2019-05-02 18:17:27 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2014-02-13 11:42:35 -05:00
|
|
|
# mixin for all Guardian methods dealing with user permissions
|
|
|
|
module UserGuardian
|
|
|
|
|
2019-05-08 10:20:51 -04:00
|
|
|
def can_claim_reviewable_topic?(topic)
|
|
|
|
SiteSetting.reviewable_claiming != 'disabled' && can_review_topic?(topic)
|
|
|
|
end
|
|
|
|
|
2018-09-20 01:33:10 -04:00
|
|
|
def can_pick_avatar?(user_avatar, upload)
|
|
|
|
return false unless self.user
|
|
|
|
return true if is_admin?
|
|
|
|
# can always pick blank avatar
|
|
|
|
return true if !upload
|
|
|
|
return true if user_avatar.contains_upload?(upload.id)
|
|
|
|
return true if upload.user_id == user_avatar.user_id || upload.user_id == user.id
|
|
|
|
|
2018-12-18 00:37:45 -05:00
|
|
|
UserUpload.exists?(upload_id: upload.id, user_id: user.id)
|
2018-09-20 01:33:10 -04:00
|
|
|
end
|
|
|
|
|
2014-02-13 11:42:35 -05:00
|
|
|
def can_edit_user?(user)
|
|
|
|
is_me?(user) || is_staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_edit_username?(user)
|
2021-02-08 05:04:33 -05:00
|
|
|
return false if SiteSetting.auth_overrides_username?
|
2014-02-13 11:42:35 -05:00
|
|
|
return true if is_staff?
|
|
|
|
return false if SiteSetting.username_change_period <= 0
|
2019-04-17 04:05:02 -04:00
|
|
|
return false if is_anonymous?
|
2017-11-09 18:05:53 -05:00
|
|
|
is_me?(user) && ((user.post_count + user.topic_count) == 0 || user.created_at > SiteSetting.username_change_period.days.ago)
|
2014-02-13 11:42:35 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def can_edit_email?(user)
|
2021-02-08 05:04:33 -05:00
|
|
|
return false if SiteSetting.auth_overrides_email?
|
2014-02-13 11:42:35 -05:00
|
|
|
return false unless SiteSetting.email_editable?
|
2014-08-14 22:41:01 -04:00
|
|
|
return true if is_staff?
|
2019-04-17 04:05:02 -04:00
|
|
|
return false if is_anonymous?
|
2014-02-13 11:42:35 -05:00
|
|
|
can_edit?(user)
|
|
|
|
end
|
|
|
|
|
2014-03-13 16:26:40 -04:00
|
|
|
def can_edit_name?(user)
|
2019-04-17 04:05:02 -04:00
|
|
|
return false unless SiteSetting.enable_names?
|
2021-02-08 05:04:33 -05:00
|
|
|
return false if SiteSetting.auth_overrides_name?
|
2014-03-13 16:26:40 -04:00
|
|
|
return true if is_staff?
|
2019-04-17 04:05:02 -04:00
|
|
|
return false if is_anonymous?
|
2014-03-13 16:26:40 -04:00
|
|
|
can_edit?(user)
|
|
|
|
end
|
|
|
|
|
2014-09-02 21:32:27 -04:00
|
|
|
def can_see_notifications?(user)
|
|
|
|
is_me?(user) || is_admin?
|
|
|
|
end
|
|
|
|
|
2017-11-10 12:18:08 -05:00
|
|
|
def can_silence_user?(user)
|
2014-02-13 11:42:35 -05:00
|
|
|
user && is_staff? && not(user.staff?)
|
|
|
|
end
|
|
|
|
|
2017-11-10 12:18:08 -05:00
|
|
|
def can_unsilence_user?(user)
|
2014-02-13 11:42:35 -05:00
|
|
|
user && is_staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_delete_user?(user)
|
2014-07-28 13:17:37 -04:00
|
|
|
return false if user.nil? || user.admin?
|
2014-02-13 11:42:35 -05:00
|
|
|
if is_me?(user)
|
2021-02-08 05:04:33 -05:00
|
|
|
!SiteSetting.enable_discourse_connect &&
|
2020-04-01 16:10:17 -04:00
|
|
|
!user.has_more_posts_than?(SiteSetting.delete_user_self_max_post_count)
|
2014-02-13 11:42:35 -05:00
|
|
|
else
|
2019-08-10 06:02:12 -04:00
|
|
|
is_staff? && (
|
|
|
|
user.first_post_created_at.nil? ||
|
|
|
|
!user.has_more_posts_than?(User::MAX_STAFF_DELETE_POST_COUNT) ||
|
|
|
|
user.first_post_created_at > SiteSetting.delete_user_max_post_age.to_i.days.ago
|
|
|
|
)
|
2014-02-13 11:42:35 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-03-06 16:44:54 -05:00
|
|
|
def can_anonymize_user?(user)
|
|
|
|
is_staff? && !user.nil? && !user.staff?
|
|
|
|
end
|
|
|
|
|
2020-04-22 08:12:09 -04:00
|
|
|
def can_merge_user?(user)
|
|
|
|
is_admin? && !user.nil? && !user.staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_merge_users?(source_user, target_user)
|
|
|
|
can_merge_user?(source_user) && !target_user.nil?
|
2020-04-22 04:37:51 -04:00
|
|
|
end
|
|
|
|
|
2021-06-14 17:01:17 -04:00
|
|
|
def can_see_warnings?(user)
|
|
|
|
user && (is_me?(user) || is_staff?)
|
|
|
|
end
|
|
|
|
|
2016-05-06 13:34:33 -04:00
|
|
|
def can_reset_bounce_score?(user)
|
|
|
|
user && is_staff?
|
|
|
|
end
|
|
|
|
|
2014-09-29 16:31:05 -04:00
|
|
|
def can_check_emails?(user)
|
2019-03-13 17:30:25 -04:00
|
|
|
is_admin? || (is_staff? && SiteSetting.moderators_view_emails)
|
2014-09-29 16:31:05 -04:00
|
|
|
end
|
|
|
|
|
2021-02-17 10:57:51 -05:00
|
|
|
def can_check_sso_details?(user)
|
2020-11-10 14:12:44 -05:00
|
|
|
user && is_admin?
|
|
|
|
end
|
|
|
|
|
2014-11-27 13:51:13 -05:00
|
|
|
def restrict_user_fields?(user)
|
|
|
|
user.trust_level == TrustLevel[0] && anonymous?
|
|
|
|
end
|
|
|
|
|
2015-01-05 13:49:32 -05:00
|
|
|
def can_see_staff_info?(user)
|
|
|
|
user && is_staff?
|
|
|
|
end
|
|
|
|
|
2017-09-12 16:06:01 -04:00
|
|
|
def can_see_suspension_reason?(user)
|
|
|
|
return true unless SiteSetting.hide_suspension_reasons?
|
|
|
|
user == @user || is_staff?
|
|
|
|
end
|
|
|
|
|
2017-12-21 20:18:12 -05:00
|
|
|
def can_disable_second_factor?(user)
|
|
|
|
user && can_administer_user?(user)
|
|
|
|
end
|
|
|
|
|
2018-10-10 13:00:08 -04:00
|
|
|
def can_see_profile?(user)
|
|
|
|
return false if user.blank?
|
2020-10-09 17:18:44 -04:00
|
|
|
return true if !SiteSetting.allow_users_to_hide_profile?
|
2018-10-10 13:00:08 -04:00
|
|
|
|
|
|
|
# If a user has hidden their profile, restrict it to them and staff
|
|
|
|
if user.user_option.try(:hide_profile_and_presence?)
|
|
|
|
return is_me?(user) || is_staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2018-12-07 05:57:28 -05:00
|
|
|
def allowed_user_field_ids(user)
|
|
|
|
@allowed_user_field_ids ||= {}
|
2020-02-14 09:47:16 -05:00
|
|
|
|
|
|
|
is_staff_or_is_me = is_staff? || is_me?(user)
|
|
|
|
cache_key = is_staff_or_is_me ? :staff_or_me : :other
|
|
|
|
|
|
|
|
@allowed_user_field_ids[cache_key] ||=
|
2018-12-07 05:57:28 -05:00
|
|
|
begin
|
2020-02-14 09:47:16 -05:00
|
|
|
if is_staff_or_is_me
|
2018-12-07 05:57:28 -05:00
|
|
|
UserField.pluck(:id)
|
|
|
|
else
|
|
|
|
UserField.where("show_on_profile OR show_on_user_card").pluck(:id)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2019-12-09 14:15:47 -05:00
|
|
|
|
|
|
|
def can_feature_topic?(user, topic)
|
2020-03-09 12:41:07 -04:00
|
|
|
return false if topic.nil?
|
2019-12-09 14:15:47 -05:00
|
|
|
return false if !SiteSetting.allow_featured_topic_on_user_profiles?
|
|
|
|
return false if !is_me?(user) && !is_staff?
|
2020-01-30 11:00:49 -05:00
|
|
|
return false if !topic.visible
|
2019-12-09 14:15:47 -05:00
|
|
|
return false if topic.read_restricted_category? || topic.private_message?
|
2020-01-29 11:10:23 -05:00
|
|
|
true
|
2019-12-09 14:15:47 -05:00
|
|
|
end
|
2020-04-27 13:51:25 -04:00
|
|
|
|
|
|
|
def can_see_review_queue?
|
|
|
|
is_staff? || (
|
2020-07-14 12:36:19 -04:00
|
|
|
SiteSetting.enable_category_group_moderation &&
|
2020-04-27 13:51:25 -04:00
|
|
|
Reviewable
|
|
|
|
.where(reviewable_by_group_id: @user.group_users.pluck(:group_id))
|
|
|
|
.where('category_id IS NULL or category_id IN (?)', allowed_category_ids)
|
|
|
|
.exists?
|
|
|
|
)
|
|
|
|
end
|
2020-05-14 12:57:35 -04:00
|
|
|
|
|
|
|
def can_see_summary_stats?(target_user)
|
|
|
|
true
|
|
|
|
end
|
2020-08-17 12:37:45 -04:00
|
|
|
|
|
|
|
def can_upload_profile_header?(user)
|
|
|
|
(is_me?(user) && user.has_trust_level?(SiteSetting.min_trust_level_to_allow_profile_background.to_i)) || is_staff?
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_upload_user_card_background?(user)
|
|
|
|
(is_me?(user) && user.has_trust_level?(SiteSetting.min_trust_level_to_allow_user_card_background.to_i)) || is_staff?
|
|
|
|
end
|
|
|
|
|
2020-09-15 10:00:10 -04:00
|
|
|
def can_delete_sso_record?(user)
|
2021-02-08 05:04:33 -05:00
|
|
|
SiteSetting.enable_discourse_connect && user && is_admin?
|
2020-09-15 10:00:10 -04:00
|
|
|
end
|
2014-03-13 16:26:40 -04:00
|
|
|
end
|