mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-25 14:48:44 +08:00
746000edc8
Same-IP user lookups now identify the target by user_id and ip_type rather than accepting a raw IP in params, so the IP is resolved server-side and never round-trips through clients that lack permission to see it. Additionally: - Hide the `suspicious_logins` report (list, bulk, show, CSV export and the security dashboard tile) from non-admin staff lacking `can_see_ip?`. - Hide the IP column and CSV export button on the screened emails page from staff lacking `can_see_ip?`. - Omit `ip_address` from `ScreenedUrlSerializer` for staff lacking `can_see_ip?`. - Require `can_see_ip?` (in addition to `can_see_emails?`) to export the `screened_email` entity. - Record the username (not the IP) in the staff-log context for "delete other accounts with same IP" when the acting user lacks `can_see_ip?`. |
||
|---|---|---|
| .. | ||
| basic_category_attributes.rb | ||
| email_logs_mixin.rb | ||
| localized_fancy_topic_title_mixin.rb | ||
| navigation_menu_tags_mixin.rb | ||
| topic_tags_mixin.rb | ||
| user_auth_tokens_mixin.rb | ||
| user_badge_post_and_topic_attributes_mixin.rb | ||
| user_primary_group_mixin.rb | ||
| user_sidebar_mixin.rb | ||
| user_status_mixin.rb | ||
| user_tag_notifications_mixin.rb | ||
