Added privilege check for seeing flagger usernames

Also reworked all places dealing with flagger names to use said privilege

app/helpers/post_flags_helper.rb

@@ -7,8 +7,11 @@ module PostFlagsHelper
       html << '<li>'
       html << DText.parse_inline(flag.reason).html_safe
 
-      if CurrentUser.is_moderator?
+      if CurrentUser.can_view_flagger?(flag.creator_id)
-        html << " - #{link_to_user(flag.creator)} (#{link_to_ip(flag.creator_ip_addr)})"
+        html << " - #{link_to_user(flag.creator)}"
+        if CurrentUser.is_moderator?
+           html << " (#{link_to_ip(flag.creator_ip_addr)})"
+        end
       end
 
       html << ' - ' + time_ago_in_words_tagged(flag.created_at)

app/logical/anonymous_user.rb

@@ -116,6 +116,10 @@ class AnonymousUser
     false
   end
 
+  def can_view_flagger?(flagger_id)
+    false
+  end
+
   def can_approve_posts?
     false
   end

app/logical/post_query_builder.rb

@@ -238,7 +238,9 @@ class PostQueryBuilder
 
     if q[:flagger_ids_neg]
       q[:flagger_ids_neg].each do |flagger_id|
-        relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
+        if CurrentUser.can_view_flagger?(flagger_id)
+          relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
+        end
       end
     end
 
@@ -248,8 +250,8 @@ class PostQueryBuilder
           relation = relation.where('EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')')
         elsif flagger_id == "none"
           relation = relation.where('NOT EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')')
-        else
+        elsif CurrentUser.can_view_flagger?(flagger_id)
-          relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
+            relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
         end
       end
       has_constraints!

app/models/post_event.rb

@@ -24,6 +24,16 @@ class PostEvent
     type_name.first
   end
 
+  def is_creator_visible?(user = CurrentUser.user)
+    case event
+    when PostAppeal
+      true
+    when PostFlag
+      flag = event
+      user.can_view_flagger?(flag.creator_id)
+    end
+  end
+
   def attributes
     {
       "creator_id": nil,

app/models/post_flag.rb

@@ -65,12 +65,15 @@ class PostFlag < ActiveRecord::Base
         q = q.reason_matches(params[:reason_matches])
       end
 
-      if params[:creator_id].present? && (CurrentUser.is_moderator? || params[:creator_id].to_i == CurrentUser.user.id)
+      if params[:creator_id].present? && CurrentUser.can_view_flagger?(params[:creator_id].to_i)
         q = q.where("creator_id = ?", params[:creator_id].to_i)
       end
 
-      if params[:creator_name].present? && (CurrentUser.is_moderator? || params[:creator_name].mb_chars.downcase.strip.tr(" ", "_") == CurrentUser.user.name.downcase)
+      if params[:creator_name].present?
-        q = q.where("creator_id = (select _.id from users _ where lower(_.name) = ?)", params[:creator_name].mb_chars.downcase.strip.tr(" ", "_"))
+        creator_id = User.name_to_id(params[:creator_name].strip)
+        if CurrentUser.can_view_flagger?(creator_id)
+          q = q.where("creator_id = ?", creator_id)
+        end
       end
 
       if params[:post_id].present?

app/models/user.rb

@@ -545,6 +545,10 @@ class User < ActiveRecord::Base
       created_at <= 1.week.ago
     end
 
+    def can_view_flagger?(flagger_id)
+      CurrentUser.is_moderator? || flagger_id == CurrentUser.user.id
+    end
+
     def base_upload_limit
       if created_at >= 1.month.ago
         10

app/views/post_events/index.html.erb

@@ -6,9 +6,7 @@
       <thead>
         <tr>
           <th width="5%">Type</th>
-          <% if CurrentUser.is_moderator? %>
+          <th width="10%">Creator</th>
-            <th width="10%">Creator</th>
-          <% end %>
           <th>Reason</th>
           <th width="5%">Resolved?</th>
           <th width="15%">Date</th>
@@ -18,11 +16,13 @@
         <% @events.each do |event| %>
           <tr class="resolved-<%= event.is_resolved %>">
             <td><%= event.type_name %></td>
-            <% if CurrentUser.is_moderator? %>
+            <td>
-              <td>
+              <% if event.is_creator_visible? %>
                 <%= link_to_user event.creator %>
-              </td>
+              <% else %>
-            <% end %>
+                <i>hidden</i>
+              <% end %>
+            </td>
             <td><%= format_text event.reason, :ragel => true %></td>
             <td>
               <% if event.is_resolved %>

app/views/post_flags/index.html.erb

@@ -39,7 +39,7 @@
             </td>
             <td>
               <%= compact_time post_flag.created_at %>
-              <% if CurrentUser.user.is_moderator? %>
+              <% if CurrentUser.can_view_flagger?(post_flag.creator_id) %>
                 <br> by <%= link_to_user post_flag.creator %>
                 <%= link_to "»", post_flags_path(search: params[:search].merge(creator_name: post_flag.creator.name)) %>
               <% end %>