discourse/spec/serializers
Osama Sayegh 976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981)
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00
..
concerns UX: Split hide_profile_and_presence user option (#29632) 2024-11-12 22:22:58 -03:00
about_serializer_spec.rb DEV: Resolve stat registration flaky tests (#29084) 2024-10-04 13:49:22 +01:00
admin_plugin_serializer_spec.rb FIX: Plugin JS failing to load would break admin interface (#29139) 2024-10-11 09:26:10 +10:00
admin_user_action_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
admin_user_list_serializer_spec.rb FEATURE: Add bulk destroy to admin users list (#29744) 2024-11-25 11:13:35 +03:00
basic_group_serializer_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
basic_group_user_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
basic_post_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
basic_reviewable_flagged_post_serializer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
basic_reviewable_queued_post_serializer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
basic_reviewable_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
basic_reviewable_user_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
basic_user_serializer_spec.rb DEV: Update rubocop-discourse to latest version 2024-03-04 15:08:35 +01:00
category_detailed_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
category_serializer_spec.rb FEATURE: Support designating multiple groups as mods on category (#28655) 2024-09-04 04:38:46 +03:00
category_upload_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
current_user_serializer_spec.rb DEV: Use serializers for user_notification_schedule and featured_topic (#27719) 2024-07-05 00:00:24 -03:00
detailed_user_badge_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
directory_item_serializer_spec.rb FEATURE: Add links to searchable user fields in users directory and user profile (#29338) 2024-11-06 13:35:30 -04:00
emoji_serializer_spec.rb FEATURE - Add username column to custom emoji table (#29522) 2024-11-01 10:32:59 -05:00
flag_serializer_spec.rb FIX: Flaky flags spec (#28591) 2024-08-28 17:03:43 +10:00
found_user_serializer_spec.rb DEV: Update rubocop-discourse to latest version 2024-03-04 15:08:35 +01:00
group_show_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
group_user_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
group_user_with_custom_fields_serializer_spec.rb FEATURE: Hide user status when user is hiding public profile and presence (#24300) 2024-02-26 17:40:48 +04:00
invite_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
listable_topic_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
new_post_result_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
notification_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
pending_post_serializer_spec.rb FIX: Attribute pending post to author in PendingPostSerialier (#23369) 2023-09-03 22:14:51 +00:00
post_action_type_serializer_spec.rb FIX: Return properly interpolated translations for flag types 2024-07-30 18:30:57 +02:00
post_revision_serializer_spec.rb FIX: Don’t try to serialize associations in PostRevisionSerializer 2024-11-06 10:38:41 +01:00
post_serializer_spec.rb FEATURE: Show when a badge has been granted for a post (#29696) 2024-12-03 13:43:27 +11:00
poster_serializer_spec.rb FIX: Include group flair in homepage category topic lists (#21268) 2023-04-27 10:18:16 +08:00
remote_theme_serializer_spec.rb FIX: Hide broken theme about/license URLs (#29930) 2024-11-26 13:53:10 +10:00
reviewable_flagged_post_serializer_spec.rb DEV: Convert min_trust_to_flag_posts setting to groups (#24864) 2023-12-13 17:18:42 +08:00
reviewable_queued_post_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
reviewable_score_serializer_spec.rb FEATURE: Allow completely custom score reasons. (#28348) 2024-08-14 15:53:59 -03:00
reviewable_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
reviewable_user_serializer_spec.rb SECURITY: Update reviewable user serializer payload 2024-07-03 20:49:19 +08:00
single_sign_on_record_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
site_serializer_spec.rb DEV: Block accidental serialization of entire AR models (#27668) 2024-07-01 17:08:48 -03:00
suggested_topic_serializer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
tag_group_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
tag_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
theme_objects_setting_metadata_serializer_spec.rb DEV: Remove experimental_objects_type_for_theme_settings site setting (#26507) 2024-04-04 12:01:31 +08:00
theme_serializer_spec.rb FEATURE: Allow themes to define screenshots (#29079) 2024-10-28 10:10:20 +10:00
theme_settings_serializer_spec.rb DEV: Remove experimental_objects_type_for_theme_settings site setting (#26507) 2024-04-04 12:01:31 +08:00
topic_link_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_list_item_serializer_spec.rb FEATURE: increase tag description limit to 1000 (#24561) 2023-11-28 08:45:40 +11:00
topic_list_serializer_spec.rb DEV: Set topic list filter name in serializer for children (#29291) 2024-10-18 17:24:47 -03:00
topic_tracking_state_item_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_tracking_state_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_view_details_serializer_spec.rb DEV: Make all admins TL4 in tests (#25435) 2024-03-26 11:41:12 +08:00
topic_view_posts_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_view_serializer_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
upload_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_auth_token_serializer_spec.rb DEV: revert missing license for maxmind changes (#24538) 2023-11-24 11:31:11 +11:00
user_badge_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_bookmark_list_serializer_spec.rb FIX: Serialize categories for bookmarks (#26606) 2024-04-17 17:23:47 +03:00
user_card_serializer_spec.rb DEV: Use serializers for user_notification_schedule and featured_topic (#27719) 2024-07-05 00:00:24 -03:00
user_notification_total_serializer_spec.rb DEV: Dedicated route for current user notification counts (#26106) 2024-03-15 12:08:37 -04:00
user_post_bookmark_serializer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_serializer_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
user_status_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_summary_serializer_spec.rb FEATURE: allow disabling user activity tab for non admin users (#25540) 2024-02-05 14:30:36 +05:30
user_with_custom_fields_serializer_spec.rb FEATURE: Hide user status when user is hiding public profile and presence (#24300) 2024-02-26 17:40:48 +04:00
web_hook_post_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
web_hook_topic_view_serializer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
web_hook_user_serializer_spec.rb DEV: use new 'ignore allowed groups' site settings (#27670) 2024-07-04 19:27:26 +02:00
wizard_serializer_spec.rb DEV: Update member access wizard step to use toggle group (#28013) 2024-07-29 14:07:06 +08:00