user events: make all events visible to moderators.

Allow moderators to see all events on the /user_events page. Before only admins could see when a user changed their email, changed their password, or had a failed login attempt. Now moderators can see these events too. Filtering these events out made the /user_actions page slower, and it wasn't really necessary since merely knowing that a user changed their email or password isn't that much more sensitive than knowing when they logged in or out.
2022-09-16 04:20:33 -05:00
parent ee638f976f
commit bd73090b4c
2 changed files with 5 additions and 5 deletions
--- a/app/models/user_event.rb
+++ b/app/models/user_event.rb
@@ -24,10 +24,10 @@ class UserEvent < ApplicationRecord
  delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true

  def self.visible(user)
-    if user.is_admin?
+    if user.is_moderator?
      all
-    elsif user.is_moderator?
-      where(category: [:login, :logout, :user_creation]).or(where(user: user))
+    elsif user.is_anonymous?
+      none
    else
      where(user: user)
    end