mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-03 13:46:26 +08:00
9892628a50
Previously, moderators had full access to all staff action logs, which exposed sensitive information including webhook secrets, API keys, site settings, private messages, and restricted categories. This change implements an allowlist approach where moderators can only see actions relevant to their role (user management, posts, topics, badges, etc.) while admin-only actions (site settings, webhooks, API keys, themes, etc.) are hidden. Additionally, content-level redaction ensures moderators cannot see details of logs referencing private topics, restricted categories, or deleted content they don't have access to. Site setting gates control visibility of category, trust level, and email actions based on existing moderator permission settings. Ref - t/171137
17 lines
630 B
Ruby
17 lines
630 B
Ruby
# frozen_string_literal: true
|
|
|
|
module StaffActionLogGuardian
|
|
def can_see_staff_action_log?(user_history)
|
|
return true if is_admin?
|
|
return false unless is_staff?
|
|
UserHistory.moderator_visible_action_ids.include?(user_history.action)
|
|
end
|
|
|
|
def can_see_staff_action_log_content?(user_history)
|
|
return true if is_admin?
|
|
return false if user_history.topic_id.present? && !can_see_topic?(user_history.topic)
|
|
return false if user_history.post_id.present? && !can_see_post?(user_history.post)
|
|
return false if user_history.category_id.present? && !can_see_category?(user_history.category)
|
|
true
|
|
end
|
|
end
|
