From 9b9babdd7269c475d40326366bdfe447401de14b Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Tue, 31 Dec 2024 15:04:53 +1100
Subject: [PATCH] FEATURE: allow disabling of anti spam profile hiding feature
 (#30508)

The profile hiding feature is particularly problematic on sites that are
private (invite only or must approve users) so it is unconditionally disabled.

Also certain sites may prefer to disable the anti spam feature, they can
opt out using `hide_new_user_profiles`


Co-authored-by: Martin Brennan <martin@discourse.org>
---
 config/locales/server.en.yml            |  2 ++
 config/site_settings.yml                |  2 ++
 lib/guardian/user_guardian.rb           | 13 ++++++++-----
 spec/lib/guardian/user_guardian_spec.rb | 21 +++++++++++++++++++++
 4 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 458c7679462..0ea35cdbfe2 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -2432,6 +2432,7 @@ en:
     anonymous_account_duration_minutes: "To protect anonymity create a new anonymous account every N minutes for each user. Example: if set to 600, as soon as 600 minutes elapse from last post AND user switches to anon, a new anonymous account is created."
 
     hide_user_profiles_from_public: "Disable user cards, user profiles and user directory for anonymous users."
+    hide_new_user_profiles: "Hide trust level 1 or lower user profiles from the public and trust level 1 users until they post for the first time. This feature is disabled unconditionally on must_approve_users and invite_only sites."
     allow_users_to_hide_profile: "Allow users to hide their profile and presence"
     hide_user_activity_tab: "Hide the activity tab on user profiles except for Admin and self."
 
@@ -3212,6 +3213,7 @@ en:
       hide_suspension_reasons: ""
       hide_user_activity_tab: ""
       hide_user_profiles_from_public: ""
+      hide_new_user_profiles: ""
       high_trust_flaggers_auto_hide_posts: ""
       highlighted_languages: ""
       history_hours_high: ""
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 98f36030477..6f439651416 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -779,6 +779,8 @@ users:
   hide_user_profiles_from_public:
     default: false
     client: true
+  hide_new_user_profiles:
+    default: true
   allow_featured_topic_on_user_profiles:
     default: true
     client: true
diff --git a/lib/guardian/user_guardian.rb b/lib/guardian/user_guardian.rb
index 9c25c04367c..f3dbb8a5223 100644
--- a/lib/guardian/user_guardian.rb
+++ b/lib/guardian/user_guardian.rb
@@ -134,12 +134,15 @@ module UserGuardian
 
     return true if user.staff? && !profile_hidden
 
-    if user.user_stat.blank? || user.user_stat.post_count == 0
-      return false if anonymous? || !@user.has_trust_level?(TrustLevel[2])
-    end
+    if SiteSetting.hide_new_user_profiles && !SiteSetting.invite_only &&
+         !SiteSetting.must_approve_users
+      if user.user_stat.blank? || user.user_stat.post_count == 0
+        return false if anonymous? || !@user.has_trust_level?(TrustLevel[2])
+      end
 
-    if anonymous? || !@user.has_trust_level?(TrustLevel[1])
-      return user.has_trust_level?(TrustLevel[1]) && !profile_hidden
+      if anonymous? || !@user.has_trust_level?(TrustLevel[1])
+        return user.has_trust_level?(TrustLevel[1]) && !profile_hidden
+      end
     end
 
     !profile_hidden
diff --git a/spec/lib/guardian/user_guardian_spec.rb b/spec/lib/guardian/user_guardian_spec.rb
index f5eb487b17d..6495af9b551 100644
--- a/spec/lib/guardian/user_guardian_spec.rb
+++ b/spec/lib/guardian/user_guardian_spec.rb
@@ -107,6 +107,27 @@ RSpec.describe UserGuardian do
     context "when viewing the profile of a user with 0 posts" do
       before { user.user_stat.update!(post_count: 0) }
 
+      context "when hide_new_user_profiles is disabled" do
+        it "allows anonymous to see any profile" do
+          SiteSetting.hide_new_user_profiles = false
+          expect(Guardian.new.can_see_profile?(user)).to eq(true)
+        end
+      end
+
+      context "when site is invite only" do
+        it "allows anonymous to see any profile" do
+          SiteSetting.invite_only = true
+          expect(Guardian.new.can_see_profile?(user)).to eq(true)
+        end
+      end
+
+      context "when site requires user approval" do
+        it "allows anonymous to see any profile" do
+          SiteSetting.must_approve_users = true
+          expect(Guardian.new.can_see_profile?(user)).to eq(true)
+        end
+      end
+
       it "they can view their own profile" do
         expect(Guardian.new(user).can_see_profile?(user)).to eq(true)
       end