discourse/app/models/reviewable_user.rb

# frozen_string_literal: true

class ReviewableUser < Reviewable

  def self.create_for(user)
    create(
      created_by_id: Discourse.system_user.id,
      target: user
    )
  end

  def build_actions(actions, guardian, args)
    return unless pending?

    if guardian.can_approve?(target) || args[:approved_by_invite]
      actions.add(:approve_user) do |a|
        a.icon = 'user-plus'
        a.label = "reviewables.actions.approve_user.title"
      end
    end

    reject = actions.add_bundle(
      'reject_user',
      icon: 'user-times',
      label: 'reviewables.actions.reject_user.title'
    )
    actions.add(:reject_user_delete, bundle: reject) do |a|
      a.icon = 'user-times'
      a.label = "reviewables.actions.reject_user.delete.title"
      a.require_reject_reason = true
      a.description = "reviewables.actions.reject_user.delete.description"
    end
    actions.add(:reject_user_block, bundle: reject) do |a|
      a.icon = 'ban'
      a.label = "reviewables.actions.reject_user.block.title"
      a.require_reject_reason = true
      a.description = "reviewables.actions.reject_user.block.description"
    end
  end

  def perform_approve_user(performed_by, args)
    ReviewableUser.set_approved_fields!(target, performed_by)
    target.save!

    DiscourseEvent.trigger(:user_approved, target)

    if args[:send_email] != false && SiteSetting.must_approve_users?
      Jobs.enqueue(
        :critical_user_email,
        type: :signup_after_approval,
        user_id: target.id
      )
    end
    StaffActionLogger.new(performed_by).log_user_approve(target)

    create_result(:success, :approved)
  end

  def perform_reject_user_delete(performed_by, args)
    # We'll delete the user if we can
    if target.present?
      destroyer = UserDestroyer.new(performed_by)

      if reviewable_scores.any? { |rs| rs.reason == 'suspect_user' }
        DiscourseEvent.trigger(:suspect_user_deleted, target)
      end

      begin
        self.reject_reason = args[:reject_reason]

        if args[:send_email] != false && SiteSetting.must_approve_users?
          # Execute job instead of enqueue because user has to exists to send email
          Jobs::CriticalUserEmail.new.execute({
            type: :signup_after_reject,
            user_id: target.id,
            reject_reason: self.reject_reason
          })
        end

        delete_args = {}
        delete_args[:block_ip] = true if args[:block_ip]
        delete_args[:block_email] = true if args[:block_email]

        destroyer.destroy(target, delete_args)
      rescue UserDestroyer::PostsExistError
        # If a user has posts, we won't delete them to preserve their content.
        # However the reviable record will be "rejected" and they will remain
        # unapproved in the database. A staff member can still approve them
        # via the admin.
      end
    end

    create_result(:success, :rejected)
  end

  def perform_reject_user_block(performed_by, args)
    args[:block_email] = true
    args[:block_ip] = true
    perform_reject_user_delete(performed_by, args)
  end

  # Update's the user's fields for approval but does not save. This
  # can be used when generating a new user that is approved on create
  def self.set_approved_fields!(user, approved_by)
    user.approved = true
    user.approved_by ||= approved_by
    user.approved_at ||= Time.zone.now
  end
end

# == Schema Information
#
# Table name: reviewables
#
#  id                      :bigint           not null, primary key
#  type                    :string           not null
#  status                  :integer          default(0), not null
#  created_by_id           :integer          not null
#  reviewable_by_moderator :boolean          default(FALSE), not null
#  reviewable_by_group_id  :integer
#  category_id             :integer
#  topic_id                :integer
#  score                   :float            default(0.0), not null
#  potential_spam          :boolean          default(FALSE), not null
#  target_id               :integer
#  target_type             :string
#  target_created_by_id    :integer
#  payload                 :json
#  version                 :integer          default(0), not null
#  latest_score            :datetime
#  created_at              :datetime         not null
#  updated_at              :datetime         not null
#
# Indexes
#
#  index_reviewables_on_reviewable_by_group_id                 (reviewable_by_group_id)
#  index_reviewables_on_status_and_created_at                  (status,created_at)
#  index_reviewables_on_status_and_score                       (status,score)
#  index_reviewables_on_status_and_type                        (status,type)
#  index_reviewables_on_target_id_where_post_type_eq_post      (target_id) WHERE ((target_type)::text = 'Post'::text)
#  index_reviewables_on_topic_id_and_status_and_created_by_id  (topic_id,status,created_by_id)
#  index_reviewables_on_type_and_target_id                     (type,target_id) UNIQUE
#
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`class ReviewableUser < Reviewable`
FIX: Better handling for toggling `must_approve_users` If you turn it on now, default all users to approved since they were previously. Also support approving a user that doesn't have a reviewable record (it will be created first.) This also includes a refactor to move class method calls to `DiscourseEvent` into an initializer. Otherwise the load order of classes makes a difference in the test environment and some settings might be triggered and others not, randomly. 2019-04-16 14:42:47 -04:00
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`def self.create_for(user)`
			`create(`
			`created_by_id: Discourse.system_user.id,`
			`target: user`
			`)`
			`end`

			`def build_actions(actions, guardian, args)`
			`return unless pending?`

FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`if guardian.can_approve?(target) \|\| args[:approved_by_invite]`
			`actions.add(:approve_user) do \|a\|`
			`a.icon = 'user-plus'`
			`a.label = "reviewables.actions.approve_user.title"`
			`end`
			`end`

			`reject = actions.add_bundle(`
			`'reject_user',`
			`icon: 'user-times',`
			`label: 'reviewables.actions.reject_user.title'`
			`)`
			`actions.add(:reject_user_delete, bundle: reject) do \|a\|`
			`a.icon = 'user-times'`
			`a.label = "reviewables.actions.reject_user.delete.title"`
FEATURE: reason to reject user signup (#11700) Feature for `Must Approve Users` setup. When a user is rejected, a staff member can optionally set a reason for audit purposes. In addition, feedback email can be sent to the user. Meta: https://meta.discourse.org/t/account-rejection-email/103112/8 2021-01-14 17:43:26 -05:00			`a.require_reject_reason = true`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`a.description = "reviewables.actions.reject_user.delete.description"`
			`end`
			`actions.add(:reject_user_block, bundle: reject) do \|a\|`
			`a.icon = 'ban'`
			`a.label = "reviewables.actions.reject_user.block.title"`
FEATURE: reason to reject user signup (#11700) Feature for `Must Approve Users` setup. When a user is rejected, a staff member can optionally set a reason for audit purposes. In addition, feedback email can be sent to the user. Meta: https://meta.discourse.org/t/account-rejection-email/103112/8 2021-01-14 17:43:26 -05:00			`a.require_reject_reason = true`
FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`a.description = "reviewables.actions.reject_user.block.description"`
			`end`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`end`

FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`def perform_approve_user(performed_by, args)`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`ReviewableUser.set_approved_fields!(target, performed_by)`
			`target.save!`

			`DiscourseEvent.trigger(:user_approved, target)`

			`if args[:send_email] != false && SiteSetting.must_approve_users?`
			`Jobs.enqueue(`
			`:critical_user_email,`
			`type: :signup_after_approval,`
			`user_id: target.id`
			`)`
			`end`
			`StaffActionLogger.new(performed_by).log_user_approve(target)`

			`create_result(:success, :approved)`
			`end`

FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`def perform_reject_user_delete(performed_by, args)`
FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:14 -04:00			`# We'll delete the user if we can`
			`if target.present?`
			`destroyer = UserDestroyer.new(performed_by)`

FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 13:38:27 -05:00			`if reviewable_scores.any? { \|rs\| rs.reason == 'suspect_user' }`
			`DiscourseEvent.trigger(:suspect_user_deleted, target)`
			`end`

FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:14 -04:00			`begin`
FEATURE: reason to reject user signup (#11700) Feature for `Must Approve Users` setup. When a user is rejected, a staff member can optionally set a reason for audit purposes. In addition, feedback email can be sent to the user. Meta: https://meta.discourse.org/t/account-rejection-email/103112/8 2021-01-14 17:43:26 -05:00			`self.reject_reason = args[:reject_reason]`

			`if args[:send_email] != false && SiteSetting.must_approve_users?`
			`# Execute job instead of enqueue because user has to exists to send email`
			`Jobs::CriticalUserEmail.new.execute({`
			`type: :signup_after_reject,`
			`user_id: target.id,`
			`reject_reason: self.reject_reason`
			`})`
			`end`

FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`delete_args = {}`
			`delete_args[:block_ip] = true if args[:block_ip]`
			`delete_args[:block_email] = true if args[:block_email]`

			`destroyer.destroy(target, delete_args)`
FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:14 -04:00			`rescue UserDestroyer::PostsExistError`
			`# If a user has posts, we won't delete them to preserve their content.`
			`# However the reviable record will be "rejected" and they will remain`
			`# unapproved in the database. A staff member can still approve them`
			`# via the admin.`
			`end`
			`end`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00
			`create_result(:success, :rejected)`
			`end`

FEATURE: Clarify Reviewable User Actions "Approve" is now "Approve User" and "Delete" is a dropdown with a choice that allows you to block. 2019-04-17 11:26:43 -04:00			`def perform_reject_user_block(performed_by, args)`
			`args[:block_email] = true`
			`args[:block_ip] = true`
			`perform_reject_user_delete(performed_by, args)`
			`end`

FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`# Update's the user's fields for approval but does not save. This`
			`# can be used when generating a new user that is approved on create`
			`def self.set_approved_fields!(user, approved_by)`
			`user.approved = true`
			`user.approved_by \|\|= approved_by`
			`user.approved_at \|\|= Time.zone.now`
			`end`
			`end`

			`# == Schema Information`
			`#`
			`# Table name: reviewables`
			`#`
DEV: annotate models (also looks like renaming of bigint(8) -> bigint in annotate which seems fine) 2019-05-02 18:34:12 -04:00			`# id :bigint not null, primary key`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`# type :string not null`
			`# status :integer default(0), not null`
			`# created_by_id :integer not null`
			`# reviewable_by_moderator :boolean default(FALSE), not null`
			`# reviewable_by_group_id :integer`
			`# category_id :integer`
			`# topic_id :integer`
			`# score :float default(0.0), not null`
			`# potential_spam :boolean default(FALSE), not null`
			`# target_id :integer`
			`# target_type :string`
			`# target_created_by_id :integer`
			`# payload :json`
			`# version :integer default(0), not null`
			`# latest_score :datetime`
			`# created_at :datetime not null`
			`# updated_at :datetime not null`
			`#`
			`# Indexes`
			`#`
DEV: annotate models (also looks like renaming of bigint(8) -> bigint in annotate which seems fine) 2019-05-02 18:34:12 -04:00			`# index_reviewables_on_reviewable_by_group_id (reviewable_by_group_id)`
FEATURE: Include a user's pending posts in the topic view Also includes a refactor to TopicView's serializer which was not building our attributes using serializers properly. 2019-04-12 09:55:27 -04:00			`# index_reviewables_on_status_and_created_at (status,created_at)`
			`# index_reviewables_on_status_and_score (status,score)`
			`# index_reviewables_on_status_and_type (status,type)`
Update annotations. 2020-09-01 04:00:36 -04:00			`# index_reviewables_on_target_id_where_post_type_eq_post (target_id) WHERE ((target_type)::text = 'Post'::text)`
FEATURE: Include a user's pending posts in the topic view Also includes a refactor to TopicView's serializer which was not building our attributes using serializers properly. 2019-04-12 09:55:27 -04:00			`# index_reviewables_on_topic_id_and_status_and_created_by_id (topic_id,status,created_by_id)`
			`# index_reviewables_on_type_and_target_id (type,target_id) UNIQUE`
FEATURE: New 'Reviewable' model to make reviewable items generic Includes support for flags, reviewable users and queued posts, with REST API backwards compatibility. Co-Authored-By: romanrizzi <romanalejandro@gmail.com> Co-Authored-By: jjaffeux <j.jaffeux@gmail.com> 2019-01-03 12:03:01 -05:00			`#`