From 67eefadd7f6528b10c4f973bee7d68cd183537df Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sun, 13 Dec 2020 19:50:25 -0600
Subject: [PATCH] users: let mods see email addresses on user profiles.

* Let Mods and Admins see the email addresses of users below their level.
* Let users see their own email address on their profile.
* Let users verify or edit their email address from their profile.

This is to make catching sockpuppets easier, and to make it easier for
users to fix their email.
---
 app/javascript/src/styles/base/040_colors.css |  6 ++++
 app/javascript/src/styles/specific/users.scss |  8 +++++
 app/policies/email_address_policy.rb          |  2 +-
 app/policies/nil_class_policy.rb              | 21 ++++++++++++++
 app/views/emails/verify.html.erb              |  8 ++---
 app/views/users/_statistics.html.erb          | 28 ++++++++++++++++++
 test/functional/users_controller_test.rb      | 29 ++++++++++++++++++-
 7 files changed, 96 insertions(+), 6 deletions(-)
 create mode 100644 app/policies/nil_class_policy.rb

diff --git a/app/javascript/src/styles/base/040_colors.css b/app/javascript/src/styles/base/040_colors.css
index 28eef86ec..5dc30e914 100644
--- a/app/javascript/src/styles/base/040_colors.css
+++ b/app/javascript/src/styles/base/040_colors.css
@@ -201,6 +201,9 @@
   --user-member-color: var(--link-color);
   --user-banned-color: black;
 
+  --user-verified-email-color: #0A0;
+  --user-unverified-email-color: #F80;
+
   --news-updates-background: #EEE;
   --news-updates-border: 2px solid #666;
 
@@ -291,6 +294,9 @@ body[data-current-user-theme="dark"] {
   --user-moderator-color: var(--green-1);
   --user-admin-color: var(--red-1);
 
+  --user-verified-email-color: var(--green-1);
+  --user-unverified-email-color: var(--yellow-1);
+
   /* misc specific colors */
   --autocomplete-selected-background-color: var(--grey-3);
   --autocomplete-border: 1px solid var(--grey-4);
diff --git a/app/javascript/src/styles/specific/users.scss b/app/javascript/src/styles/specific/users.scss
index 708538025..ba9af319f 100644
--- a/app/javascript/src/styles/specific/users.scss
+++ b/app/javascript/src/styles/specific/users.scss
@@ -30,6 +30,14 @@ div#c-users {
       p {
         margin-bottom: 0.5em;
       }
+
+      .user-verified-email-icon {
+        color: var(--user-verified-email-color);
+      }
+
+      .user-unverified-email-icon {
+        color: var(--user-unverified-email-color);
+      }
     }
   }
 
diff --git a/app/policies/email_address_policy.rb b/app/policies/email_address_policy.rb
index cd92232d1..152469125 100644
--- a/app/policies/email_address_policy.rb
+++ b/app/policies/email_address_policy.rb
@@ -1,6 +1,6 @@
 class EmailAddressPolicy < ApplicationPolicy
   def show?
-    record.user_id == user.id
+    record.user_id == user.id || (user.is_moderator? && record.user.level < user.level)
   end
 
   def update?
diff --git a/app/policies/nil_class_policy.rb b/app/policies/nil_class_policy.rb
new file mode 100644
index 000000000..8bce8769e
--- /dev/null
+++ b/app/policies/nil_class_policy.rb
@@ -0,0 +1,21 @@
+class NilClassPolicy < ApplicationPolicy
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def update?
+    false
+  end
+
+  def destroy?
+    false
+  end
+end
diff --git a/app/views/emails/verify.html.erb b/app/views/emails/verify.html.erb
index 5790b4f57..f152a3558 100644
--- a/app/views/emails/verify.html.erb
+++ b/app/views/emails/verify.html.erb
@@ -6,12 +6,12 @@
 
     <% if @user.is_restricted? %>
       <p>Your account is restricted because you signed up from a VPN or proxy.
-      You can still use the site, but you won't be able to leave comments, edit
-      tags, or upload posts until you verify your account.</p>
+      You can still use the site, but you must verify your email address to be
+      able to leave comments, edit tags, or upload posts.</p>
     <% end %>
 
-    <p>Click below to send an email to <strong><%= @email_address.address %></strong>
-    to verify your account.</p>
+    <p>Your email address is unverified. Click below to send an email to
+    <strong><%= @email_address.address %></strong> to verify your email address.</p>
 
     <%= edit_form_for(@user, method: :post, url: send_confirmation_user_email_path(@user)) do |f| %>
       <%= f.submit "Send confirmation email" %>
diff --git a/app/views/users/_statistics.html.erb b/app/views/users/_statistics.html.erb
index 884a4c100..2a8ee6ec9 100644
--- a/app/views/users/_statistics.html.erb
+++ b/app/views/users/_statistics.html.erb
@@ -10,6 +10,7 @@
         <th>Join Date</th>
         <td><%= presenter.join_date %></td>
       </tr>
+
       <% if policy(IpAddress).show? %>
         <tr>
           <th>Last IP</th>
@@ -27,6 +28,33 @@
         </tr>
       <% end %>
 
+      <% if policy(user.email_address).show? %>
+        <tr class="user-email-address">
+          <th>Email Address</th>
+          <td>
+            <% if user.email_address.present? %>
+              <%= user.email_address.address %>
+
+              <% if user == CurrentUser.user %>
+                (<%= link_to "edit", edit_user_email_path(user) %>)
+              <% end %>
+
+              <% if user.email_address.is_verified? %>
+                <i class="fas fa-check-circle user-verified-email-icon" title="Verified email"></i>
+              <% elsif user == CurrentUser.user %>
+                <%= link_to verify_user_email_path(user) do %>
+                  <i class="fas fa-exclamation-triangle user-unverified-email-icon" title="Unverified email. Click here to verify your email."></i>
+                <% end %>
+              <% else %>
+                <i class="fas fa-exclamation-triangle user-email-unverified" title="Unverified email."></i>
+              <% end %>
+            <% else %>
+              <em>none</em>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+
       <tr>
         <th>Inviter</th>
         <% if user.inviter %>
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index 7d35e591f..5c2e2b583 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -114,7 +114,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     context "show action" do
       setup do
         # flesh out profile to get more test coverage of user presenter.
-        @user = create(:banned_user, can_approve_posts: true, created_at: 2.weeks.ago)
+        @user = create(:user, can_approve_posts: true, created_at: 2.weeks.ago)
         as(@user) do
           create(:saved_search, user: @user)
           create(:post, uploader: @user, tag_string: "fav:#{@user.name}")
@@ -152,6 +152,33 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
         assert_equal(false, xml["user"]["enable_safe_mode"])
       end
 
+      context "for a user with an email address" do
+        setup do
+          create(:email_address, user: @user)
+        end
+
+        should "show the email address to the user themselves" do
+          get_auth user_path(@user), @user
+
+          assert_response :success
+          assert_select ".user-email-address", count: 1
+        end
+
+        should "show the email address to mods" do
+          get_auth user_path(@user), create(:moderator_user)
+
+          assert_response :success
+          assert_select ".user-email-address", count: 1
+        end
+
+        should "not show the email address to other users" do
+          get_auth user_path(@user), create(:user)
+
+          assert_response :success
+          assert_select ".user-email-address", count: 0
+        end
+      end
+
       context "for a tooltip" do
         setup do
           @banned = create(:banned_user)