mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-24 09:37:05 +08:00
473288219e
The Post Edits admin report (/admin/reports/post_edits) leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access.
107 lines
2.7 KiB
Ruby
Vendored
107 lines
2.7 KiB
Ruby
Vendored
# frozen_string_literal: true
|
|
|
|
class Admin::ReportsController < Admin::StaffController
|
|
REPORTS_LIMIT = 50
|
|
|
|
def index
|
|
render_json_dump(reports: Reports::ListQuery.call(admin: current_user.admin?))
|
|
end
|
|
|
|
def bulk
|
|
reports = []
|
|
|
|
hijack do
|
|
params[:reports].each do |report_type, report_params|
|
|
raise Discourse::NotFound unless report_type =~ /\A[a-z0-9\_]+\z/
|
|
|
|
args = parse_params(report_params)
|
|
args[:current_user] = current_user
|
|
|
|
report = nil
|
|
report = Report.find_cached(report_type, args) if (report_params[:cache])
|
|
|
|
if Report.hidden?(report_type, admin: current_user.admin?)
|
|
report = Report._get(report_type, args)
|
|
report.error = :not_found
|
|
end
|
|
|
|
if report
|
|
reports << report
|
|
else
|
|
report = Report.find(report_type, args)
|
|
|
|
Report.cache(report) if (report_params[:cache]) && report
|
|
|
|
if report.blank?
|
|
report = Report._get(report_type, args)
|
|
report.error = :not_found
|
|
end
|
|
|
|
reports << report
|
|
end
|
|
end
|
|
|
|
render_json_dump(reports: reports)
|
|
end
|
|
end
|
|
|
|
def show
|
|
report_type = params[:type]
|
|
|
|
raise Discourse::NotFound unless report_type =~ /\A[a-z0-9\_]+\z/
|
|
raise Discourse::NotFound if Report.hidden?(report_type, admin: current_user.admin?)
|
|
|
|
args = parse_params(params)
|
|
args[:current_user] = current_user
|
|
|
|
report = nil
|
|
report = Report.find_cached(report_type, args) if (params[:cache])
|
|
|
|
return render_json_dump(report: report) if report
|
|
|
|
hijack do
|
|
report = Report.find(report_type, args)
|
|
|
|
raise Discourse::NotFound if report.blank?
|
|
|
|
Report.cache(report) if (params[:cache])
|
|
|
|
render_json_dump(report: report)
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def parse_params(report_params)
|
|
begin
|
|
start_date =
|
|
(
|
|
if report_params[:start_date].present?
|
|
Time.parse(report_params[:start_date]).to_date
|
|
else
|
|
1.day.ago
|
|
end
|
|
).beginning_of_day
|
|
end_date =
|
|
(
|
|
if report_params[:end_date].present?
|
|
Time.parse(report_params[:end_date]).to_date
|
|
else
|
|
start_date + 30.days
|
|
end
|
|
).end_of_day
|
|
rescue ArgumentError => e
|
|
raise Discourse::InvalidParameters.new(e.message)
|
|
end
|
|
|
|
facets = nil
|
|
facets = report_params[:facets].map { |s| s.to_s.to_sym } if Array === report_params[:facets]
|
|
|
|
limit = fetch_limit_from_params(params: report_params, default: nil, max: REPORTS_LIMIT)
|
|
|
|
filters = nil
|
|
filters = report_params[:filters] if report_params.has_key?(:filters)
|
|
|
|
{ start_date: start_date, end_date: end_date, filters: filters, facets: facets, limit: limit }
|
|
end
|
|
end
|
