Added privilege check for seeing flagger usernames

Also reworked all places dealing with flagger names to use said privilege

app/models/post_event.rb

@@ -24,6 +24,16 @@ class PostEvent
     type_name.first
   end
 
+  def is_creator_visible?(user = CurrentUser.user)
+    case event
+    when PostAppeal
+      true
+    when PostFlag
+      flag = event
+      user.can_view_flagger?(flag.creator_id)
+    end
+  end
+
   def attributes
     {
       "creator_id": nil,

app/models/post_flag.rb

@@ -65,12 +65,15 @@ class PostFlag < ActiveRecord::Base
         q = q.reason_matches(params[:reason_matches])
       end
 
-      if params[:creator_id].present? && (CurrentUser.is_moderator? || params[:creator_id].to_i == CurrentUser.user.id)
+      if params[:creator_id].present? && CurrentUser.can_view_flagger?(params[:creator_id].to_i)
         q = q.where("creator_id = ?", params[:creator_id].to_i)
       end
 
-      if params[:creator_name].present? && (CurrentUser.is_moderator? || params[:creator_name].mb_chars.downcase.strip.tr(" ", "_") == CurrentUser.user.name.downcase)
-        q = q.where("creator_id = (select _.id from users _ where lower(_.name) = ?)", params[:creator_name].mb_chars.downcase.strip.tr(" ", "_"))
+      if params[:creator_name].present?
+        creator_id = User.name_to_id(params[:creator_name].strip)
+        if CurrentUser.can_view_flagger?(creator_id)
+          q = q.where("creator_id = ?", creator_id)
+        end
       end
 
       if params[:post_id].present?

app/models/user.rb

@@ -545,6 +545,10 @@ class User < ActiveRecord::Base
       created_at <= 1.week.ago
     end
 
+    def can_view_flagger?(flagger_id)
+      CurrentUser.is_moderator? || flagger_id == CurrentUser.user.id
+    end
+
     def base_upload_limit
       if created_at >= 1.month.ago
         10