mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 21:53:49 +08:00
f4f5524190
previously we supported blanket read and write for user API, this change amends it so we can define more limited scopes. A scope only covers a few routes. You can not grant access to part of the site and leave a large amount of the information hidden to API consumer.
403 lines
9.1 KiB
Ruby
403 lines
9.1 KiB
Ruby
class UserSerializer < BasicUserSerializer
|
|
|
|
attr_accessor :omit_stats,
|
|
:topic_post_count
|
|
|
|
def self.staff_attributes(*attrs)
|
|
attributes(*attrs)
|
|
attrs.each do |attr|
|
|
define_method "include_#{attr}?" do
|
|
scope.is_staff?
|
|
end
|
|
end
|
|
end
|
|
|
|
def self.private_attributes(*attrs)
|
|
attributes(*attrs)
|
|
attrs.each do |attr|
|
|
define_method "include_#{attr}?" do
|
|
can_edit
|
|
end
|
|
end
|
|
end
|
|
|
|
# attributes that are hidden for TL0 users when seen by anonymous
|
|
def self.untrusted_attributes(*attrs)
|
|
attrs.each do |attr|
|
|
method_name = "include_#{attr}?"
|
|
define_method(method_name) do
|
|
return false if scope.restrict_user_fields?(object)
|
|
send(attr).present?
|
|
end
|
|
end
|
|
end
|
|
|
|
attributes :name,
|
|
:email,
|
|
:last_posted_at,
|
|
:last_seen_at,
|
|
:bio_raw,
|
|
:bio_cooked,
|
|
:created_at,
|
|
:website,
|
|
:website_name,
|
|
:profile_background,
|
|
:card_background,
|
|
:location,
|
|
:can_edit,
|
|
:can_edit_username,
|
|
:can_edit_email,
|
|
:can_edit_name,
|
|
:stats,
|
|
:can_send_private_messages,
|
|
:can_send_private_message_to_user,
|
|
:bio_excerpt,
|
|
:trust_level,
|
|
:moderator,
|
|
:admin,
|
|
:title,
|
|
:suspend_reason,
|
|
:suspended_till,
|
|
:uploaded_avatar_id,
|
|
:badge_count,
|
|
:has_title_badges,
|
|
:custom_fields,
|
|
:user_fields,
|
|
:topic_post_count,
|
|
:pending_count,
|
|
:profile_view_count,
|
|
:primary_group_name,
|
|
:primary_group_flair_url,
|
|
:primary_group_flair_bg_color,
|
|
:primary_group_flair_color
|
|
|
|
has_one :invited_by, embed: :object, serializer: BasicUserSerializer
|
|
has_many :groups, embed: :object, serializer: BasicGroupSerializer
|
|
has_many :featured_user_badges, embed: :ids, serializer: UserBadgeSerializer, root: :user_badges
|
|
has_one :card_badge, embed: :object, serializer: BadgeSerializer
|
|
has_one :user_option, embed: :object, serializer: UserOptionSerializer
|
|
|
|
def include_user_option?
|
|
can_edit
|
|
end
|
|
|
|
staff_attributes :post_count,
|
|
:can_be_deleted,
|
|
:can_delete_all_posts
|
|
|
|
private_attributes :locale,
|
|
:muted_category_ids,
|
|
:watched_tags,
|
|
:watching_first_post_tags,
|
|
:tracked_tags,
|
|
:muted_tags,
|
|
:tracked_category_ids,
|
|
:watched_category_ids,
|
|
:watched_first_post_category_ids,
|
|
:private_messages_stats,
|
|
:system_avatar_upload_id,
|
|
:system_avatar_template,
|
|
:gravatar_avatar_upload_id,
|
|
:gravatar_avatar_template,
|
|
:custom_avatar_upload_id,
|
|
:custom_avatar_template,
|
|
:has_title_badges,
|
|
:card_image_badge,
|
|
:card_image_badge_id,
|
|
:muted_usernames,
|
|
:mailing_list_posts_per_day,
|
|
:can_change_bio,
|
|
:user_api_keys
|
|
|
|
untrusted_attributes :bio_raw,
|
|
:bio_cooked,
|
|
:bio_excerpt,
|
|
:location,
|
|
:website,
|
|
:profile_background,
|
|
:card_background
|
|
|
|
###
|
|
### ATTRIBUTES
|
|
###
|
|
|
|
def mailing_list_posts_per_day
|
|
val = Post.estimate_posts_per_day
|
|
[val,SiteSetting.max_emails_per_day_per_user].min
|
|
end
|
|
|
|
def groups
|
|
if scope.is_admin? || object.id == scope.user.try(:id)
|
|
object.groups
|
|
else
|
|
object.groups.where(visible: true)
|
|
end
|
|
end
|
|
|
|
def include_email?
|
|
object.id && object.id == scope.user.try(:id)
|
|
end
|
|
|
|
def can_change_bio
|
|
!(SiteSetting.enable_sso && SiteSetting.sso_overrides_bio)
|
|
end
|
|
|
|
|
|
def user_api_keys
|
|
keys = object.user_api_keys.where(revoked_at: nil).map do |k|
|
|
{
|
|
id: k.id,
|
|
application_name: k.application_name,
|
|
scopes: k.scopes.map{|s| I18n.t("user_api_key.scopes.#{s}")},
|
|
created_at: k.created_at
|
|
}
|
|
end
|
|
|
|
keys.length > 0 ? keys : nil
|
|
end
|
|
|
|
def card_badge
|
|
object.user_profile.card_image_badge
|
|
end
|
|
|
|
def bio_raw
|
|
object.user_profile.bio_raw
|
|
end
|
|
|
|
def bio_cooked
|
|
object.user_profile.bio_processed
|
|
end
|
|
|
|
def website
|
|
object.user_profile.website
|
|
end
|
|
|
|
def website_name
|
|
uri = URI(website.to_s) rescue nil
|
|
return if uri.nil? || uri.host.nil?
|
|
uri.host.sub(/^www\./,'') + uri.path
|
|
end
|
|
|
|
def include_website_name
|
|
website.present?
|
|
end
|
|
|
|
def card_image_badge_id
|
|
object.user_profile.card_image_badge.try(:id)
|
|
end
|
|
|
|
def include_card_image_badge_id?
|
|
card_image_badge_id.present?
|
|
end
|
|
|
|
def card_image_badge
|
|
object.user_profile.card_image_badge.try(:image)
|
|
end
|
|
|
|
def include_card_image_badge?
|
|
card_image_badge.present?
|
|
end
|
|
|
|
def profile_background
|
|
object.user_profile.profile_background
|
|
end
|
|
|
|
def card_background
|
|
object.user_profile.card_background
|
|
end
|
|
|
|
def location
|
|
object.user_profile.location
|
|
end
|
|
|
|
def can_edit
|
|
scope.can_edit?(object)
|
|
end
|
|
|
|
def can_edit_username
|
|
scope.can_edit_username?(object)
|
|
end
|
|
|
|
def can_edit_email
|
|
scope.can_edit_email?(object)
|
|
end
|
|
|
|
def can_edit_name
|
|
scope.can_edit_name?(object)
|
|
end
|
|
|
|
def include_stats?
|
|
!omit_stats == true
|
|
end
|
|
|
|
def stats
|
|
UserAction.stats(object.id, scope)
|
|
end
|
|
|
|
# Needed because 'send_private_message_to_user' will always return false
|
|
# when the current user is being serialized
|
|
def can_send_private_messages
|
|
scope.can_send_private_message?(Discourse.system_user)
|
|
end
|
|
|
|
def can_send_private_message_to_user
|
|
scope.can_send_private_message?(object)
|
|
end
|
|
|
|
def bio_excerpt
|
|
object.user_profile.bio_excerpt(350 , { keep_newlines: true, keep_emoji_images: true })
|
|
end
|
|
|
|
def include_suspend_reason?
|
|
object.suspended?
|
|
end
|
|
|
|
def include_suspended_till?
|
|
object.suspended?
|
|
end
|
|
|
|
def primary_group_name
|
|
object.primary_group.try(:name)
|
|
end
|
|
|
|
def primary_group_flair_url
|
|
object.try(:primary_group).try(:flair_url)
|
|
end
|
|
|
|
def primary_group_flair_bg_color
|
|
object.try(:primary_group).try(:flair_bg_color)
|
|
end
|
|
|
|
def primary_group_flair_color
|
|
object.try(:primary_group).try(:flair_color)
|
|
end
|
|
|
|
###
|
|
### STAFF ATTRIBUTES
|
|
###
|
|
|
|
def post_count
|
|
object.user_stat.try(:post_count)
|
|
end
|
|
|
|
def can_be_deleted
|
|
scope.can_delete_user?(object)
|
|
end
|
|
|
|
def can_delete_all_posts
|
|
scope.can_delete_all_posts?(object)
|
|
end
|
|
|
|
###
|
|
### PRIVATE ATTRIBUTES
|
|
###
|
|
def muted_tags
|
|
TagUser.lookup(object, :muted).joins(:tag).pluck('tags.name')
|
|
end
|
|
|
|
def tracked_tags
|
|
TagUser.lookup(object, :tracking).joins(:tag).pluck('tags.name')
|
|
end
|
|
|
|
def watching_first_post_tags
|
|
TagUser.lookup(object, :watching_first_post).joins(:tag).pluck('tags.name')
|
|
end
|
|
|
|
def watched_tags
|
|
TagUser.lookup(object, :watching).joins(:tag).pluck('tags.name')
|
|
end
|
|
|
|
def muted_category_ids
|
|
CategoryUser.lookup(object, :muted).pluck(:category_id)
|
|
end
|
|
|
|
def tracked_category_ids
|
|
CategoryUser.lookup(object, :tracking).pluck(:category_id)
|
|
end
|
|
|
|
def watched_category_ids
|
|
CategoryUser.lookup(object, :watching).pluck(:category_id)
|
|
end
|
|
|
|
def watched_first_post_category_ids
|
|
CategoryUser.lookup(object, :watching_first_post).pluck(:category_id)
|
|
end
|
|
|
|
def muted_usernames
|
|
MutedUser.where(user_id: object.id).joins(:muted_user).pluck(:username)
|
|
end
|
|
|
|
def include_private_messages_stats?
|
|
can_edit && !(omit_stats == true)
|
|
end
|
|
|
|
def private_messages_stats
|
|
UserAction.private_messages_stats(object.id, scope)
|
|
end
|
|
|
|
def system_avatar_upload_id
|
|
# should be left blank
|
|
end
|
|
|
|
def system_avatar_template
|
|
User.system_avatar_template(object.username)
|
|
end
|
|
|
|
def gravatar_avatar_upload_id
|
|
object.user_avatar.try(:gravatar_upload_id)
|
|
end
|
|
|
|
def gravatar_avatar_template
|
|
return unless gravatar_upload_id = object.user_avatar.try(:gravatar_upload_id)
|
|
User.avatar_template(object.username, gravatar_upload_id)
|
|
end
|
|
|
|
def custom_avatar_upload_id
|
|
object.user_avatar.try(:custom_upload_id)
|
|
end
|
|
|
|
def custom_avatar_template
|
|
return unless custom_upload_id = object.user_avatar.try(:custom_upload_id)
|
|
User.avatar_template(object.username, custom_upload_id)
|
|
end
|
|
|
|
def has_title_badges
|
|
object.badges.where(allow_title: true).count > 0
|
|
end
|
|
|
|
def user_fields
|
|
object.user_fields
|
|
end
|
|
|
|
def include_user_fields?
|
|
user_fields.present?
|
|
end
|
|
|
|
def include_topic_post_count?
|
|
topic_post_count.present?
|
|
end
|
|
|
|
def custom_fields
|
|
fields = User.whitelisted_user_custom_fields(scope)
|
|
|
|
if scope.can_edit?(object)
|
|
fields += DiscoursePluginRegistry.serialized_current_user_fields.to_a
|
|
end
|
|
|
|
if fields.present?
|
|
User.custom_fields_for_ids([object.id], fields)[object.id]
|
|
else
|
|
{}
|
|
end
|
|
end
|
|
|
|
def pending_count
|
|
0
|
|
end
|
|
|
|
def profile_view_count
|
|
object.user_profile.views
|
|
end
|
|
|
|
end
|