Module: UserGuardian

Included in:
Guardian
Defined in:
lib/guardian/user_guardian.rb

Overview

mixin for all Guardian methods dealing with user permissions

Instance Method Summary collapse

Instance Method Details

#allowed_user_field_ids(user) ⇒ Object



140
141
142
143
144
145
146
147
148
149
150
151
152
153
# File 'lib/guardian/user_guardian.rb', line 140

def allowed_user_field_ids(user)
  @allowed_user_field_ids ||= {}

  is_staff_or_is_me = is_staff? || is_me?(user)
  cache_key = is_staff_or_is_me ? :staff_or_me : :other

  @allowed_user_field_ids[cache_key] ||= begin
    if is_staff_or_is_me
      UserField.pluck(:id)
    else
      UserField.where("show_on_profile OR show_on_user_card").pluck(:id)
    end
  end
end

#can_anonymize_user?(user) ⇒ Boolean

Returns:

  • (Boolean)


76
77
78
# File 'lib/guardian/user_guardian.rb', line 76

def can_anonymize_user?(user)
  is_staff? && !user.nil? && !user.staff? && !user.email&.ends_with?(UserAnonymizer::EMAIL_SUFFIX)
end

#can_change_tracking_preferences?(user) ⇒ Boolean

Returns:

  • (Boolean)


201
202
203
# File 'lib/guardian/user_guardian.rb', line 201

def can_change_tracking_preferences?(user)
  (SiteSetting.allow_changing_staged_user_tracking || !user.staged) && can_edit_user?(user)
end

#can_check_emails?(user) ⇒ Boolean

Returns:

  • (Boolean)


96
97
98
# File 'lib/guardian/user_guardian.rb', line 96

def can_check_emails?(user)
  is_admin? || (is_staff? && SiteSetting.moderators_view_emails)
end

#can_check_sso_details?(user) ⇒ Boolean

Returns:

  • (Boolean)


100
101
102
# File 'lib/guardian/user_guardian.rb', line 100

def can_check_sso_details?(user)
  user && is_admin?
end

#can_claim_reviewable_topic?(topic) ⇒ Boolean

Returns:

  • (Boolean)


5
6
7
# File 'lib/guardian/user_guardian.rb', line 5

def can_claim_reviewable_topic?(topic)
  SiteSetting.reviewable_claiming != "disabled" && can_review_topic?(topic)
end

#can_delete_sso_record?(user) ⇒ Boolean

Returns:

  • (Boolean)


197
198
199
# File 'lib/guardian/user_guardian.rb', line 197

def can_delete_sso_record?(user)
  SiteSetting.enable_discourse_connect && user && is_admin?
end

#can_delete_user?(user) ⇒ Boolean

Returns:

  • (Boolean)


60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/guardian/user_guardian.rb', line 60

def can_delete_user?(user)
  return false if user.nil? || user.admin?

  if is_me?(user)
    !SiteSetting.enable_discourse_connect &&
      !user.has_more_posts_than?(SiteSetting.delete_user_self_max_post_count)
  else
    is_staff? &&
      (
        user.first_post_created_at.nil? ||
          !user.has_more_posts_than?(User::MAX_STAFF_DELETE_POST_COUNT) ||
          user.first_post_created_at > SiteSetting.delete_user_max_post_age.to_i.days.ago
      )
  end
end

#can_disable_second_factor?(user) ⇒ Boolean

Returns:

  • (Boolean)


117
118
119
# File 'lib/guardian/user_guardian.rb', line 117

def can_disable_second_factor?(user)
  user && can_administer_user?(user)
end

#can_edit_email?(user) ⇒ Boolean

Returns:

  • (Boolean)


32
33
34
35
36
37
38
# File 'lib/guardian/user_guardian.rb', line 32

def can_edit_email?(user)
  return false if SiteSetting.auth_overrides_email?
  return false unless SiteSetting.email_editable?
  return true if is_staff?
  return false if is_anonymous?
  can_edit?(user)
end

#can_edit_name?(user) ⇒ Boolean

Returns:

  • (Boolean)


40
41
42
43
44
45
46
# File 'lib/guardian/user_guardian.rb', line 40

def can_edit_name?(user)
  return false unless SiteSetting.enable_names?
  return false if SiteSetting.auth_overrides_name?
  return true if is_staff?
  return false if is_anonymous?
  can_edit?(user)
end

#can_edit_user?(user) ⇒ Boolean

Returns:

  • (Boolean)


20
21
22
# File 'lib/guardian/user_guardian.rb', line 20

def can_edit_user?(user)
  is_me?(user) || is_staff?
end

#can_edit_username?(user) ⇒ Boolean

Returns:

  • (Boolean)


24
25
26
27
28
29
30
# File 'lib/guardian/user_guardian.rb', line 24

def can_edit_username?(user)
  return false if SiteSetting.auth_overrides_username?
  return true if is_staff?
  return false if SiteSetting.username_change_period <= 0
  return false if is_anonymous?
  is_me?(user) && user.created_at > SiteSetting.username_change_period.days.ago
end

#can_feature_topic?(user, topic) ⇒ Boolean

Returns:

  • (Boolean)


155
156
157
158
159
160
161
162
# File 'lib/guardian/user_guardian.rb', line 155

def can_feature_topic?(user, topic)
  return false if topic.nil?
  return false if !SiteSetting.allow_featured_topic_on_user_profiles?
  return false if !is_me?(user) && !is_staff?
  return false if !topic.visible
  return false if topic.read_restricted_category? || topic.private_message?
  true
end

#can_merge_user?(user) ⇒ Boolean

Returns:

  • (Boolean)


80
81
82
# File 'lib/guardian/user_guardian.rb', line 80

def can_merge_user?(user)
  is_admin? && !user.nil? && !user.staff?
end

#can_merge_users?(source_user, target_user) ⇒ Boolean

Returns:

  • (Boolean)


84
85
86
# File 'lib/guardian/user_guardian.rb', line 84

def can_merge_users?(source_user, target_user)
  can_merge_user?(source_user) && !target_user.nil?
end

#can_pick_avatar?(user_avatar, upload) ⇒ Boolean

Returns:

  • (Boolean)


9
10
11
12
13
14
15
16
17
18
# File 'lib/guardian/user_guardian.rb', line 9

def can_pick_avatar?(user_avatar, upload)
  return false unless self.user
  return true if is_admin?
  # can always pick blank avatar
  return true if !upload
  return true if user_avatar.contains_upload?(upload.id)
  return true if upload.user_id == user_avatar.user_id || upload.user_id == user.id

  UserUpload.exists?(upload_id: upload.id, user_id: user.id)
end

#can_reset_bounce_score?(user) ⇒ Boolean

Returns:

  • (Boolean)


92
93
94
# File 'lib/guardian/user_guardian.rb', line 92

def can_reset_bounce_score?(user)
  user && is_staff?
end

#can_see_notifications?(user) ⇒ Boolean

Returns:

  • (Boolean)


48
49
50
# File 'lib/guardian/user_guardian.rb', line 48

def can_see_notifications?(user)
  is_me?(user) || is_admin?
end

#can_see_profile?(user) ⇒ Boolean

Returns:

  • (Boolean)


125
126
127
128
129
130
131
132
133
# File 'lib/guardian/user_guardian.rb', line 125

def can_see_profile?(user)
  return false if user.blank?
  return true if !SiteSetting.allow_users_to_hide_profile?

  # If a user has hidden their profile, restrict it to them and staff
  return is_me?(user) || is_staff? if user.user_option.try(:hide_profile_and_presence?)

  true
end

#can_see_review_queue?Boolean

Returns:

  • (Boolean)


164
165
166
167
168
169
170
171
172
173
# File 'lib/guardian/user_guardian.rb', line 164

def can_see_review_queue?
  is_staff? ||
    (
      SiteSetting.enable_category_group_moderation &&
        Reviewable
          .where(reviewable_by_group_id: @user.group_users.pluck(:group_id))
          .where("category_id IS NULL or category_id IN (?)", allowed_category_ids)
          .exists?
    )
end

#can_see_staff_info?(user) ⇒ Boolean

Returns:

  • (Boolean)


108
109
110
# File 'lib/guardian/user_guardian.rb', line 108

def can_see_staff_info?(user)
  user && is_staff?
end

#can_see_summary_stats?(target_user) ⇒ Boolean

Returns:

  • (Boolean)


175
176
177
# File 'lib/guardian/user_guardian.rb', line 175

def can_see_summary_stats?(target_user)
  true
end

#can_see_suspension_reason?(user) ⇒ Boolean

Returns:

  • (Boolean)


112
113
114
115
# File 'lib/guardian/user_guardian.rb', line 112

def can_see_suspension_reason?(user)
  return true unless SiteSetting.hide_suspension_reasons?
  user == @user || is_staff?
end

#can_see_user?(_user) ⇒ Boolean

Returns:

  • (Boolean)


121
122
123
# File 'lib/guardian/user_guardian.rb', line 121

def can_see_user?(_user)
  true
end

#can_see_user_actions?(user, action_types) ⇒ Boolean

Returns:

  • (Boolean)


135
136
137
138
# File 'lib/guardian/user_guardian.rb', line 135

def can_see_user_actions?(user, action_types)
  return true if !@user.anonymous? && (@user.id == user.id || is_admin?)
  (action_types & UserAction.private_types).empty?
end

#can_see_warnings?(user) ⇒ Boolean

Returns:

  • (Boolean)


88
89
90
# File 'lib/guardian/user_guardian.rb', line 88

def can_see_warnings?(user)
  user && (is_me?(user) || is_staff?)
end

#can_silence_user?(user) ⇒ Boolean

Returns:

  • (Boolean)


52
53
54
# File 'lib/guardian/user_guardian.rb', line 52

def can_silence_user?(user)
  user && is_staff? && not(user.staff?)
end

#can_unsilence_user?(user) ⇒ Boolean

Returns:

  • (Boolean)


56
57
58
# File 'lib/guardian/user_guardian.rb', line 56

def can_unsilence_user?(user)
  user && is_staff?
end

#can_upload_external?Boolean

Returns:

  • (Boolean)


193
194
195
# File 'lib/guardian/user_guardian.rb', line 193

def can_upload_external?
  !ExternalUploadManager.user_banned?(user)
end

#can_upload_profile_header?(user) ⇒ Boolean

Returns:

  • (Boolean)


179
180
181
182
183
184
# File 'lib/guardian/user_guardian.rb', line 179

def can_upload_profile_header?(user)
  (
    is_me?(user) &&
      user.has_trust_level?(SiteSetting.min_trust_level_to_allow_profile_background.to_i)
  ) || is_staff?
end

#can_upload_user_card_background?(user) ⇒ Boolean

Returns:

  • (Boolean)


186
187
188
189
190
191
# File 'lib/guardian/user_guardian.rb', line 186

def can_upload_user_card_background?(user)
  (
    is_me?(user) &&
      user.has_trust_level?(SiteSetting.min_trust_level_to_allow_user_card_background.to_i)
  ) || is_staff?
end

#restrict_user_fields?(user) ⇒ Boolean

Returns:

  • (Boolean)


104
105
106
# File 'lib/guardian/user_guardian.rb', line 104

def restrict_user_fields?(user)
  (user.trust_level == TrustLevel[0] && anonymous?) || !can_see_profile?(user)
end