discourse/lib/guardian
Osama Sayegh 976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981)
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00
..
bookmark_guardian.rb
category_guardian.rb FEATURE: improve the suppression for admins when required (#29041) 2024-10-02 10:52:02 +10:00
ensure_magic.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
flag_guardian.rb FIX: limit the number of custom flags to 50 (#28221) 2024-08-06 10:50:12 +10:00
group_guardian.rb DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 12:10:19 +00:00
post_guardian.rb FIX: serialize Flags instead of PostActionType (#28362) 2024-08-14 12:13:46 +10:00
post_revision_guardian.rb FEATURE: Allow admins to permanently delete revisions (#19913) 2023-01-19 15:09:01 -06:00
sidebar_guardian.rb DEV: specs to ensure that only admin can edit Community section (#21666) 2023-05-23 10:54:55 +10:00
tag_guardian.rb DEV: Remove TagGuardian#can_create_tag? fallback (#25535) 2024-02-02 13:48:53 +08:00
topic_guardian.rb FEATURE: improve the suppression for admins when required (#29041) 2024-10-02 10:52:02 +10:00
user_guardian.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00