Class: Guardian

Inherits:
Object
  • Object
show all
Includes:
BookmarkGuardian, CategoryGuardian, EnsureMagic, GroupGuardian, PostGuardian, PostRevisionGuardian, SidebarGuardian, TagGuardian, TopicGuardian, UserGuardian
Defined in:
lib/guardian.rb

Overview

The guardian is responsible for confirming access to various site resources and operations

Defined Under Namespace

Classes: AnonymousUser

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from UserGuardian

#allowed_user_field_ids, #can_anonymize_user?, #can_change_tracking_preferences?, #can_check_emails?, #can_check_sso_details?, #can_claim_reviewable_topic?, #can_delete_sso_record?, #can_delete_user?, #can_disable_second_factor?, #can_edit_email?, #can_edit_name?, #can_edit_user?, #can_edit_username?, #can_feature_topic?, #can_merge_user?, #can_merge_users?, #can_pick_avatar?, #can_reset_bounce_score?, #can_see_notifications?, #can_see_profile?, #can_see_review_queue?, #can_see_staff_info?, #can_see_summary_stats?, #can_see_suspension_reason?, #can_see_user?, #can_see_user_actions?, #can_see_warnings?, #can_silence_user?, #can_unsilence_user?, #can_upload_external?, #can_upload_profile_header?, #can_upload_user_card_background?, #restrict_user_fields?

Methods included from TopicGuardian

#affected_by_slow_mode?, #can_banner_topic?, #can_convert_topic?, #can_create_post_on_topic?, #can_create_shared_draft?, #can_create_topic?, #can_create_topic_on_category?, #can_create_whisper?, #can_delete_topic?, #can_edit_featured_link?, #can_edit_tags?, #can_edit_topic?, #can_get_access_to_topic?, #can_moderate_topic?, #can_move_posts?, #can_move_topic_to_category?, #can_perform_action_available_to_group_moderators?, #can_permanently_delete_topic?, #can_publish_topic?, #can_recover_topic?, #can_remove_allowed_users?, #can_reply_as_new_topic?, #can_review_topic?, #can_see_deleted_topics?, #can_see_shared_draft?, #can_see_topic?, #can_see_topic_ids, #can_see_unlisted_topics?, #can_see_whispers?, #can_toggle_topic_visibility?, #can_update_bumped_at?, #filter_allowed_categories, #is_in_edit_topic_groups?

Methods included from TagGuardian

#can_admin_tag_groups?, #can_admin_tags?, #can_create_tag?, #can_see_tag?, #can_tag_pms?, #can_tag_topics?, #hidden_tag_names

Methods included from SidebarGuardian

#can_create_public_sidebar_section?, #can_delete_sidebar_section?, #can_edit_sidebar_section?

Methods included from PostRevisionGuardian

#can_hide_post_revision?, #can_permanently_delete_post_revisions?, #can_see_post_revision?, #can_show_post_revision?, #can_view_hidden_post_revisions?

Methods included from PostGuardian

#can_change_post_owner?, #can_change_post_timestamps?, #can_change_post_type?, #can_create_post?, #can_delete_all_posts?, #can_delete_post?, #can_delete_post_action?, #can_delete_post_or_topic?, #can_edit_hidden_post?, #can_edit_post?, #can_lock_post?, #can_permanently_delete_post?, #can_post_link?, #can_rebake?, #can_receive_post_notifications?, #can_recover_post?, #can_see_deleted_post?, #can_see_deleted_posts?, #can_see_flagged_posts?, #can_see_hidden_post?, #can_see_post?, #can_see_post_actors?, #can_skip_bump?, #can_unhide?, #can_view_edit_history?, #can_view_raw_email?, #can_wiki?, #is_in_edit_post_groups?, #link_posting_access, #post_can_act?, #unrestricted_link_posting?

Methods included from GroupGuardian

#can_admin_group?, #can_associate_groups?, #can_create_group?, #can_edit_group?, #can_see_group_messages?

Methods included from EnsureMagic

#ensure_can_see!, #method_missing

Methods included from CategoryGuardian

#allowed_category_ids, #can_create_category?, #can_delete_category?, #can_edit_category?, #can_edit_category_description?, #can_edit_serialized_category?, #can_post_in_category?, #can_see_category?, #can_see_serialized_category?, #secure_category_ids, #topic_featured_link_allowed_category_ids

Methods included from BookmarkGuardian

#can_delete_bookmark?, #can_edit_bookmark?, #can_see_bookmarkable?

Constructor Details

#initialize(user = nil, request = nil) ⇒ Guardian

Returns a new instance of Guardian.



83
84
85
86
 
# File 'lib/guardian.rb', line 83

def initialize(user = nil, request = nil)
  @user = user.presence || AnonymousUser.new
  @request = request
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class EnsureMagic

Instance Attribute Details

#requestObject (readonly)

Returns the value of attribute request.



81
82
83
 
# File 'lib/guardian.rb', line 81

def request
  @request
end

Instance Method Details

#allow_themes?(theme_ids, include_preview: false) ⇒ Boolean

Returns:

  • (Boolean) 


559
560
561
562
563
564
565
566
567
568
569
570
571
572
 
# File 'lib/guardian.rb', line 559

def allow_themes?(theme_ids, include_preview: false)
  return true if theme_ids.blank?

  if allowed_theme_ids = Theme.allowed_remote_theme_ids
    return false if (theme_ids - allowed_theme_ids).present?
  end

  return true if include_preview && is_staff? && (theme_ids - Theme.theme_ids).blank?

  parent = theme_ids.first
  components = theme_ids[1..-1] || []

  Theme.user_theme_ids.include?(parent) && (components - Theme.components_for(parent)).empty?
end

#allowed_theme_repo_import?(repo) ⇒ Boolean

Returns:

  • (Boolean) 


547
548
549
550
551
552
553
554
555
556
557
 
# File 'lib/guardian.rb', line 547

def allowed_theme_repo_import?(repo)
  return false if !@user.admin?

  allowed_repos = GlobalSetting.allowed_theme_repos
  if !allowed_repos.blank?
    urls = allowed_repos.split(",").map(&:strip)
    return urls.include?(repo)
  end

  true
end

#anonymous?Boolean

Returns:

  • (Boolean) 


93
94
95
 
# File 'lib/guardian.rb', line 93

def anonymous?
  !authenticated?
end

#auth_tokenObject 



591
592
593
594
595
596
597
598
599
600
601
602
 
# File 'lib/guardian.rb', line 591

def auth_token
  return if !request

  token = Auth::DefaultCurrentUserProvider.find_v0_auth_cookie(request).presence

  if !token
    cookie = Auth::DefaultCurrentUserProvider.find_v1_auth_cookie(request.env)
    token = cookie[:token] if cookie
  end

  UserAuthToken.hash_token(token) if token
end

#authenticated?Boolean

Returns:

  • (Boolean) 


97
98
99
 
# File 'lib/guardian.rb', line 97

def authenticated?
  @user.present?
end

#can_access_forum?Boolean

Support sites that have to approve users

Returns:

  • (Boolean) 


385
386
387
388
389
390
391
392
393
 
# File 'lib/guardian.rb', line 385

def can_access_forum?
  return true unless SiteSetting.must_approve_users?
  return false if anonymous?

  # Staff can't lock themselves out of a site
  return true if is_staff?

  @user.approved?
end

#can_activate?(target) ⇒ Boolean

Returns:

  • (Boolean) 


321
322
323
 
# File 'lib/guardian.rb', line 321

def can_activate?(target)
  is_staff? && target && not(target.active?)
end

#can_approve?(target) ⇒ Boolean

Can we approve it?

Returns:

  • (Boolean) 


317
318
319
 
# File 'lib/guardian.rb', line 317

def can_approve?(target)
  is_staff? && target && target.active? && !target.approved?
end

#can_bulk_invite_to_forum?(user) ⇒ Boolean

Returns:

  • (Boolean) 


438
439
440
 
# File 'lib/guardian.rb', line 438

def can_bulk_invite_to_forum?(user)
  user.admin?
end

#can_change_primary_group?(user, group) ⇒ Boolean

Returns:

  • (Boolean) 


376
377
378
 
# File 'lib/guardian.rb', line 376

def can_change_primary_group?(user, group)
  user && can_edit_group?(group)
end

#can_change_trust_level?(user) ⇒ Boolean

Returns:

  • (Boolean) 


380
381
382
 
# File 'lib/guardian.rb', line 380

def can_change_trust_level?(user)
  user && is_staff?
end

#can_create?(klass, parent = nil) ⇒ Boolean

Returns:

  • (Boolean) 


166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
# File 'lib/guardian.rb', line 166

def can_create?(klass, parent = nil)
  return false unless authenticated? && klass

  # If no parent is provided, we look for a can_create_klass?
  # custom method.
  #
  # If a parent is provided, we look for a method called
  # can_create_klass_on_parent?
  target = klass.name.underscore
  if parent.present?
    return false unless can_see?(parent)
    target << "_on_#{parent.class.name.underscore}"
  end
  create_method = :"can_create_#{target}?"

  return public_send(create_method, parent) if respond_to?(create_method)

  true
end

#can_delete?(obj) ⇒ Boolean

Can we delete the object

Returns:

  • (Boolean) 


196
197
198
 
# File 'lib/guardian.rb', line 196

def can_delete?(obj)
  can_do?(:delete, obj)
end

#can_delete_reviewable_queued_post?(reviewable) ⇒ Boolean

Returns:

  • (Boolean) 


231
232
233
234
235
236
237
 
# File 'lib/guardian.rb', line 231

def can_delete_reviewable_queued_post?(reviewable)
  return false if reviewable.blank?
  return false if !authenticated?
  return true if is_api? && is_admin?

  reviewable.target_created_by_id == @user.id
end

#can_destroy_all_invites?(user) ⇒ Boolean

Returns:

  • (Boolean) 


446
447
448
 
# File 'lib/guardian.rb', line 446

def can_destroy_all_invites?(user)
  user.staff?
end

#can_edit?(obj) ⇒ Boolean

Can the user edit the obj

Returns:

  • (Boolean) 


191
192
193
 
# File 'lib/guardian.rb', line 191

def can_edit?(obj)
  can_do?(:edit, obj)
end

#can_enable_safe_mode?Boolean

Returns:

  • (Boolean) 


186
187
188
 
# File 'lib/guardian.rb', line 186

def can_enable_safe_mode?
  SiteSetting.enable_safe_mode? || is_staff?
end

#can_export_entity?(entity) ⇒ Boolean

Returns:

  • (Boolean) 


516
517
518
519
520
521
522
523
524
525
526
527
 
# File 'lib/guardian.rb', line 516

def can_export_entity?(entity)
  return false if anonymous?
  return true if is_admin?
  return entity != "user_list" if is_moderator?

  # Regular users can only export their archives
  return false unless entity == "user_archive"
  UserExport.where(
    user_id: @user.id,
    created_at: (Time.zone.now.beginning_of_day..Time.zone.now.end_of_day),
  ).count == 0
end

#can_grant_admin?(user) ⇒ Boolean

Returns:

  • (Boolean) 


334
335
336
 
# File 'lib/guardian.rb', line 334

def can_grant_admin?(user)
  can_administer_user?(user) && !user.admin?
end

#can_grant_badges?(_user) ⇒ Boolean

Returns:

  • (Boolean) 


227
228
229
 
# File 'lib/guardian.rb', line 227

def can_grant_badges?(_user)
  SiteSetting.enable_badges && is_staff?
end

#can_grant_moderation?(user) ⇒ Boolean

Returns:

  • (Boolean) 


342
343
344
 
# File 'lib/guardian.rb', line 342

def can_grant_moderation?(user)
  can_administer?(user) && !user.moderator?
end

#can_grant_title?(user, title = nil) ⇒ Boolean

Returns:

  • (Boolean) 


346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
 
# File 'lib/guardian.rb', line 346

def can_grant_title?(user, title = nil)
  return true if user && is_staff?
  return false if title.nil?
  return true if title.empty? # A title set to '(none)' in the UI is an empty string
  return false if user != @user

  if user
       .badges
       .where(allow_title: true)
       .pluck(:name)
       .any? { |name| Badge.display_name(name) == title }
    return true
  end

  user.groups.where(title: title).exists?
end

#can_ignore_user?(target_user) ⇒ Boolean

Returns:

  • (Boolean) 


538
539
540
 
# File 'lib/guardian.rb', line 538

def can_ignore_user?(target_user)
  can_ignore_users? && @user.id != target_user.id && !target_user.staff?
end

#can_ignore_users?Boolean

Returns:

  • (Boolean) 


542
543
544
545
 
# File 'lib/guardian.rb', line 542

def can_ignore_users?
  return false if anonymous?
  @user.staff? || @user.has_trust_level?(SiteSetting.min_trust_level_to_allow_ignore.to_i)
end

#can_impersonate?(target) ⇒ Boolean

Can we impersonate this user?

Returns:

  • (Boolean) 


300
301
302
303
304
305
306
307
308
309
310
 
# File 'lib/guardian.rb', line 300

def can_impersonate?(target)
  GlobalSetting.allow_impersonation && target &&
    # You must be an admin to impersonate
    is_admin? &&
    # You may not impersonate other admins unless you are a dev
    (!target.admin? || is_developer?)

  # Additionally, you may not impersonate yourself;
  # but the two tests for different admin statuses
  # make it impossible to be the same user.
end

#can_invite_group_to_private_message?(group, topic) ⇒ Boolean

Returns:

  • (Boolean) 


454
455
456
 
# File 'lib/guardian.rb', line 454

def can_invite_group_to_private_message?(group, topic)
  can_see_topic?(topic) && can_send_private_message?(group)
end

#can_invite_to?(object, groups = nil) ⇒ Boolean

Returns:

  • (Boolean) 


409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
 
# File 'lib/guardian.rb', line 409

def can_invite_to?(object, groups = nil)
  return false if !authenticated?
  return false if !object.is_a?(Topic) || !can_see?(object)
  return false if groups.present?

  if object.is_a?(Topic)
    if object.private_message?
      return true if is_admin?

      return false if !@user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)
      return false if object.reached_recipients_limit? && !is_staff?
    end

    if (category = object.category) && category.read_restricted
      return category.groups&.where(automatic: false).any? { |g| can_edit_group?(g) }
    end
  end

  true
end

#can_invite_to_forum?(groups = nil) ⇒ Boolean

Returns:

  • (Boolean) 


403
404
405
406
407
 
# File 'lib/guardian.rb', line 403

def can_invite_to_forum?(groups = nil)
  authenticated? && (is_staff? || SiteSetting.max_invites_per_day.to_i.positive?) &&
    (is_staff? || @user.has_trust_level?(SiteSetting.min_trust_level_to_allow_invite.to_i)) &&
    (is_admin? || groups.blank? || groups.all? { |g| can_edit_group?(g) })
end

#can_invite_via_email?(object) ⇒ Boolean

Returns:

  • (Boolean) 


430
431
432
433
434
435
436
 
# File 'lib/guardian.rb', line 430

def can_invite_via_email?(object)
  return false if !can_invite_to_forum?
  return false if !can_invite_to?(object)

  (SiteSetting.enable_local_logins || SiteSetting.enable_discourse_connect) &&
    (!SiteSetting.must_approve_users? || is_staff?)
end

#can_mention_here?Boolean

Returns:

  • (Boolean) 


604
605
606
607
608
609
610
611
 
# File 'lib/guardian.rb', line 604

def can_mention_here?
  return false if SiteSetting.here_mention.blank?
  return false if SiteSetting.max_here_mentioned < 1
  return false if !authenticated?
  return false if User.where(username_lower: SiteSetting.here_mention).exists?

  @user.has_trust_level_or_staff?(SiteSetting.min_trust_level_for_here_mention)
end

#can_moderate?(obj) ⇒ Boolean Also known as: can_see_flags?

Returns:

  • (Boolean) 


204
205
206
207
208
209
210
 
# File 'lib/guardian.rb', line 204

def can_moderate?(obj)
  obj && authenticated? && !is_silenced? &&
    (
      is_staff? ||
        (obj.is_a?(Topic) && @user.has_trust_level?(TrustLevel[4]) && can_see_topic?(obj))
    )
end

#can_mute_user?(target_user) ⇒ Boolean

Returns:

  • (Boolean) 


529
530
531
 
# File 'lib/guardian.rb', line 529

def can_mute_user?(target_user)
  can_mute_users? && @user.id != target_user.id && !target_user.staff?
end

#can_mute_users?Boolean

Returns:

  • (Boolean) 


533
534
535
536
 
# File 'lib/guardian.rb', line 533

def can_mute_users?
  return false if anonymous?
  @user.staff? || @user.trust_level >= TrustLevel.levels[:basic]
end

#can_permanently_delete?(obj) ⇒ Boolean

Returns:

  • (Boolean) 


200
201
202
 
# File 'lib/guardian.rb', line 200

def can_permanently_delete?(obj)
  can_do?(:permanently_delete, obj)
end

#can_publish_page?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


574
575
576
577
578
579
580
581
 
# File 'lib/guardian.rb', line 574

def can_publish_page?(topic)
  return false if !SiteSetting.enable_page_publishing?
  return false if SiteSetting.secure_uploads?
  return false if topic.blank?
  return false if topic.private_message?
  return false unless can_see_topic?(topic)
  is_staff?
end

#can_resend_all_invites?(user) ⇒ Boolean

Returns:

  • (Boolean) 


442
443
444
 
# File 'lib/guardian.rb', line 442

def can_resend_all_invites?(user)
  user.staff?
end

#can_revoke_admin?(admin) ⇒ Boolean

Returns:

  • (Boolean) 


330
331
332
 
# File 'lib/guardian.rb', line 330

def can_revoke_admin?(admin)
  can_administer_user?(admin) && admin.admin?
end

#can_revoke_moderation?(moderator) ⇒ Boolean

Returns:

  • (Boolean) 


338
339
340
 
# File 'lib/guardian.rb', line 338

def can_revoke_moderation?(moderator)
  can_administer?(moderator) && moderator.moderator?
end

#can_see?(obj) ⇒ Boolean

Can the user see the object?

Returns:

  • (Boolean) 


159
160
161
162
163
164
 
# File 'lib/guardian.rb', line 159

def can_see?(obj)
  if obj
    see_method = method_name_for :see, obj
    see_method && public_send(see_method, obj)
  end
end

#can_see_about_stats?Boolean

Returns:

  • (Boolean) 


583
584
585
 
# File 'lib/guardian.rb', line 583

def can_see_about_stats?
  true
end

#can_see_group?(group) ⇒ Boolean

Returns:

  • (Boolean) 


239
240
241
 
# File 'lib/guardian.rb', line 239

def can_see_group?(group)
  group.present? && can_see_groups?([group])
end

#can_see_group_members?(group) ⇒ Boolean

Returns:

  • (Boolean) 


243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
 
# File 'lib/guardian.rb', line 243

def can_see_group_members?(group)
  return false if group.blank?
  return true if is_admin? || group.members_visibility_level == Group.visibility_levels[:public]
  return true if is_staff? && group.members_visibility_level == Group.visibility_levels[:staff]
  return true if is_staff? && group.members_visibility_level == Group.visibility_levels[:members]
  if authenticated? && group.members_visibility_level == Group.visibility_levels[:logged_on_users]
    return true
  end
  return false if user.blank?

  return false unless membership = GroupUser.find_by(group_id: group.id, user_id: user.id)
  return true if membership.owner

  return false if group.members_visibility_level == Group.visibility_levels[:owners]
  return false if group.members_visibility_level == Group.visibility_levels[:staff]

  true
end

#can_see_groups?(groups) ⇒ Boolean

Returns:

  • (Boolean) 


262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
 
# File 'lib/guardian.rb', line 262

def can_see_groups?(groups)
  return false if groups.blank?
  if is_admin? || groups.all? { |g| g.visibility_level == Group.visibility_levels[:public] }
    return true
  end
  if is_staff? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:staff] }
    return true
  end
  if is_staff? && groups.all? { |g| g.visibility_level == Group.visibility_levels[:members] }
    return true
  end
  if authenticated? &&
       groups.all? { |g| g.visibility_level == Group.visibility_levels[:logged_on_users] }
    return true
  end
  return false if user.blank?

  memberships = GroupUser.where(group: groups, user_id: user.id).pluck(:owner)
  return false if memberships.size < groups.size
  return true if memberships.all? # owner of all groups

  return false if groups.all? { |g| g.visibility_level == Group.visibility_levels[:owners] }
  return false if groups.all? { |g| g.visibility_level == Group.visibility_levels[:staff] }

  true
end

#can_see_groups_members?(groups) ⇒ Boolean

Returns:

  • (Boolean) 


289
290
291
292
293
294
295
296
297
 
# File 'lib/guardian.rb', line 289

def can_see_groups_members?(groups)
  return false if groups.blank?

  requested_group_ids = groups.map(&:id) # Can't use pluck, groups could be a regular array
  matching_group_ids =
    Group.where(id: requested_group_ids).members_visible_groups(user).pluck(:id)

  matching_group_ids.sort == requested_group_ids.sort
end

#can_see_invite_details?(user) ⇒ Boolean

Returns:

  • (Boolean) 


395
396
397
 
# File 'lib/guardian.rb', line 395

def can_see_invite_details?(user)
  is_staff? || is_me?(user)
end

#can_see_invite_emails?(user) ⇒ Boolean

Returns:

  • (Boolean) 


399
400
401
 
# File 'lib/guardian.rb', line 399

def can_see_invite_emails?(user)
  is_staff? || is_me?(user)
end

#can_see_private_messages?(user_id) ⇒ Boolean

Returns:

  • (Boolean) 


450
451
452
 
# File 'lib/guardian.rb', line 450

def can_see_private_messages?(user_id)
  is_admin? || (authenticated? && @user.id == user_id)
end

#can_see_site_contact_details?Boolean

Returns:

  • (Boolean) 


587
588
589
 
# File 'lib/guardian.rb', line 587

def can_see_site_contact_details?
  !SiteSetting. || authenticated?
end

#can_see_tags?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


219
220
221
 
# File 'lib/guardian.rb', line 219

def can_see_tags?(topic)
  SiteSetting.tagging_enabled && topic.present? && (!topic.private_message? || can_tag_pms?)
end

#can_send_activation_email?(user) ⇒ Boolean

Returns:

  • (Boolean) 


223
224
225
 
# File 'lib/guardian.rb', line 223

def can_send_activation_email?(user)
  user && is_staff? && !SiteSetting.must_approve_users?
end

#can_send_private_message?(target, notify_moderators: false) ⇒ Boolean

This should be used as a final check for when a user is sending a message to a target user or group.

Returns:

  • (Boolean) 


482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
 
# File 'lib/guardian.rb', line 482

def can_send_private_message?(target, notify_moderators: false)
  target_is_user = target.is_a?(User)
  target_is_group = target.is_a?(Group)
  from_system = @user.is_system_user?

  # Must be a valid target
  return false if !(target_is_group || target_is_user)

  # Users can send messages to certain groups with the `everyone` messageable_level
  # even if they are not in personal_message_enabled_groups
  group_is_messageable = target_is_group && Group.messageable(@user).where(id: target.id).exists?

  # User is authenticated and can send PMs, this can be covered by trust levels as well via AUTO_GROUPS
  (can_send_private_messages?(notify_moderators: notify_moderators) || group_is_messageable) &&
    # User disabled private message
    (is_staff? || target_is_group || target.user_option.allow_private_messages) &&
    # Can't send PMs to suspended users
    (is_staff? || target_is_group || !target.suspended?) &&
    # Check group messageable level
    (from_system || target_is_user || group_is_messageable || notify_moderators) &&
    # Silenced users can only send PM to staff
    (!is_silenced? || target.staff?)
end

#can_send_private_messages?(notify_moderators: false) ⇒ Boolean

This should be used as a general, but not definitive, check for whether the user can send private messages generally, which is mostly useful for changing the UI.

Please otherwise use can_send_private_message?(target, notify_moderators) to check if a single target can be messaged.

Returns:

  • (Boolean) 


465
466
467
468
469
470
471
472
473
474
475
476
477
 
# File 'lib/guardian.rb', line 465

def can_send_private_messages?(notify_moderators: false)
  from_system = @user.is_system_user?
  from_bot = @user.bot?

  # User is authenticated
  authenticated? &&
    # User can send PMs, this can be covered by trust levels as well via AUTO_GROUPS
    (
      is_staff? || from_bot || from_system ||
        (@user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)) ||
        notify_moderators
    )
end

#can_send_private_messages_to_email?Boolean

Returns:

  • (Boolean) 


506
507
508
509
510
511
512
513
514
 
# File 'lib/guardian.rb', line 506

def can_send_private_messages_to_email?
  # Staged users must be enabled to create a temporary user.
  return false if !SiteSetting.enable_staged_users
  # User is authenticated
  return false if !authenticated?
  # User is trusted enough
  @user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map) &&
    @user.has_trust_level_or_staff?(SiteSetting.min_trust_to_send_email_messages)
end

#can_suspend?(user) ⇒ Boolean Also known as: can_deactivate?

Returns:

  • (Boolean) 


325
326
327
 
# File 'lib/guardian.rb', line 325

def can_suspend?(user)
  user && is_staff? && user.regular?
end

#can_tag?(topic) ⇒ Boolean

Returns:

  • (Boolean) 


213
214
215
216
217
 
# File 'lib/guardian.rb', line 213

def can_tag?(topic)
  return false if topic.blank?

  topic.private_message? ? can_tag_pms? : can_tag_topics?
end

#can_use_flair_group?(user, group_id = nil) ⇒ Boolean

Returns:

  • (Boolean) 


370
371
372
373
374
 
# File 'lib/guardian.rb', line 370

def can_use_flair_group?(user, group_id = nil)
  return false if !user || !group_id || !user.group_ids.include?(group_id.to_i)
  flair_icon, flair_upload_id = Group.where(id: group_id.to_i).pick(:flair_icon, :flair_upload_id)
  flair_icon.present? || flair_upload_id.present?
end

#can_use_primary_group?(user, group_id = nil) ⇒ Boolean

Returns:

  • (Boolean) 


363
364
365
366
367
368
 
# File 'lib/guardian.rb', line 363

def can_use_primary_group?(user, group_id = nil)
  return false if !user || !group_id
  group = Group.find_by(id: group_id.to_i)

  user.group_ids.include?(group_id.to_i) && (group ? !group.automatic : false)
end

#can_view_action_logs?(target) ⇒ Boolean

Returns:

  • (Boolean) 


312
313
314
 
# File 'lib/guardian.rb', line 312

def can_view_action_logs?(target)
  target.present? && is_staff?
end

#is_admin?Boolean

Returns:

  • (Boolean) 


101
102
103
 
# File 'lib/guardian.rb', line 101

def is_admin?
  @user.admin?
end

#is_anonymous?Boolean

Returns:

  • (Boolean) 


154
155
156
 
# File 'lib/guardian.rb', line 154

def is_anonymous?
  @user.anonymous?
end

#is_category_group_moderator?(category) ⇒ Boolean

Returns:

  • (Boolean) 


117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'lib/guardian.rb', line 117

def is_category_group_moderator?(category)
  return false if !category
  return false if !category_group_moderation_allowed?

  reviewable_by_group_id = category.reviewable_by_group_id
  return false if reviewable_by_group_id.blank?

  @category_group_moderator_groups ||= {}

  if @category_group_moderator_groups.key?(reviewable_by_group_id)
    @category_group_moderator_groups[reviewable_by_group_id]
  else
    @category_group_moderator_groups[
      reviewable_by_group_id
    ] = category_group_moderator_scope.exists?("categories.id": category.id)
  end
end

#is_developer?Boolean

Returns:

  • (Boolean) 


139
140
141
142
143
144
145
146
147
148
 
# File 'lib/guardian.rb', line 139

def is_developer?
  @user && is_admin? &&
    (
      Rails.env.development? || Developer.user_ids.include?(@user.id) ||
        (
          Rails.configuration.respond_to?(:developer_emails) &&
            Rails.configuration.developer_emails.include?(@user.email)
        )
    )
end

#is_me?(other) ⇒ Boolean

Returns:

  • (Boolean) 


613
614
615
 
# File 'lib/guardian.rb', line 613

def is_me?(other)
  other && authenticated? && other.is_a?(User) && @user == other
end

#is_moderator?Boolean

Returns:

  • (Boolean) 


109
110
111
 
# File 'lib/guardian.rb', line 109

def is_moderator?
  @user.moderator?
end

#is_silenced?Boolean

Returns:

  • (Boolean) 


135
136
137
 
# File 'lib/guardian.rb', line 135

def is_silenced?
  @user.silenced?
end

#is_staff?Boolean

Returns:

  • (Boolean) 


105
106
107
 
# File 'lib/guardian.rb', line 105

def is_staff?
  @user.staff?
end

#is_staged?Boolean

Returns:

  • (Boolean) 


150
151
152
 
# File 'lib/guardian.rb', line 150

def is_staged?
  @user.staged?
end

#is_whisperer?Boolean

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/guardian.rb', line 113

def is_whisperer?
  @user.whisperer?
end

#userObject Also known as: current_user 



88
89
90
 
# File 'lib/guardian.rb', line 88

def user
  @user.presence
end