discourse/app/serializers/about_serializer.rb
Andrei Prigorshnev d91456fd53
DEV: Ability to collect stats without exposing them via API (#23933)
This adds the ability to collect stats without exposing them 
among other stats via API.

The most important thing I wanted to achieve is to provide 
an API where stats are not exposed by default, and a developer 
has to explicitly specify that they should be 
exposed (`expose_via_api: true`). Implementing an opposite 
solution would be simpler, but that's less safe in terms of 
potential security issues. 

When working on this, I had to refactor the current solution. 
I would go even further with the refactoring, but the next steps 
seem to be going too far in changing the solution we have, 
and that would also take more time. Two things that can be 
improved in the future:
1. Data structures for holding stats can be further improved
2. Core stats are hard-coded in the About template (it's hard 
to fix it without correcting data structures first, see point 1):
    63a0700d45/app/views/about/index.html.erb (L61-L101)

The most significant refactorings are:
1. Introducing the `Stat` model
2. Aligning the way the core and the plugin stats' are registered
2023-11-10 00:44:05 +04:00

62 lines
1.3 KiB
Ruby

# frozen_string_literal: true
class AboutSerializer < ApplicationSerializer
class UserAboutSerializer < BasicUserSerializer
attributes :title, :last_seen_at
end
class AboutCategoryModsSerializer < ApplicationSerializer
attributes :category_id
has_many :moderators, serializer: UserAboutSerializer, embed: :objects
end
has_many :moderators, serializer: UserAboutSerializer, embed: :objects
has_many :admins, serializer: UserAboutSerializer, embed: :objects
has_many :category_moderators, serializer: AboutCategoryModsSerializer, embed: :objects
attributes :stats,
:description,
:title,
:locale,
:version,
:https,
:can_see_about_stats,
:contact_url,
:contact_email
def include_stats?
can_see_about_stats
end
def stats
object.class.fetch_cached_stats
end
def include_contact_url?
can_see_site_contact_details
end
def contact_url
SiteSetting.contact_url
end
def include_contact_email?
can_see_site_contact_details
end
def contact_email
SiteSetting.contact_email
end
private
def can_see_about_stats
scope.can_see_about_stats?
end
def can_see_site_contact_details
scope.can_see_site_contact_details?
end
end