mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 13:43:36 +08:00
Don't show suspended users in autocomplete fields unless you are staff
This commit is contained in:
parent
2d8a4ee91f
commit
6e0eb89697
|
@ -295,7 +295,7 @@ class UsersController < ApplicationController
|
||||||
topic_id = params[:topic_id]
|
topic_id = params[:topic_id]
|
||||||
topic_id = topic_id.to_i if topic_id
|
topic_id = topic_id.to_i if topic_id
|
||||||
|
|
||||||
results = UserSearch.new(term, topic_id).search
|
results = UserSearch.new(term, topic_id: topic_id, searching_user: current_user).search
|
||||||
|
|
||||||
user_fields = [:username, :use_uploaded_avatar, :upload_avatar_template, :uploaded_avatar_id]
|
user_fields = [:username, :use_uploaded_avatar, :upload_avatar_template, :uploaded_avatar_id]
|
||||||
user_fields << :name if SiteSetting.enable_names?
|
user_fields << :name if SiteSetting.enable_names?
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
# Searches for a user by username or full text or name (if enabled in SiteSettings)
|
# Searches for a user by username or full text or name (if enabled in SiteSettings)
|
||||||
class UserSearch
|
class UserSearch
|
||||||
|
|
||||||
def initialize(term, topic_id=nil)
|
def initialize(term, opts={})
|
||||||
@term = term
|
@term = term
|
||||||
@term_like = "#{term.downcase}%"
|
@term_like = "#{term.downcase}%"
|
||||||
@topic_id = topic_id
|
@topic_id = opts[:topic_id]
|
||||||
|
@searching_user = opts[:searching_user]
|
||||||
end
|
end
|
||||||
|
|
||||||
def search
|
def search
|
||||||
|
@ -31,6 +32,10 @@ class UserSearch
|
||||||
.order("CASE WHEN s.user_id IS NULL THEN 0 ELSE 1 END DESC")
|
.order("CASE WHEN s.user_id IS NULL THEN 0 ELSE 1 END DESC")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
unless @searching_user && @searching_user.staff?
|
||||||
|
users = users.not_suspended
|
||||||
|
end
|
||||||
|
|
||||||
users.order("CASE WHEN last_seen_at IS NULL THEN 0 ELSE 1 END DESC, last_seen_at DESC, username ASC")
|
users.order("CASE WHEN last_seen_at IS NULL THEN 0 ELSE 1 END DESC, last_seen_at DESC, username ASC")
|
||||||
.limit(20)
|
.limit(20)
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,15 +2,17 @@ require 'spec_helper'
|
||||||
|
|
||||||
describe UserSearch do
|
describe UserSearch do
|
||||||
|
|
||||||
let(:topic) { Fabricate :topic }
|
let(:topic) { Fabricate :topic }
|
||||||
let(:topic2) { Fabricate :topic }
|
let(:topic2) { Fabricate :topic }
|
||||||
let(:topic3) { Fabricate :topic }
|
let(:topic3) { Fabricate :topic }
|
||||||
let(:user1) { Fabricate :user, username: "mrblonde", name: "Michael Madsen" }
|
let(:user1) { Fabricate :user, username: "mrblonde", name: "Michael Madsen" }
|
||||||
let(:user2) { Fabricate :user, username: "mrblue", name: "Eddie Bunker" }
|
let(:user2) { Fabricate :user, username: "mrblue", name: "Eddie Bunker" }
|
||||||
let(:user3) { Fabricate :user, username: "mrorange", name: "Tim Roth" }
|
let(:user3) { Fabricate :user, username: "mrorange", name: "Tim Roth" }
|
||||||
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi" }
|
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi" }
|
||||||
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino" }
|
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino" }
|
||||||
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel" }
|
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel" }
|
||||||
|
let(:admin) { Fabricate :admin, username: "theadmin" }
|
||||||
|
let(:moderator) { Fabricate :moderator, username: "themod" }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
Fabricate :post, user: user1, topic: topic
|
Fabricate :post, user: user1, topic: topic
|
||||||
|
@ -19,6 +21,7 @@ describe UserSearch do
|
||||||
Fabricate :post, user: user4, topic: topic
|
Fabricate :post, user: user4, topic: topic
|
||||||
Fabricate :post, user: user5, topic: topic3
|
Fabricate :post, user: user5, topic: topic3
|
||||||
Fabricate :post, user: user6, topic: topic
|
Fabricate :post, user: user6, topic: topic
|
||||||
|
user6.update_attributes(suspended_at: 1.day.ago, suspended_till: 1.year.from_now)
|
||||||
end
|
end
|
||||||
|
|
||||||
def search_for(*args)
|
def search_for(*args)
|
||||||
|
@ -49,28 +52,36 @@ describe UserSearch do
|
||||||
results.first.should == user4
|
results.first.should == user4
|
||||||
|
|
||||||
# substrings
|
# substrings
|
||||||
|
# only staff members see suspended users in results
|
||||||
results = search_for("mr")
|
results = search_for("mr")
|
||||||
results.size.should == 6
|
results.size.should == 5
|
||||||
|
results.should_not include(user6)
|
||||||
|
search_for("mr", searching_user: user1).size.should == 5
|
||||||
|
|
||||||
results = search_for("mrb")
|
results = search_for("mr", searching_user: admin)
|
||||||
|
results.size.should == 6
|
||||||
|
results.should include(user6)
|
||||||
|
search_for("mr", searching_user: moderator).size.should == 6
|
||||||
|
|
||||||
|
results = search_for("mrb", searching_user: admin)
|
||||||
results.size.should == 3
|
results.size.should == 3
|
||||||
|
|
||||||
|
|
||||||
results = search_for("MR")
|
results = search_for("MR", searching_user: admin)
|
||||||
results.size.should == 6
|
results.size.should == 6
|
||||||
|
|
||||||
results = search_for("MRB")
|
results = search_for("MRB", searching_user: admin)
|
||||||
results.size.should == 3
|
results.size.should == 3
|
||||||
|
|
||||||
# topic priority
|
# topic priority
|
||||||
results = search_for("mrb", topic.id)
|
results = search_for("mrb", topic_id: topic.id)
|
||||||
results.first.should == user1
|
results.first.should == user1
|
||||||
|
|
||||||
|
|
||||||
results = search_for("mrb", topic2.id)
|
results = search_for("mrb", topic_id: topic2.id)
|
||||||
results.first.should == user2
|
results.first.should == user2
|
||||||
|
|
||||||
results = search_for("mrb", topic3.id)
|
results = search_for("mrb", topic_id: topic3.id)
|
||||||
results.first.should == user5
|
results.first.should == user5
|
||||||
|
|
||||||
# When searching by name is enabled, it returns the record
|
# When searching by name is enabled, it returns the record
|
||||||
|
|
Loading…
Reference in New Issue
Block a user