discourse/app/serializers
Alan Guo Xiang Tan 101ec21bc9
SECURITY: Restrict display of topic titles associated with user badges (#18768)
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:26:14 +08:00
..
concerns SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
about_serializer.rb
admin_badge_serializer.rb
admin_badges_serializer.rb
admin_detailed_user_serializer.rb FEATURE: API to create user's associated account (#15737) 2022-03-03 18:17:02 +02:00
admin_email_template_serializer.rb
admin_plugin_serializer.rb
admin_user_action_serializer.rb FIX: Posts can belong to hard-deleted topics (#17329) 2022-07-05 10:51:21 +03:00
admin_user_list_serializer.rb
admin_user_serializer.rb
admin_web_hook_event_serializer.rb
admin_web_hook_serializer.rb
api_key_scope_serializer.rb
api_key_serializer.rb
application_serializer.rb
archetype_serializer.rb
associated_group_serializer.rb
auth_provider_serializer.rb
backup_file_serializer.rb
badge_grouping_serializer.rb
badge_index_serializer.rb
badge_serializer.rb
badge_type_serializer.rb
basic_category_serializer.rb FEATURE: Add dark mode option for category logos (#18460) 2022-10-07 11:00:44 -04:00
basic_group_history_serializer.rb
basic_group_serializer.rb
basic_group_user_serializer.rb
basic_post_serializer.rb
basic_reviewable_flagged_post_serializer.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_queued_post_serializer.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_serializer.rb DEV: Include pending reviewables in the main tab in the user menu (#18471) 2022-10-05 12:30:02 +03:00
basic_reviewable_user_serializer.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_topic_serializer.rb
basic_user_badge_serializer.rb
basic_user_serializer.rb FIX: Remove tags from experimental sidebar on notification level changed (#17083) 2022-06-14 15:39:56 +08:00
basic_user_with_status_serializer.rb DEV: move BasicUserWithStatusSerializer from Discourse Chat (#18745) 2022-10-26 16:41:31 +04:00
category_and_topic_lists_serializer.rb
category_detailed_serializer.rb
category_group_serializer.rb
category_list_serializer.rb
category_required_tag_group_serializer.rb DEV: Ensure a broken tag_group relation doesn't raise an error (#16529) 2022-04-21 18:18:35 +01:00
category_serializer.rb SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
category_upload_serializer.rb
color_scheme_color_serializer.rb
color_scheme_selectable_serializer.rb
color_scheme_serializer.rb
current_user_serializer.rb DEV: Sidebar default tags and categories are determined at user creation (#18620) 2022-10-27 06:38:50 +08:00
detailed_tag_serializer.rb
detailed_user_badge_serializer.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
directory_column_serializer.rb
directory_item_serializer.rb
discourse_version_check_serializer.rb
draft_serializer.rb
edit_directory_column_serializer.rb
email_log_serializer.rb FEATURE: Show SMTP response on admin email sent list and rearrange columns (#17143) 2022-08-03 08:11:54 +10:00
email_style_serializer.rb
embeddable_host_serializer.rb
embedding_serializer.rb
emoji_serializer.rb
flagged_topic_serializer.rb
flagged_topic_summary_serializer.rb
flagged_user_serializer.rb
flair_group_serializer.rb
found_user_serializer.rb DEV: return user status on the user search route (#17716) 2022-08-09 14:54:33 +04:00
found_user_with_status_serializer.rb DEV: return user status on the user search route (#17716) 2022-08-09 14:54:33 +04:00
gap_serializer.rb
group_post_serializer.rb
group_post_user_serializer.rb
group_requester_serializer.rb
group_show_serializer.rb
group_user_serializer.rb
grouped_screened_url_serializer.rb
grouped_search_result_serializer.rb
hidden_profile_serializer.rb
incoming_email_details_serializer.rb
incoming_email_serializer.rb
invite_link_serializer.rb
invite_serializer.rb FEATURE: Show error if invite to topic is invalid (#15959) 2022-02-16 18:35:02 +02:00
invited_serializer.rb
invited_user_record_serializer.rb
invited_user_serializer.rb
listable_topic_serializer.rb FEATURE: whispers available for groups (#17170) 2022-06-30 10:18:12 +10:00
new_post_result_serializer.rb
notification_serializer.rb
penalty_counts_serializer.rb
pending_post_serializer.rb
permalink_serializer.rb
post_action_type_serializer.rb
post_action_user_serializer.rb
post_item_excerpt.rb
post_revision_serializer.rb FIX: Do not attempt to serialize Tag objects when tagging disabled (#18264) 2022-09-15 16:17:48 +01:00
post_serializer.rb FIX: Move show like logic to client side (#18025) 2022-08-22 18:40:09 +03:00
post_stream_serializer_mixin.rb
post_wordpress_serializer.rb
poster_serializer.rb
presence_channel_state_serializer.rb
primary_group_serializer.rb
private_message_topic_tracking_state_serializer.rb
published_page_serializer.rb
queued_post_serializer.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_action_serializer.rb
reviewable_bundled_action_serializer.rb
reviewable_conversation_post_serializer.rb
reviewable_conversation_serializer.rb
reviewable_editable_field_serializer.rb
reviewable_explanation_serializer.rb
reviewable_flagged_post_serializer.rb
reviewable_history_serializer.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_perform_result_serializer.rb DEV: Combine all header notification bubbles into one in the new user menu (#17718) 2022-08-03 08:57:59 +03:00
reviewable_post_serializer.rb
reviewable_queued_post_serializer.rb
reviewable_score_explanation_serializer.rb
reviewable_score_serializer.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_score_type_serializer.rb Revert "FEATURE: Let reviewables override the score type title. (#16234)" (#16238) 2022-03-21 16:32:47 -03:00
reviewable_serializer.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_settings_serializer.rb
reviewable_topic_serializer.rb
reviewable_user_serializer.rb
screened_email_serializer.rb
screened_ip_address_serializer.rb
screened_url_serializer.rb
search_logs_serializer.rb
search_post_serializer.rb
search_result_user_serializer.rb
search_topic_list_item_serializer.rb
similar_topic_serializer.rb
single_sign_on_record_serializer.rb
site_category_serializer.rb FEATURE: Allow multiple required tag groups for a category (#16381) 2022-04-06 14:08:06 +01:00
site_serializer.rb DEV: Sidebar default tags and categories are determined at user creation (#18620) 2022-10-27 06:38:50 +08:00
site_text_serializer.rb
skipped_email_log_serializer.rb
suggested_topic_serializer.rb
suggested_topics_mixin.rb
tag_group_serializer.rb
tag_serializer.rb
theme_serializer.rb
theme_settings_serializer.rb
theme_translation_serializer.rb
topic_embed_serializer.rb
topic_flag_type_serializer.rb
topic_link_serializer.rb
topic_list_item_serializer.rb DEV: Remove PostAction/UserAction bookmark refs (#16681) 2022-05-10 10:42:18 +10:00
topic_list_serializer.rb
topic_pending_post_serializer.rb
topic_post_count_serializer.rb
topic_poster_serializer.rb
topic_timer_serializer.rb
topic_tracking_state_serializer.rb FIX: Improve reliability of topic tracking state (#17387) 2022-07-14 13:44:58 +08:00
topic_view_details_serializer.rb FIX: can_permanently_delete should check for admin (#16348) 2022-04-01 12:03:39 +11:00
topic_view_posts_serializer.rb
topic_view_serializer.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
topic_view_wordpress_serializer.rb
trust_level3_requirements_serializer.rb
upload_serializer.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
user_action_serializer.rb
user_auth_token_serializer.rb
user_badge_serializer.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
user_badges_serializer.rb
user_bookmark_base_serializer.rb FIX: Allow .ics for polymorphic bookmarks (#16694) 2022-05-11 09:29:24 +10:00
user_bookmark_list_serializer.rb FIX: Return next bookmarks page only if it exists (#18139) 2022-09-01 13:04:00 +03:00
user_card_serializer.rb DEV: Route PM only tags to PM tags show route (#17870) 2022-08-12 11:26:56 +08:00
user_field_serializer.rb
user_history_serializer.rb
user_name_serializer.rb
user_option_serializer.rb FEATURE: Add button to reset seen popups (#18586) 2022-10-20 09:06:39 +08:00
user_post_bookmark_serializer.rb FIX: Allow .ics for polymorphic bookmarks (#16694) 2022-05-11 09:29:24 +10:00
user_post_topic_bookmark_base_serializer.rb PERF: Only load the current user's topic_user for bookmarks list (#17873) 2022-08-17 09:40:24 +08:00
user_serializer.rb DEV: Route PM only tags to PM tags show route (#17870) 2022-08-12 11:26:56 +08:00
user_status_serializer.rb FEATURE: auto remove user status after predefined period (#17236) 2022-07-05 19:12:22 +04:00
user_summary_serializer.rb
user_tag_notifications_serializer.rb FIX: Remove tags from experimental sidebar on notification level changed (#17083) 2022-06-14 15:39:56 +08:00
user_topic_bookmark_serializer.rb PERF: Rely on preload for first_post for TopicBookmarkable (#18066) 2022-08-24 16:01:29 +10:00
user_with_custom_fields_serializer.rb
user_wordpress_serializer.rb
watched_word_list_serializer.rb FEATURE: Add support for case-sensitive Watched Words (#17445) 2022-08-02 10:06:03 +02:00
watched_word_serializer.rb FEATURE: Add support for case-sensitive Watched Words (#17445) 2022-08-02 10:06:03 +02:00
web_hook_category_serializer.rb
web_hook_flag_serializer.rb
web_hook_group_serializer.rb
web_hook_group_user_serializer.rb
web_hook_like_serializer.rb
web_hook_post_serializer.rb
web_hook_topic_view_serializer.rb
web_hook_user_serializer.rb FEATURE: user status (#16875) 2022-05-27 13:15:14 +04:00
wizard_field_choice_serializer.rb
wizard_field_serializer.rb FEATURE: allow wizard checkbox field to be disabled (#17916) 2022-08-15 05:52:07 +05:30
wizard_serializer.rb
wizard_step_serializer.rb