:change_username,`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`:custom_staff,`
UX: Show category badge on enqueued posts 2015-04-15 15:29:37 -04:00			`:anonymize_user,`
FEATURE: Log staff actions for Category changes. 2015-09-17 03:51:32 -04:00			`:reviewed_post,`
			`:change_category_settings,`
			`:delete_category,`
log when staff blocks/unblocks someone 2016-01-14 15:05:11 -05:00			`:create_category,`
			`:block_user,`
FEATURE: log admin/moderator grant/revoke action 2016-01-27 04:38:16 -05:00			`:unblock_user,`
			`:grant_admin,`
			`:revoke_admin,`
			`:grant_moderation,`
FEATURE: log backup operation 2016-02-27 12:38:24 -05:00			`:revoke_moderation,`
FIX: log backups download/destroy staff action FIX: clean up junk left by the specs RENAME: 'backup_operation' to 'backup_create' to match other backup log types 2017-01-16 13:53:31 -05:00			`:backup_create,`
FEATURE: deactive users after too many bounces 2016-07-25 12:57:06 -04:00			`:revoke_email,`
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 16:45:36 -05:00			`:deactivate_user,`
			`:lock_trust_level,`
			`:unlock_trust_level,`
FEATURE: Log admin action when readonly mode is changed. 2017-01-11 01:46:48 -05:00			`:activate_user,`
FIX: log backups download/destroy staff action FIX: clean up junk left by the specs RENAME: 'backup_operation' to 'backup_create' to match other backup log types 2017-01-16 13:53:31 -05:00			`:change_readonly_mode,`
			`:backup_download,`
			`:backup_destroy]`
Rename StaffActionLog to UserHistory 2013-09-10 21:21:16 -04:00			`end`

			`def self.staff_action_ids`
			`@staff_action_ids \|\|= staff_actions.map { \|a\| actions[a] }`
			`end`

FIX: moderators should not be able to see site setting changes in the staff action logs. Fixes #2027 2014-02-28 16:30:45 -05:00			`def self.admin_only_action_ids`
			`@admin_only_action_ids \|\|= [actions[:change_site_setting]]`
			`end`

Add filter by action to staff logs page 2013-08-09 10:06:02 -04:00			`def self.with_filters(filters)`
			`query = self`
FEATURE: Allow plugins to log staff actions 2015-02-05 14:34:57 -05:00			`query = query.where(action: filters[:action_id]) if filters[:action_id].present?`
			`query = query.where(custom_type: filters[:custom_type]) if filters[:custom_type].present?`

Rename StaffActionLog to UserHistory 2013-09-10 21:21:16 -04:00			`[:acting_user, :target_user].each do \|key\|`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`if filters[key] && (obj_id = User.where(username_lower: filters[key].downcase).pluck(:id))`
Avoid using to_s when performing String Interpolation 2014-08-14 14:20:52 -04:00			`query = query.where("#{key}_id = ?", obj_id)`
Add filtering to staff logs page 2013-08-09 16:58:57 -04:00			`end`
			`end`
Staff action logs can be filtered to changes of one site setting 2013-08-20 13:50:51 -04:00			`query = query.where("subject = ?", filters[:subject]) if filters[:subject]`
Add filter by action to staff logs page 2013-08-09 10:06:02 -04:00			`query`
			`end`
Log site customization changes. Use a modal to show staff action log details for site customizations. 2013-08-21 10:49:35 -04:00
When banning a user, a reason can be provided. The user will see this reason when trying to log in. Also log bans and unbans in the staff action logs. 2013-11-01 10:47:03 -04:00			`def self.for(user, action_type)`
			`self.where(target_user_id: user.id, action: UserHistory.actions[action_type])`
			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def self.exists_for_user?(user, action_type, opts = nil)`
New composer message for people dominating a topic 2013-09-17 14:38:39 -04:00			`opts = opts \|\| {}`
			`result = self.where(target_user_id: user.id, action: UserHistory.actions[action_type])`
			`result = result.where(topic_id: opts[:topic_id]) if opts[:topic_id]`
			`result.exists?`
New User Education goes through a server side ComposerMessages check. Composer message for users who don't have avatars. 2013-09-12 17:46:43 -04:00			`end`

FEATURE: Allow plugins to log staff actions 2015-02-05 14:34:57 -05:00			`def self.staff_filters`
			`[:action_id, :custom_type, :acting_user, :target_user, :subject]`
			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def self.staff_action_records(viewer, opts = nil)`
FEATURE: Allow plugins to log staff actions 2015-02-05 14:34:57 -05:00			`opts \|\|= {}`
			`query = self.with_filters(opts.slice(*staff_filters)).only_staff_actions.limit(200).order('id DESC').includes(:acting_user, :target_user)`
FIX: moderators should not be able to see site setting changes in the staff action logs. Fixes #2027 2014-02-28 16:30:45 -05:00			`query = query.where(admin_only: false) unless viewer && viewer.admin?`
			`query`
			`end`

			`def set_admin_only`
			`self.admin_only = UserHistory.admin_only_action_ids.include?(self.action)`
			`self`
			`end`

Log site customization changes. Use a modal to show staff action log details for site customizations. 2013-08-21 10:49:35 -04:00			`def new_value_is_json?`
FEATURE: Native theme support This feature introduces the concept of themes. Themes are an evolution of site customizations. Themes introduce two very big conceptual changes: - A theme may include other "child themes", children can include grand children and so on. - A theme may specify a color scheme The change does away with the idea of "enabled" color schemes. It also adds a bunch of big niceties like - You can source a theme from a git repo - History for themes is much improved - You can only have a single enabled theme. Themes can be selected by users, if you opt for it. On a technical level this change comes with a whole bunch of goodies - All CSS is now compiled using a custom pipeline that uses libsass see /lib/stylesheet - There is a single pipeline for css compilation (in the past we used one for customizations and another one for the rest of the app - The stylesheet pipeline is now divorced of sprockets, there is no reliance on sprockets for CSS bundling - CSS is generated with source maps everywhere (including themes) this makes debugging much easier - Our "live reloader" is smarter and avoid a flash of unstyled content we run a file watcher in "puma" in dev so you no longer need to run rake autospec to watch for CSS changes 2017-04-12 10:52:52 -04:00			`[UserHistory.actions[:change_theme], UserHistory.actions[:delete_theme]].include?(action)`
Log site customization changes. Use a modal to show staff action log details for site customizations. 2013-08-21 10:49:35 -04:00			`end`

			`def previous_value_is_json?`
			`new_value_is_json?`
			`end`
Add ability to destroy a user with 0 posts 2013-04-11 16:04:20 -04:00			`end`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00
			`# == Schema Information`
			`#`
large refactor, ship a few columns from the user table into user_stats 2013-10-03 23:28:49 -04:00			`# Table name: user_histories`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00			`#`
			`# id :integer not null, primary key`
			`# action :integer not null`
large refactor, ship a few columns from the user table into user_stats 2013-10-03 23:28:49 -04:00			`# acting_user_id :integer`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00			`# target_user_id :integer`
			`# details :text`
FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 01:19:25 -04:00			`# created_at :datetime not null`
			`# updated_at :datetime not null`
annotate models 2016-02-22 18:33:53 -05:00			`# context :string`
			`# ip_address :string`
			`# email :string`
annotate models 2013-08-27 20:42:58 -04:00			`# subject :text`
			`# previous_value :text`
			`# new_value :text`
large refactor, ship a few columns from the user table into user_stats 2013-10-03 23:28:49 -04:00			`# topic_id :integer`
annotations were out of date 2014-03-20 00:35:51 -04:00			`# admin_only :boolean default(FALSE)`
add allowed_ips to api_keys update annotations 2014-11-19 22:53:15 -05:00			`# post_id :integer`
annotate models 2016-02-22 18:33:53 -05:00			`# custom_type :string`
FEATURE: Log staff actions for Category changes. 2015-09-17 03:51:32 -04:00			`# category_id :integer`
updated model annotations 2013-08-13 16:09:27 -04:00			`#`
			`# Indexes`
			`#`
large refactor, ship a few columns from the user table into user_stats 2013-10-03 23:28:49 -04:00			`# index_user_histories_on_acting_user_id_and_action_and_id (acting_user_id,action,id)`
Annotate models 2014-05-27 21:49:50 -04:00			`# index_user_histories_on_action_and_id (action,id)`
FEATURE: Log staff actions for Category changes. 2015-09-17 03:51:32 -04:00			`# index_user_histories_on_category_id (category_id)`
Annotate models 2014-05-27 21:49:50 -04:00			`# index_user_histories_on_subject_and_id (subject,id)`
			`# index_user_histories_on_target_user_id_and_id (target_user_id,id)`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00			`#`