Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Log Staff edits in Staff Action Logs 

Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
This commit is contained in:
Robin Ward 2018-03-12 13:49:52 -04:00
parent 82143a421c
commit 65ac80b014
6 changed files with 72 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/admin/users_controller.rb
View File

@ -504,7 +504,8 @@ class Admin::UsersController < Admin::AdminController
revisor.revise!( revisor.revise!(
current_user, current_user,
{ raw: params[:post_edit] }, { raw: params[:post_edit] },
skip_validations: true, skip_revision: true skip_validations: true,
skip_revision: true
) )
end end
end end

6
app/models/user_history.rb
View File

@ -67,7 +67,8 @@ class UserHistory < ActiveRecord::Base
post_locked: 49, post_locked: 49,
post_unlocked: 50, post_unlocked: 50,
check_personal_message: 51, check_personal_message: 51,
disabled_second_factor: 52) disabled_second_factor: 52,
post_edit: 53)
end end
# Staff actions is a subset of all actions, used to audit actions taken by staff users. # Staff actions is a subset of all actions, used to audit actions taken by staff users.
@ -112,7 +113,8 @@ class UserHistory < ActiveRecord::Base
:post_locked, :post_locked,
:post_unlocked, :post_unlocked,
:check_personal_message, :check_personal_message,
:disabled_second_factor] :disabled_second_factor,
:post_edit]
end end
def self.staff_action_ids def self.staff_action_ids

9
app/services/staff_action_logger.rb
View File

@ -103,6 +103,15 @@ class StaffActionLogger
) )
end end
def log_post_edit(post, opts = {})
raise Discourse::InvalidParameters.new(:post) unless post && post.is_a?(Post)
UserHistory.create!(params(opts).merge(
action: UserHistory.actions[:post_edit],
post_id: post.id,
details: "#{post.raw}\n\n---\n\n#{opts[:new_raw]}"
))
end
def log_site_setting_change(setting_name, previous_value, new_value, opts = {}) def log_site_setting_change(setting_name, previous_value, new_value, opts = {})
raise Discourse::InvalidParameters.new(:setting_name) unless setting_name.present? && SiteSetting.respond_to?(setting_name) raise Discourse::InvalidParameters.new(:setting_name) unless setting_name.present? && SiteSetting.respond_to?(setting_name)
UserHistory.create(params(opts).merge(action: UserHistory.actions[:change_site_setting], UserHistory.create(params(opts).merge(action: UserHistory.actions[:change_site_setting],

1
config/locales/client.en.yml
View File

@ -3302,6 +3302,7 @@ en:
reviewed_post: "reviewed post" reviewed_post: "reviewed post"
custom_staff: "plugin custom action" custom_staff: "plugin custom action"
post_locked: "post locked" post_locked: "post locked"
post_edit: "post edit"
post_unlocked: "post unlocked" post_unlocked: "post unlocked"
check_personal_message: "check personal message" check_personal_message: "check personal message"
disabled_second_factor: "disable Two Factor Authentication" disabled_second_factor: "disable Two Factor Authentication"

8
lib/post_revisor.rb
View File

@ -177,6 +177,14 @@ class PostRevisor
PostLocker.new(@post, @editor).lock PostLocker.new(@post, @editor).lock
end end
# We log staff edits to posts
if @editor.staff? && @editor.id != @post.user.id && @fields.has_key?('raw')
StaffActionLogger.new(@editor).log_post_edit(
@post,
new_raw: @fields['raw']
)
end
# WARNING: do not pull this into the transaction # WARNING: do not pull this into the transaction
# it can fire events in sidekiq before the post is done saving # it can fire events in sidekiq before the post is done saving
# leading to corrupt state # leading to corrupt state

49
spec/components/post_revisor_spec.rb
View File

@ -437,21 +437,68 @@ describe PostRevisor do
end end
end end
context "logging staff edits" do
let(:moderator) { Fabricate(:moderator) }
it "doesn't log when a regular user revises a post" do
subject.revise!(
post.user,
raw: "lets totally update the body"
)
log = UserHistory.where(
acting_user_id: post.user.id,
action: UserHistory.actions[:post_edit]
)
expect(log).to be_blank
end
it "logs an edit when a staff member revises a post" do
subject.revise!(
moderator,
raw: "lets totally update the body"
)
log = UserHistory.where(
acting_user_id: moderator.id,
action: UserHistory.actions[:post_edit]
)
expect(log).to be_present
end
it "doesn't log an edit when a staff member edits their own post" do
revisor = PostRevisor.new(
Fabricate(:post, user: moderator)
)
revisor.revise!(
moderator,
raw: "my own edit to my own thing"
)
log = UserHistory.where(
acting_user_id: moderator.id,
action: UserHistory.actions[:post_edit]
)
expect(log).to be_blank
end
end
context "staff_edit_locks_post" do context "staff_edit_locks_post" do
context "disabled" do context "disabled" do
let(:moderator) { Fabricate(:moderator) }
before do before do
SiteSetting.staff_edit_locks_post = false SiteSetting.staff_edit_locks_post = false
end end
it "does not lock the post when revised" do it "does not lock the post when revised" do
result = subject.revise!( result = subject.revise!(
Fabricate(:moderator), moderator,
raw: "lets totally update the body" raw: "lets totally update the body"
) )
expect(result).to eq(true) expect(result).to eq(true)
post.reload post.reload
expect(post).not_to be_locked expect(post).not_to be_locked
end end
end end