jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

user events: make all events visible to moderators.

Browse Source 
Allow moderators to see all events on the /user_events page. Before only
admins could see when a user changed their email, changed their
password, or had a failed login attempt. Now moderators can see these
events too.

Filtering these events out made the /user_actions page slower, and it
wasn't really necessary since merely knowing that a user changed their
email or password isn't that much more sensitive than knowing when they
logged in or out.
This commit is contained in:
evazion
2022-09-16 04:20:33 -05:00
parent ee638f976f
commit bd73090b4c
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/user_event.rb
View File

@@ -24,10 +24,10 @@ class UserEvent < ApplicationRecord
delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true
def self.visible(user) def self.visible(user)
if user.is_admin? if user.is_moderator?
all all
elsif user.is_moderator? elsif user.is_anonymous?
where(category: [:login, :logout, :user_creation]).or(where(user: user)) none
else else
where(user: user) where(user: user)
end end

4
test/functional/user_events_controller_test.rb
View File

@@ -25,11 +25,11 @@ class UserEventsControllerTest < ActionDispatch::IntegrationTest
assert_response 403 assert_response 403
end end
should "only show mods authorized events" do should "show mods all events" do
get_auth user_events_path(search: { category: "password_change" }), create(:moderator_user) get_auth user_events_path(search: { category: "password_change" }), create(:moderator_user)
assert_response :success assert_response :success
assert_select "tbody tr", count: 0 assert_select "tbody tr", count: 1
end end
end end
end end