jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

user events: let mods only see login/logout/signup events.

Browse Source 
Adjust permissions on user events to let Moderators only see login,
logout, and user creation events, not other types of events (password
changes, etc). Admins can see everything. These other types of events
are meant for account security purposes and aren't very relevant for
sockpuppet detection purposes.
This commit is contained in:
evazion
2021-01-12 16:44:53 -06:00
parent be5cc3f99b
commit 7537edb211
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/user_event.rb
View File

@@ -22,8 +22,10 @@ class UserEvent < ApplicationRecord
delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true
def self.visible(user) def self.visible(user)
if user.is_moderator? if user.is_admin?
all all
elsif user.is_moderator?
where(category: [:login, :logout, :user_creation]).or(where(user: user))
else else
where(user: user) where(user: user)
end end

2
app/policies/user_session_policy.rb
View File

@@ -1,5 +1,5 @@
class UserSessionPolicy < ApplicationPolicy class UserSessionPolicy < ApplicationPolicy
def index? def index?
user.is_moderator? user.is_admin?
end end
end end