Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-10 02:18:55 +08:00
Code Packages Activity Actions
discourse/app/controllers
History
Exact
benj 72e4e53fda
FEATURE: add option to hide IP addresses from moderators (#33682) 
# Hide IP Addresses from Moderators When `moderators_view_ips` is
Disabled

## Summary 
Feature Request Link -
https://meta.discourse.org/t/option-to-hide-ip-addresses-from-moderators/207715/51
This PR implements a feature to **hide IP addresses from moderators**
when the `moderators_view_ips` site setting is disabled. Previously,
moderators could view IPs in multiple locations across the admin UI.
This update ensures that IP addresses are visible to moderators when the
setting allows it.

## Changes Implemented  

### Backend Updates
- **Added `moderators_view_ips` site setting** in `site_settings.yml`
- **Updated `CurrentUserSerializer`** to include `can_see_ip` field
based on the user’s role and site setting.
- **Modified `AdminUserSerializer`** to restrict IP address visibility.
- **Updated `UsersController`** to prevent IP addresses from being
included in API responses.
- **Restricted IPs in `ScreenedIpAddressesController`** by throwing
`Discourse::InvalidAccess` if the user lacks permission.

### Frontend Updates
- **Hid "Screened IPs" tab** in `/admin/logs` when `moderators_view_ips`
is disabled.
- **Blocked direct access to `/admin/logs/screened_ip_addresses`** for
unauthorized users.
- **Updated `user-index.hbs` and `logs.hbs`** to conditionally hide IP
fields.

### UI Screenshots

New option for Admins in the Admin Security settings dashboard:
![Screenshot 2025-02-21 at 5 32
00 PM](https://github.com/user-attachments/assets/5b315434-7724-4cb9-a3dc-d88750df00a6)


Moderator's view before:
![Screenshot 2025-02-21 at 5 25
41 PM](https://github.com/user-attachments/assets/0fb269e2-db40-488b-b11d-8bdfbe2a5245)
Moderator's view after:
![Screenshot 2025-02-21 at 5 26
59 PM](https://github.com/user-attachments/assets/efb848b0-1d7f-4ec9-8238-d8ee4eddbbe1)

Moderator's view before:
![Screenshot 2025-02-21 at 5 23
52 PM](https://github.com/user-attachments/assets/226e6d63-df3e-45d0-833f-de52593a086e)
Moderator's view after:
![Screenshot 2025-02-21 at 5 23
15 PM](https://github.com/user-attachments/assets/af313af2-2329-46d1-827d-290243c320e5)

---------

Co-authored-by: Bennett Dungan <bennettdungan@gmail.com>
2025-08-05 10:09:02 -05:00
..
admin FEATURE: add option to hide IP addresses from moderators (#33682) 2025-08-05 10:09:02 -05:00
users FIX: improve "read only" modes (#33521) 2025-07-10 09:08:00 +02:00
about_controller.rb DEV: Revert guardian changes (#24742) 2023-12-06 16:37:32 +10:00
application_controller.rb FIX: external_id param can be an integer (#33675) 2025-07-17 19:10:37 +02:00
associated_groups_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
badges_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
bookmarks_controller.rb FEATURE: Add bulk action to bookmark (#26856) 2024-05-22 12:50:21 -03:00
bootstrap_controller.rb DEV: Compile 'common' CSS into own assets (#31416) 2025-05-01 10:44:49 +01:00
categories_controller.rb DEV: Upgrade Rails to version 8.0.2 2025-07-22 09:59:44 +02:00
clicks_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
composer_controller.rb UX: hide warning if all users mentioned via group are already invited. (#23557) 2023-09-13 19:21:44 +05:30
composer_messages_controller.rb DEV: Move distance_of_time_in_words/time_ago_in_words (#21745) 2023-05-25 14:53:59 +02:00
csp_reports_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
directory_columns_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
directory_items_controller.rb FIX: Allow user directory searches to return more than 20 matching results (#31032) 2025-01-29 11:02:42 -04:00
do_not_disturb_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
drafts_controller.rb FIX: corrently handle hidden tags when checking for edit conflicts 2024-12-09 19:17:16 +01:00
edit_directory_columns_controller.rb DEV: Implement staff logs for user columns edits (#21774) 2023-06-07 17:19:58 -05:00
email_controller.rb FEATURE: implement RFC 8058 for email unsubscribe (#33392) 2025-07-01 11:01:13 +10:00
embed_controller.rb DEV: Also noindex embedded comments (#27221) 2024-05-28 12:59:24 +08:00
emojis_controller.rb DEV: discourse-emojis gem (#31408) 2025-03-03 13:09:08 +01:00
exceptions_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
export_csv_controller.rb FIX: Only apply the rate limit to user exports, not downloads (#30965) 2025-01-24 09:37:05 +11:00
extra_locales_controller.rb FIX: Moment locale loading in type=module (#33128) 2025-06-09 14:20:04 +01:00
finish_installation_controller.rb SECURITY: Preload data only when rendering application layout 2025-02-04 13:32:30 -03:00
form_templates_controller.rb FIX: Process templates before previewing (#33848) 2025-07-29 15:09:02 +08:00
forums_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
groups_controller.rb DEV: Revert unintended changes to GroupsController #add_members and its corresponding route (#32732) 2025-05-14 16:31:19 -05:00
hashtags_controller.rb FEATURE: Async load of category and chat hashtags (#25526) 2024-02-12 12:07:14 +02:00
highlight_js_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
home_page_controller.rb DEV: Show login-required splash in root route (take 2) (#32629) 2025-05-14 11:25:43 -04:00
inline_onebox_controller.rb SECURITY: Limit /inline-onebox to 10 URLs at a time 2025-02-04 13:32:53 -03:00
invites_controller.rb DEV: Remove redundant user argument in InviteGuardian methods (#33784) 2025-07-23 15:56:06 +08:00
list_controller.rb FIX: handle redirect issue with categoryId rewriting page number (#33009) 2025-06-03 15:45:21 +08:00
metadata_controller.rb FEATURE: sharing link to PWA renders url in title in new Topic to leverage core link expansion (#32631) 2025-06-13 11:25:13 -03:00
new_invite_controller.rb FEATURE: Add invite link to the sidebar (#29448) 2024-10-30 05:31:14 +03:00
new_topic_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
notifications_controller.rb FEATURE: add new hidden site setting to show full names in user card 2025-01-23 12:26:59 -05:00
offline_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
onebox_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
pageview_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
permalinks_controller.rb FIX: Don’t raise an error on permalinks with external URL 2024-06-28 10:09:37 +02:00
post_action_users_controller.rb DEV: Add post_action_users_list modifier for PostActionUsersController (#25740) 2024-02-20 09:48:09 +10:00
post_actions_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_localizations_controller.rb FEATURE: Add post language on creating a new post (#33160) 2025-06-11 10:39:01 -07:00
post_readers_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
posts_controller.rb FEATURE: Add post language on creating a new post (#33160) 2025-06-11 10:39:01 -07:00
presence_controller.rb FIX: improve "read only" modes (#33521) 2025-07-10 09:08:00 +02:00
published_pages_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
push_notification_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
qunit_controller.rb DEV: Only load specific plugin bundles during qunit test (#33678) 2025-07-21 21:00:48 +01:00
reviewable_claimed_topics_controller.rb FEATURE: Sync Reviewable Status (#31901) 2025-03-24 14:27:18 +11:00
reviewable_notes_controller.rb FIX: Rename the reviewable notes route to match existing reviewable routes (#33480) 2025-07-04 17:46:41 +10:00
reviewables_controller.rb FEATURE: Allow rejected user details to be scrubbed (#31987) 2025-03-31 12:40:35 +11:00
robots_txt_controller.rb DEV: Update link to comment in robots.txt as 'allow' is allowed (#33227) 2025-06-18 13:30:26 +08:00
safe_mode_controller.rb FIX: Set X-Robots-Tag header to prevent indexing of /safe-mode (#32329) 2025-04-16 16:51:32 +10:00
search_controller.rb Revert "DEV: Prevent crawlers from loading search results. (#31535)" (#31540) 2025-02-27 10:34:18 +01:00
session_controller.rb DEV: remove sso_destination_url and use destination_url cookie instead (#33736) 2025-07-23 09:34:42 +02:00
sidebar_sections_controller.rb DEV: Use has_many and ArraySerializer for SidebarSectionsSerializer (#26716) 2024-05-06 11:32:18 -05:00
similar_topics_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
site_controller.rb SECURITY: Preload data only when rendering application layout 2025-02-04 13:32:30 -03:00
sitemap_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
slugs_controller.rb FEATURE: Allow changing slug on create channel (#19928) 2023-01-23 14:48:33 +10:00
static_controller.rb Allow passing a redirect path to a param on the /login route (#32711) 2025-05-15 08:48:06 -05:00
steps_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
stylesheets_controller.rb UX: Apply changes live when editing currently active palette (#31874) 2025-03-25 06:42:23 +03:00
svg_sprite_controller.rb FIX: bump the number of svg icons we return to first 500 (#29286) 2024-10-18 19:22:13 +02:00
tag_groups_controller.rb FIX: Use the max_tag_search_results setting as the default limit for tag groups search (#33485) 2025-07-09 05:13:19 +03:00
tags_controller.rb FEATURE: Add new edit_tags_allowed_groups setting (#34000) 2025-08-01 15:19:20 +08:00
test_requests_controller.rb DEV: Add a user agent to all HTTP requests that Discourse makes. (#31555) 2025-03-03 16:32:25 +11:00
theme_javascripts_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
topic_localizations_controller.rb FEATURE: Add translations to posts (#32564) 2025-05-08 10:40:36 -07:00
topic_view_stats_controller.rb FEATURE: topic_view_stats table with daily fidelity (#27197) 2024-05-27 15:25:32 +10:00
topics_controller.rb FEATURE: Allow users to bulk recategorize silently (#33490) 2025-07-15 11:42:30 +08:00
uploads_controller.rb FIX: Incorrect topic per-minute invitation rate limit (#31252) 2025-02-10 13:12:16 +10:00
user_actions_controller.rb FIX: Load categories with user activity and drafts (#26553) 2024-04-10 17:35:42 +03:00
user_api_key_clients_controller.rb Add user api key client rate limit settings (#30402) 2024-12-30 11:10:48 -05:00
user_api_keys_controller.rb DEV: Add comment to clarify padding used in user-api-key encryption (#31833) 2025-03-14 14:34:44 -04:00
user_avatars_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
user_badges_controller.rb FIX: error when trying to un-favorite badge (#32369) 2025-04-22 15:36:48 +08:00
user_status_controller.rb FEATURE: User Status API (#19149) 2022-11-24 19:16:28 +04:00
users_controller.rb FIX: Extend cache key due to user locale (#33975) 2025-07-30 19:51:26 +08:00
users_email_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
webhooks_controller.rb FIX: improve "read only" modes (#33521) 2025-07-10 09:08:00 +02:00
wizard_controller.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00