From bd73090b4c1e4b50f10ca475f5749eaffda4aa12 Mon Sep 17 00:00:00 2001 From: evazion Date: Fri, 16 Sep 2022 04:20:33 -0500 Subject: [PATCH] user events: make all events visible to moderators. Allow moderators to see all events on the /user_events page. Before only admins could see when a user changed their email, changed their password, or had a failed login attempt. Now moderators can see these events too. Filtering these events out made the /user_actions page slower, and it wasn't really necessary since merely knowing that a user changed their email or password isn't that much more sensitive than knowing when they logged in or out. --- app/models/user_event.rb | 6 +++--- test/functional/user_events_controller_test.rb | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/models/user_event.rb b/app/models/user_event.rb index 12dc03f1b..cf362b515 100644 --- a/app/models/user_event.rb +++ b/app/models/user_event.rb @@ -24,10 +24,10 @@ class UserEvent < ApplicationRecord delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true def self.visible(user) - if user.is_admin? + if user.is_moderator? all - elsif user.is_moderator? - where(category: [:login, :logout, :user_creation]).or(where(user: user)) + elsif user.is_anonymous? + none else where(user: user) end diff --git a/test/functional/user_events_controller_test.rb b/test/functional/user_events_controller_test.rb index 280481da8..01585e56a 100644 --- a/test/functional/user_events_controller_test.rb +++ b/test/functional/user_events_controller_test.rb @@ -25,11 +25,11 @@ class UserEventsControllerTest < ActionDispatch::IntegrationTest assert_response 403 end - should "only show mods authorized events" do + should "show mods all events" do get_auth user_events_path(search: { category: "password_change" }), create(:moderator_user) assert_response :success - assert_select "tbody tr", count: 0 + assert_select "tbody tr", count: 1 end end end