github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-20 06:31:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
f409e977a9
discourse/app/serializers
History
Alan Guo Xiang Tan f122f24b35
SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information. 
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope. 
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
2023-01-20 09:50:24 +08:00
..
concerns SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 2023-01-20 09:50:24 +08:00
about_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
admin_badge_serializer.rb FEATURE: Link to text customization when editing system badges (#11345) 2020-12-08 11:55:49 -08:00
admin_badges_serializer.rb
admin_detailed_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
admin_email_template_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
admin_plugin_serializer.rb UX: show plugin descriptions on admin plugins page 2021-02-12 11:38:50 -05:00
admin_user_action_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
admin_user_list_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
admin_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
admin_web_hook_event_serializer.rb
admin_web_hook_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
api_key_scope_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
api_key_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
application_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
archetype_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
associated_group_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
auth_provider_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
backup_file_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
badge_grouping_serializer.rb
badge_index_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
badge_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
badge_type_serializer.rb
basic_category_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
basic_group_history_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
basic_group_serializer.rb FEATURE: Allow group owners promote more owners (#19768) 2023-01-11 16:43:18 +08:00
basic_group_user_serializer.rb
basic_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
basic_reviewable_flagged_post_serializer.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_queued_post_serializer.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_serializer.rb DEV: Include pending reviewables in the main tab in the user menu (#18471) 2022-10-05 12:30:02 +03:00
basic_reviewable_user_serializer.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_topic_serializer.rb
basic_user_badge_serializer.rb
basic_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
basic_user_with_status_serializer.rb DEV: move BasicUserWithStatusSerializer from Discourse Chat (#18745) 2022-10-26 16:41:31 +04:00
category_and_topic_lists_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
category_detailed_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
category_group_serializer.rb
category_list_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
category_required_tag_group_serializer.rb DEV: Ensure a broken tag_group relation doesn't raise an error (#16529) 2022-04-21 18:18:35 +01:00
category_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
category_upload_serializer.rb
color_scheme_color_serializer.rb
color_scheme_selectable_serializer.rb
color_scheme_serializer.rb
current_user_option_serializer.rb DEV: Do not include method definitions in serializer attributes 2023-01-09 14:15:00 +00:00
current_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
detailed_tag_serializer.rb SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 2023-01-20 09:50:24 +08:00
detailed_user_badge_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
directory_column_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
directory_item_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
discourse_version_check_serializer.rb
draft_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
edit_directory_column_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
email_log_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
email_style_serializer.rb
embeddable_host_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
embedding_serializer.rb
emoji_serializer.rb FIX: Don't raise an error if a custom emoji image was deleted 2020-12-09 15:40:40 -05:00
flagged_topic_serializer.rb
flagged_topic_summary_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
flagged_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
flair_group_serializer.rb FEATURE: Let users select flair (#13587) 2021-07-08 10:46:21 +03:00
found_user_serializer.rb DEV: return user status on the user search route (#17716) 2022-08-09 14:54:33 +04:00
found_user_with_status_serializer.rb DEV: return user status on the user search route (#17716) 2022-08-09 14:54:33 +04:00
gap_serializer.rb
group_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
group_post_user_serializer.rb Add primary group classes (#12807) 2021-04-22 15:00:23 -07:00
group_requester_serializer.rb
group_show_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
group_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
grouped_screened_url_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
grouped_search_result_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
hidden_profile_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
incoming_email_details_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
incoming_email_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
invite_link_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
invite_serializer.rb FEATURE: Show error if invite to topic is invalid (#15959) 2022-02-16 18:35:02 +02:00
invited_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
invited_user_record_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
invited_user_serializer.rb
listable_topic_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
new_post_result_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
notification_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
penalty_counts_serializer.rb
pending_post_serializer.rb FEATURE: Display pending posts on user’s page 2021-11-29 10:26:33 +01:00
permalink_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_action_type_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_action_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_item_excerpt.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_revision_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_serializer.rb PERF: Don't parse posts for mentions when user status is disabled (#19915) 2023-01-20 07:58:00 +08:00
post_stream_serializer_mixin.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_wordpress_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
poster_serializer.rb FEATURE: Allow setting avatar flair for automatic groups (#12586) 2021-04-06 11:13:06 -04:00
presence_channel_state_serializer.rb DEV: Introduce PresenceChannel API for core and plugin use 2021-08-27 16:26:06 +01:00
primary_group_serializer.rb FEATURE: Let users select flair (#13587) 2021-07-08 10:46:21 +03:00
private_message_topic_tracking_state_serializer.rb FEATURE: Display unread and new counts for messages. (#14059) 2021-08-25 11:17:56 +08:00
published_page_serializer.rb
queued_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_action_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_bundled_action_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_conversation_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_conversation_serializer.rb
reviewable_editable_field_serializer.rb
reviewable_explanation_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_flagged_post_serializer.rb
reviewable_history_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_perform_result_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_post_serializer.rb FEATURE: Review every post using the review queue. (#12734) 2021-04-21 08:41:36 -03:00
reviewable_queued_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_score_explanation_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_score_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_score_type_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_settings_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_topic_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
reviewable_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
screened_email_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
screened_ip_address_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
screened_url_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
search_logs_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
search_post_serializer.rb DEV: Add plugin API to extend search results (#12966) 2021-06-15 15:32:41 +10:00
search_result_user_serializer.rb FEATURE: the ability to search users by custom fields (#12762) 2021-04-27 15:52:45 +10:00
search_topic_list_item_serializer.rb
similar_admin_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
similar_topic_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
single_sign_on_record_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
site_category_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
site_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
site_text_serializer.rb FIX: I18n couldn't find translations. (#11774) 2021-01-20 17:43:00 -03:00
skipped_email_log_serializer.rb
suggested_topic_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
suggested_topics_mixin.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
tag_group_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
tag_serializer.rb SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 2023-01-20 09:50:24 +08:00
theme_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
theme_settings_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
theme_translation_serializer.rb
topic_embed_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_flag_type_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_link_serializer.rb DEV: Do not include method definitions in serializer attributes 2023-01-09 14:15:00 +00:00
topic_list_item_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_list_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_pending_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_post_count_serializer.rb DEV: Do not include method definitions in serializer attributes 2023-01-09 14:15:00 +00:00
topic_poster_serializer.rb FEATURE: Let users select flair (#13587) 2021-07-08 10:46:21 +03:00
topic_timer_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_tracking_state_serializer.rb FIX: Improve reliability of topic tracking state (#17387) 2022-07-14 13:44:58 +08:00
topic_view_details_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_view_posts_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_view_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_view_wordpress_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
trust_level3_requirements_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
upload_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_action_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_auth_token_serializer.rb
user_badge_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_badges_serializer.rb
user_bookmark_base_serializer.rb FIX: Allow .ics for polymorphic bookmarks (#16694) 2022-05-11 09:29:24 +10:00
user_bookmark_list_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_card_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_field_serializer.rb FEATURE: the ability to search users by custom fields (#12762) 2021-04-27 15:52:45 +10:00
user_history_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_name_serializer.rb
user_option_serializer.rb DEV: Do not include method definitions in serializer attributes 2023-01-09 14:15:00 +00:00
user_post_bookmark_serializer.rb FIX: Allow .ics for polymorphic bookmarks (#16694) 2022-05-11 09:29:24 +10:00
user_post_topic_bookmark_base_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_serializer.rb DEV: Do not include method definitions in serializer attributes 2023-01-09 14:15:00 +00:00
user_status_serializer.rb DEV: start glimmer-ification and optimisations of chat plugin (#19531) 2022-12-21 13:21:02 +01:00
user_summary_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_tag_notifications_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_topic_bookmark_serializer.rb PERF: Rely on preload for first_post for TopicBookmarkable (#18066) 2022-08-24 16:01:29 +10:00
user_with_custom_fields_serializer.rb
user_wordpress_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
watched_word_list_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
watched_word_serializer.rb FEATURE: Add support for case-sensitive Watched Words (#17445) 2022-08-02 10:06:03 +02:00
web_hook_category_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_flag_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_group_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_group_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_like_serializer.rb FEATURE: add support for like webhooks (#12917) 2021-04-30 17:08:38 -07:00
web_hook_post_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_topic_view_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_user_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
wizard_field_choice_serializer.rb
wizard_field_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
wizard_serializer.rb UX: Add Styling step to wizard (#14132) 2021-08-25 17:10:12 -04:00
wizard_step_serializer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00