9dc788c0ce
Require new accounts to verify their email address if any of the following conditions are true: * Their IP is a proxy. * Their IP is under a partial IP ban. * They're creating a new account while logged in to another account. * Somebody recently created an account from the same IP in the last week. Changes from before: * Allow logged in users to view the signup page and create new accounts. Creating a new account while logged in to your old account is now allowed, but it requires email verification. This is a honeypot. * Creating multiple accounts from the same IP is now allowed, but they require email verification. Previously the same IP check was only for the last day (now it's the last week), and only for an exact IP match (now it's a subnet match, /24 for IPv4 or /64 for IPv6). * New account verification is disabled for private IPs (e.g. 127.0.0.1, 192.168.0.1), to make development or running personal boorus easier (fixes #4618).
84 lines
2.1 KiB
Ruby
84 lines
2.1 KiB
Ruby
class UserPolicy < ApplicationPolicy
|
|
def create?
|
|
true
|
|
end
|
|
|
|
def new?
|
|
true
|
|
end
|
|
|
|
def update?
|
|
record.id == user.id || user.is_admin?
|
|
end
|
|
|
|
def promote?
|
|
user.is_moderator?
|
|
end
|
|
|
|
def upgrade?
|
|
user.is_member?
|
|
end
|
|
|
|
def reportable?
|
|
false
|
|
end
|
|
|
|
def fix_counts?
|
|
user.is_member?
|
|
end
|
|
|
|
def can_see_last_logged_in_at?
|
|
user.is_moderator?
|
|
end
|
|
|
|
def can_see_favorites?
|
|
user.is_admin? || record.id == user.id || !record.enable_private_favorites?
|
|
end
|
|
|
|
def permitted_attributes_for_create
|
|
[:name, :password, :password_confirmation, { email_address_attributes: [:address] }]
|
|
end
|
|
|
|
def permitted_attributes_for_update
|
|
[
|
|
:comment_threshold, :default_image_size, :favorite_tags,
|
|
:blacklisted_tags, :time_zone, :per_page, :custom_style, :theme,
|
|
:receive_email_notifications, :always_resize_images,
|
|
:enable_post_navigation, :new_post_navigation_layout,
|
|
:enable_private_favorites, :enable_sequential_post_navigation,
|
|
:hide_deleted_posts, :style_usernames, :enable_auto_complete,
|
|
:show_deleted_children, :disable_categorized_saved_searches,
|
|
:disable_tagged_filenames, :disable_cropped_thumbnails,
|
|
:disable_mobile_gestures, :enable_safe_mode, :enable_desktop_mode,
|
|
:disable_post_tooltips,
|
|
].compact
|
|
end
|
|
|
|
def api_attributes
|
|
attributes = %i[
|
|
id created_at name inviter_id level
|
|
post_upload_count post_update_count note_update_count is_banned
|
|
can_approve_posts can_upload_free level_string
|
|
]
|
|
|
|
if record.id == user.id
|
|
attributes += User::BOOLEAN_ATTRIBUTES
|
|
attributes += %i[
|
|
updated_at last_logged_in_at last_forum_read_at
|
|
comment_threshold default_image_size
|
|
favorite_tags blacklisted_tags time_zone per_page
|
|
custom_style favorite_count api_regen_multiplier
|
|
api_burst_limit remaining_api_limit statement_timeout
|
|
favorite_group_limit favorite_limit tag_query_limit
|
|
is_comment_limited?
|
|
max_saved_searches theme
|
|
]
|
|
end
|
|
|
|
attributes
|
|
end
|
|
|
|
alias_method :profile?, :show?
|
|
alias_method :settings?, :edit?
|
|
end
|