94e125709c
Add a Restricted user level. Restricted users are level 10, below Members. New users start out as Restricted if they sign up from a proxy or an IP recently used by another user. Restricted users can't update or edit any public content on the site until they verify their email address, at which point they're promoted to Member. Restricted users are only allowed to do personal actions like keep favorites, keep favgroups and saved searches, mark dmails as read or deleted, or mark forum posts as read. The restricted state already existed before, the only change here is that now it's an actual user level instead of a hidden state. Before it was based on two hidden flags on the user, the `requires_verification` flag (set when a user signs up from a proxy, etc), and the `is_verified` flag (set after the user verifies their email). Making it a user level means that now the Restricted status will be shown publicly. Introducing a new level below Member means that we have to change every `is_member?` check to `!is_anonymous` for every place where we used `is_member?` to check that the current user is logged in.
84 lines
2.1 KiB
Ruby
84 lines
2.1 KiB
Ruby
class UserPolicy < ApplicationPolicy
|
|
def create?
|
|
true
|
|
end
|
|
|
|
def new?
|
|
true
|
|
end
|
|
|
|
def update?
|
|
record.id == user.id || user.is_admin?
|
|
end
|
|
|
|
def promote?
|
|
user.is_moderator?
|
|
end
|
|
|
|
def upgrade?
|
|
!user.is_anonymous?
|
|
end
|
|
|
|
def reportable?
|
|
false
|
|
end
|
|
|
|
def fix_counts?
|
|
!user.is_anonymous?
|
|
end
|
|
|
|
def can_see_last_logged_in_at?
|
|
user.is_moderator?
|
|
end
|
|
|
|
def can_see_favorites?
|
|
user.is_admin? || record.id == user.id || !record.enable_private_favorites?
|
|
end
|
|
|
|
def permitted_attributes_for_create
|
|
[:name, :password, :password_confirmation, { email_address_attributes: [:address] }]
|
|
end
|
|
|
|
def permitted_attributes_for_update
|
|
[
|
|
:comment_threshold, :default_image_size, :favorite_tags,
|
|
:blacklisted_tags, :time_zone, :per_page, :custom_style, :theme,
|
|
:receive_email_notifications, :always_resize_images,
|
|
:enable_post_navigation, :new_post_navigation_layout,
|
|
:enable_private_favorites, :enable_sequential_post_navigation,
|
|
:hide_deleted_posts, :style_usernames, :enable_auto_complete,
|
|
:show_deleted_children, :disable_categorized_saved_searches,
|
|
:disable_tagged_filenames, :disable_cropped_thumbnails,
|
|
:disable_mobile_gestures, :enable_safe_mode, :enable_desktop_mode,
|
|
:disable_post_tooltips,
|
|
].compact
|
|
end
|
|
|
|
def api_attributes
|
|
attributes = %i[
|
|
id created_at name inviter_id level
|
|
post_upload_count post_update_count note_update_count is_banned
|
|
can_approve_posts can_upload_free level_string
|
|
]
|
|
|
|
if record.id == user.id
|
|
attributes += User::BOOLEAN_ATTRIBUTES
|
|
attributes += %i[
|
|
updated_at last_logged_in_at last_forum_read_at
|
|
comment_threshold default_image_size
|
|
favorite_tags blacklisted_tags time_zone per_page
|
|
custom_style favorite_count api_regen_multiplier
|
|
api_burst_limit remaining_api_limit statement_timeout
|
|
favorite_group_limit favorite_limit tag_query_limit
|
|
is_comment_limited?
|
|
max_saved_searches theme
|
|
]
|
|
end
|
|
|
|
attributes
|
|
end
|
|
|
|
alias_method :profile?, :show?
|
|
alias_method :settings?, :edit?
|
|
end
|