github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 07:18:06 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
d2a7f29595
discourse/app/models/group.rb
Sam 8d7c10f7f2 FIX: allow moderators to create categories setting broken 
Mods require visibility to everyone group cause category dialogs need to
know about this.

If the site setting `allow moderators to create categories` will not function
without this

Note there is no security expansion of rights here, the group is technically
empty anyway and it always looks exactly the same on all discourse instances
2019-03-06 17:44:18 +11:00

781 lines
22 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require_dependency 'enum'
class Group < ActiveRecord::Base
include HasCustomFields
include AnonCacheInvalidator
include HasDestroyedWebHook
cattr_accessor :preloaded_custom_field_names
self.preloaded_custom_field_names = Set.new
has_many :category_groups, dependent: :destroy
has_many :group_users, dependent: :destroy
has_many :group_mentions, dependent: :destroy
has_many :group_archived_messages, dependent: :destroy
has_many :categories, through: :category_groups
has_many :users, through: :group_users
has_many :group_histories, dependent: :destroy
has_and_belongs_to_many :web_hooks
before_save :downcase_incoming_email
before_save :cook_bio
after_save :destroy_deletions
after_save :update_primary_group
after_save :update_title
after_save :enqueue_update_mentions_job,
if: Proc.new { |g| g.name_before_last_save && g.saved_change_to_name? }
after_save :expire_cache
after_destroy :expire_cache
after_commit :automatic_group_membership, on: [:create, :update]
after_commit :trigger_group_created_event, on: :create
after_commit :trigger_group_updated_event, on: :update
after_commit :trigger_group_destroyed_event, on: :destroy
def expire_cache
ApplicationSerializer.expire_cache_fragment!("group_names")
SvgSprite.expire_cache
end
validate :name_format_validator
validates :name, presence: true
validate :automatic_membership_email_domains_format_validator
validate :incoming_email_validator
validate :can_allow_membership_requests, if: :allow_membership_requests
validates :flair_url, url: true, if: Proc.new { |g| g.flair_url && g.flair_url.exclude?('fa-') }
validate :validate_grant_trust_level, if: :will_save_change_to_grant_trust_level?
AUTO_GROUPS = {
everyone: 0,
admins: 1,
moderators: 2,
staff: 3,
trust_level_0: 10,
trust_level_1: 11,
trust_level_2: 12,
trust_level_3: 13,
trust_level_4: 14
}
AUTO_GROUP_IDS = Hash[*AUTO_GROUPS.to_a.flatten.reverse]
STAFF_GROUPS = [:admins, :moderators, :staff]
ALIAS_LEVELS = {
nobody: 0,
only_admins: 1,
mods_and_admins: 2,
members_mods_and_admins: 3,
everyone: 99
}
def self.visibility_levels
@visibility_levels = Enum.new(
public: 0,
members: 1,
staff: 2,
owners: 3
)
end
validates :mentionable_level, inclusion: { in: ALIAS_LEVELS.values }
validates :messageable_level, inclusion: { in: ALIAS_LEVELS.values }
scope :visible_groups, Proc.new { |user, order, opts|
groups = Group.order(order || "name ASC")
if !opts || !opts[:include_everyone]
groups = groups.where("groups.id > 0")
end
unless user&.admin
sql = <<~SQL
groups.id IN (
SELECT g.id FROM groups g WHERE g.visibility_level = :public
UNION ALL
SELECT g.id FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND
gu.user_id = :user_id
WHERE g.visibility_level = :members
UNION ALL
SELECT g.id FROM groups g
LEFT JOIN group_users gu ON gu.group_id = g.id AND
gu.user_id = :user_id AND
gu.owner
WHERE g.visibility_level = :staff AND (gu.id IS NOT NULL OR :is_staff)
UNION ALL
SELECT g.id FROM groups g
JOIN group_users gu ON gu.group_id = g.id AND
gu.user_id = :user_id AND
gu.owner
WHERE g.visibility_level = :owners
)
SQL
groups = groups.where(
sql,
Group.visibility_levels.to_h.merge(user_id: user&.id, is_staff: !!user&.staff?)
)
end
groups
}
scope :mentionable, lambda { |user|
where(self.mentionable_sql_clause,
levels: alias_levels(user),
user_id: user&.id
)
}
scope :messageable, lambda { |user|
where("messageable_level in (:levels) OR
(
messageable_level = #{ALIAS_LEVELS[:members_mods_and_admins]} AND id in (
SELECT group_id FROM group_users WHERE user_id = :user_id)
)", levels: alias_levels(user), user_id: user && user.id)
}
def self.mentionable_sql_clause
<<~SQL
mentionable_level in (:levels)
OR (
mentionable_level = #{ALIAS_LEVELS[:members_mods_and_admins]}
AND id in (
SELECT group_id FROM group_users WHERE user_id = :user_id)
)
SQL
end
def self.alias_levels(user)
levels = [ALIAS_LEVELS[:everyone]]
if user && user.admin?
levels = [ALIAS_LEVELS[:everyone],
ALIAS_LEVELS[:only_admins],
ALIAS_LEVELS[:mods_and_admins],
ALIAS_LEVELS[:members_mods_and_admins]]
elsif user && user.moderator?
levels = [ALIAS_LEVELS[:everyone],
ALIAS_LEVELS[:mods_and_admins],
ALIAS_LEVELS[:members_mods_and_admins]]
end
levels
end
def downcase_incoming_email
self.incoming_email = (incoming_email || "").strip.downcase.presence
end
def cook_bio
if !self.bio_raw.blank?
self.bio_cooked = PrettyText.cook(self.bio_raw)
end
end
def incoming_email_validator
return if self.automatic || self.incoming_email.blank?
incoming_email.split("|").each do |email|
escaped = Rack::Utils.escape_html(email)
if !Email.is_valid?(email)
self.errors.add(:base, I18n.t('groups.errors.invalid_incoming_email', email: escaped))
elsif group = Group.where.not(id: self.id).find_by_email(email)
self.errors.add(:base, I18n.t('groups.errors.email_already_used_in_group', email: escaped, group_name: Rack::Utils.escape_html(group.name)))
elsif category = Category.find_by_email(email)
self.errors.add(:base, I18n.t('groups.errors.email_already_used_in_category', email: escaped, category_name: Rack::Utils.escape_html(category.name)))
end
end
end
def posts_for(guardian, opts = nil)
opts ||= {}
result = Post.joins(:topic, user: :groups, topic: :category)
.preload(:topic, user: :groups, topic: :category)
.references(:posts, :topics, :category)
.where(groups: { id: id })
.where('topics.archetype <> ?', Archetype.private_message)
.where('topics.visible')
.where(post_type: Post.types[:regular])
if opts[:category_id].present?
result = result.where('topics.category_id = ?', opts[:category_id].to_i)
end
result = guardian.filter_allowed_categories(result)
result = result.where('posts.id < ?', opts[:before_post_id].to_i) if opts[:before_post_id]
result.order('posts.created_at desc')
end
def messages_for(guardian, opts = nil)
opts ||= {}
result = Post.includes(:user, :topic, topic: :category)
.references(:posts, :topics, :category)
.where('topics.archetype = ?', Archetype.private_message)
.where(post_type: Post.types[:regular])
.where('topics.id IN (SELECT topic_id FROM topic_allowed_groups WHERE group_id = ?)', self.id)
if opts[:category_id].present?
result = result.where('topics.category_id = ?', opts[:category_id].to_i)
end
result = guardian.filter_allowed_categories(result)
result = result.where('posts.id < ?', opts[:before_post_id].to_i) if opts[:before_post_id]
result.order('posts.created_at desc')
end
def mentioned_posts_for(guardian, opts = nil)
opts ||= {}
result = Post.joins(:group_mentions)
.includes(:user, :topic, topic: :category)
.references(:posts, :topics, :category)
.where('topics.archetype <> ?', Archetype.private_message)
.where(post_type: Post.types[:regular])
.where('group_mentions.group_id = ?', self.id)
if opts[:category_id].present?
result = result.where('topics.category_id = ?', opts[:category_id].to_i)
end
result = guardian.filter_allowed_categories(result)
result = result.where('posts.id < ?', opts[:before_post_id].to_i) if opts[:before_post_id]
result.order('posts.created_at desc')
end
def self.trust_group_ids
(10..19).to_a
end
def self.refresh_automatic_group!(name)
return unless id = AUTO_GROUPS[name]
unless group = self.lookup_group(name)
group = Group.new(name: name.to_s, automatic: true)
if AUTO_GROUPS[:moderators] == id
group.default_notification_level = 2
group.messageable_level = ALIAS_LEVELS[:everyone]
end
group.id = id
group.save!
end
# don't allow shoddy localization to break this
localized_name = I18n.t("groups.default_names.#{name}", locale: SiteSetting.default_locale).downcase
validator = UsernameValidator.new(localized_name)
if validator.valid_format? && !User.username_exists?(localized_name)
group.name = localized_name
end
# the everyone group is special, it can include non-users so there is no
# way to have the membership in a table
case name
when :everyone
group.visibility_level = Group.visibility_levels[:staff]
group.save!
return group
when :moderators
group.update!(messageable_level: ALIAS_LEVELS[:everyone])
end
# Remove people from groups they don't belong in.
remove_subquery =
case name
when :admins
"SELECT id FROM users WHERE id <= 0 OR NOT admin"
when :moderators
"SELECT id FROM users WHERE id <= 0 OR NOT moderator"
when :staff
"SELECT id FROM users WHERE id <= 0 OR (NOT admin AND NOT moderator)"
when :trust_level_0, :trust_level_1, :trust_level_2, :trust_level_3, :trust_level_4
"SELECT id FROM users WHERE id <= 0 OR trust_level < #{id - 10}"
end
DB.exec <<-SQL
DELETE FROM group_users
USING (#{remove_subquery}) X
WHERE group_id = #{group.id}
AND user_id = X.id
SQL
# Add people to groups
insert_subquery =
case name
when :admins
"SELECT id FROM users WHERE id > 0 AND admin"
when :moderators
"SELECT id FROM users WHERE id > 0 AND moderator"
when :staff
"SELECT id FROM users WHERE id > 0 AND (moderator OR admin)"
when :trust_level_1, :trust_level_2, :trust_level_3, :trust_level_4
"SELECT id FROM users WHERE id > 0 AND trust_level >= #{id - 10}"
when :trust_level_0
"SELECT id FROM users WHERE id > 0"
end
DB.exec <<-SQL
INSERT INTO group_users (group_id, user_id, created_at, updated_at)
SELECT #{group.id}, X.id, now(), now()
FROM group_users
RIGHT JOIN (#{insert_subquery}) X ON X.id = user_id AND group_id = #{group.id}
WHERE user_id IS NULL
SQL
group.save!
# we want to ensure consistency
Group.reset_counters(group.id, :group_users)
group
end
def self.ensure_consistency!
reset_all_counters!
refresh_automatic_groups!
refresh_has_messages!
end
def self.reset_all_counters!
DB.exec <<-SQL
WITH X AS (
SELECT group_id
, COUNT(user_id) users
FROM group_users
GROUP BY group_id
)
UPDATE groups
SET user_count = X.users
FROM X
WHERE id = X.group_id
AND user_count <> X.users
SQL
end
def self.refresh_automatic_groups!(*args)
args = AUTO_GROUPS.keys if args.empty?
args.each { |group| refresh_automatic_group!(group) }
end
def self.refresh_has_messages!
DB.exec <<-SQL
UPDATE groups g SET has_messages = false
WHERE NOT EXISTS (SELECT tg.id
FROM topic_allowed_groups tg
INNER JOIN topics t ON t.id = tg.topic_id
WHERE tg.group_id = g.id
AND t.deleted_at IS NULL)
AND g.has_messages = true
SQL
end
def self.ensure_automatic_groups!
AUTO_GROUPS.each_key do |name|
refresh_automatic_group!(name) unless lookup_group(name)
end
end
def self.[](name)
lookup_group(name) || refresh_automatic_group!(name)
end
def self.search_groups(name, groups: nil)
(groups || Group).where(
"name ILIKE :term_like OR full_name ILIKE :term_like", term_like: "%#{name}%"
)
end
def self.lookup_group(name)
if id = AUTO_GROUPS[name]
Group.find_by(id: id)
else
unless group = Group.find_by(name: name)
raise ArgumentError, "unknown group"
end
group
end
end
def self.lookup_groups(group_ids: [], group_names: [])
if group_ids.present?
group_ids = group_ids.split(",")
group_ids.map!(&:to_i)
groups = Group.where(id: group_ids) if group_ids.present?
end
if group_names.present?
group_names = group_names.split(",")
groups = (groups || Group).where(name: group_names) if group_names.present?
end
groups || []
end
def self.desired_trust_level_groups(trust_level)
trust_group_ids.keep_if do |id|
id == AUTO_GROUPS[:trust_level_0] || (trust_level + 10) >= id
end
end
def self.user_trust_level_change!(user_id, trust_level)
desired = desired_trust_level_groups(trust_level)
undesired = trust_group_ids - desired
GroupUser.where(group_id: undesired, user_id: user_id).delete_all
desired.each do |id|
if group = find_by(id: id)
unless GroupUser.where(group_id: id, user_id: user_id).exists?
group.group_users.create!(user_id: user_id)
end
else
name = AUTO_GROUP_IDS[trust_level]
refresh_automatic_group!(name)
end
end
end
# given something that might be a group name, id, or record, return the group id
def self.group_id_from_param(group_param)
return group_param.id if group_param.is_a?(Group)
return group_param if group_param.is_a?(Integer)
# subtle, using Group[] ensures the group exists in the DB
Group[group_param.to_sym].id
end
def self.builtin
Enum.new(:moderators, :admins, :trust_level_1, :trust_level_2)
end
def usernames=(val)
current = usernames.split(",")
expected = val.split(",")
additions = expected - current
deletions = current - expected
map = Hash[*User.where(username: additions + deletions)
.select('id,username')
.map { |u| [u.username, u.id] }.flatten]
deletions = Set.new(deletions.map { |d| map[d] })
@deletions = []
group_users.each do |gu|
@deletions << gu if deletions.include?(gu.user_id)
end
additions.each do |a|
group_users.build(user_id: map[a])
end
end
def usernames
users.pluck(:username).join(",")
end
PUBLISH_CATEGORIES_LIMIT = 10
def add(user)
self.users.push(user) unless self.users.include?(user)
if self.categories.count < PUBLISH_CATEGORIES_LIMIT
MessageBus.publish('/categories', {
categories: ActiveModel::ArraySerializer.new(self.categories).as_json
}, user_ids: [user.id])
else
Discourse.request_refresh!(user_ids: [user.id])
end
self
end
def remove(user)
self.group_users.where(user: user).each(&:destroy)
user.update_columns(primary_group_id: nil) if user.primary_group_id == self.id
end
def add_owner(user)
if group_user = self.group_users.find_by(user: user)
group_user.update!(owner: true) if !group_user.owner
else
self.group_users.create!(user: user, owner: true)
end
end
def self.find_by_email(email)
self.where("string_to_array(incoming_email, '|') @> ARRAY[?]", Email.downcase(email)).first
end
def bulk_add(user_ids)
return unless user_ids.present?
Group.transaction do
sql = <<~SQL
INSERT INTO group_users
(group_id, user_id, created_at, updated_at)
SELECT
#{self.id},
u.id,
CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP
FROM users AS u
WHERE u.id IN (:user_ids)
AND NOT EXISTS (
SELECT 1 FROM group_users AS gu
WHERE gu.user_id = u.id AND
gu.group_id = :group_id
)
SQL
DB.exec(sql, group_id: self.id, user_ids: user_ids)
user_attributes = {}
if self.primary_group?
user_attributes[:primary_group_id] = self.id
end
if self.title.present?
user_attributes[:title] = self.title
end
if user_attributes.present?
User.where(id: user_ids).update_all(user_attributes)
end
# update group user count
DB.exec <<~SQL
UPDATE groups g
SET user_count =
(SELECT COUNT(gu.user_id)
FROM group_users gu
WHERE gu.group_id = g.id)
WHERE g.id = #{self.id};
SQL
end
if self.grant_trust_level.present?
Jobs.enqueue(:bulk_grant_trust_level,
user_ids: user_ids,
trust_level: self.grant_trust_level
)
end
self
end
def staff?
STAFF_GROUPS.include?(self.name.to_sym)
end
def self.member_of(groups, user)
groups.joins(
"LEFT JOIN group_users gu ON gu.group_id = groups.id
").where("gu.user_id = ?", user.id)
end
def self.owner_of(groups, user)
self.member_of(groups, user).where("gu.owner")
end
%i{
group_created
group_updated
group_destroyed
}.each do |event|
define_method("trigger_#{event}_event") do
DiscourseEvent.trigger(event, self)
true
end
end
protected
def name_format_validator
return if !name_changed?
# avoid strip! here, it works now
# but may not continue to work long term, especially
# once we start returning frozen strings
if self.name != (stripped = self.name.strip)
self.name = stripped
end
UsernameValidator.perform_validation(self, 'name') || begin
name_lower = self.name.downcase
if self.will_save_change_to_name? && self.name_was&.downcase != name_lower && User.username_exists?(name_lower)
errors.add(:name, I18n.t("activerecord.errors.messages.taken"))
end
end
end
def automatic_membership_email_domains_format_validator
return if self.automatic_membership_email_domains.blank?
domains = self.automatic_membership_email_domains.split("|")
domains.each do |domain|
domain.sub!(/^https?:\/\//, '')
domain.sub!(/\/.*$/, '')
self.errors.add :base, (I18n.t('groups.errors.invalid_domain', domain: domain)) unless domain =~ /\A[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,24}(:[0-9]{1,5})?(\/.*)?\Z/i
end
self.automatic_membership_email_domains = domains.join("|")
end
# hack around AR
def destroy_deletions
if @deletions
@deletions.each do |gu|
gu.destroy
User.where('id = ? AND primary_group_id = ?', gu.user_id, gu.group_id).update_all 'primary_group_id = NULL'
end
end
@deletions = nil
end
def automatic_group_membership
if self.automatic_membership_retroactive
Jobs.enqueue(:automatic_group_membership, group_id: self.id)
end
end
def update_title
return if new_record? && !self.title.present?
if self.saved_change_to_title?
sql = <<~SQL
UPDATE users
SET title = :title
WHERE (title = :title_was OR title = '' OR title IS NULL)
AND COALESCE(title,'') <> COALESCE(:title,'')
AND id IN (SELECT user_id FROM group_users WHERE group_id = :id)
SQL
DB.exec(sql, title: title, title_was: title_before_last_save, id: id)
end
end
def update_primary_group
return if new_record? && !self.primary_group?
if self.saved_change_to_primary_group?
sql = <<~SQL
UPDATE users
/*set*/
/*where*/
SQL
builder = DB.build(sql)
builder.where(<<~SQL, id: id)
id IN (
SELECT user_id
FROM group_users
WHERE group_id = :id
)
SQL
if primary_group
builder.set("primary_group_id = :id")
else
builder.set("primary_group_id = NULL")
builder.where("primary_group_id = :id")
end
builder.exec
end
end
private
def validate_grant_trust_level
unless TrustLevel.valid?(self.grant_trust_level)
self.errors.add(:base, I18n.t(
'groups.errors.grant_trust_level_not_valid',
trust_level: self.grant_trust_level
))
end
end
def can_allow_membership_requests
valid = true
valid =
if self.persisted?
self.group_users.where(owner: true).exists?
else
self.group_users.any?(&:owner)
end
if !valid
self.errors.add(:base, I18n.t('groups.errors.cant_allow_membership_requests'))
end
end
def enqueue_update_mentions_job
Jobs.enqueue(:update_group_mentions,
previous_name: self.name_before_last_save,
group_id: self.id
)
end
end
# == Schema Information
#
# Table name: groups
#
# id :integer not null, primary key
# name :string not null
# created_at :datetime not null
# updated_at :datetime not null
# automatic :boolean default(FALSE), not null
# user_count :integer default(0), not null
# automatic_membership_email_domains :text
# automatic_membership_retroactive :boolean default(FALSE)
# primary_group :boolean default(FALSE), not null
# title :string
# grant_trust_level :integer
# incoming_email :string
# has_messages :boolean default(FALSE), not null
# flair_url :string
# flair_bg_color :string
# flair_color :string
# bio_raw :text
# bio_cooked :text
# allow_membership_requests :boolean default(FALSE), not null
# full_name :string
# default_notification_level :integer default(3), not null
# visibility_level :integer default(0), not null
# public_exit :boolean default(FALSE), not null
# public_admission :boolean default(FALSE), not null
# membership_request_template :text
# messageable_level :integer default(0)
# mentionable_level :integer default(0)
#
# Indexes
#
# index_groups_on_incoming_email (incoming_email) UNIQUE
# index_groups_on_name (name) UNIQUE
#
Reference in New Issue View Git Blame Copy Permalink