mirror of
https://github.com/discourse/discourse.git
synced 2024-12-22 12:23:46 +08:00
976aca68f6
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level. To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles: 1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users 2. Anonymous and TL0 users can only see profiles of TL1 users and above Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile. Internal topic: t/142853. |
||
|---|---|---|
| .. | ||
| components/chat | ||
| fabricators | ||
| integration | ||
| jobs | ||
| lib | ||
| mailers | ||
| models | ||
| queries/chat | ||
| requests | ||
| serializer | ||
| services | ||
| support | ||
| system | ||
| validators | ||
| plugin_helper.rb | ||
| plugin_spec.rb | ||