SECURITY: Moderators cannot see user emails.

Unless `moderators_view_emails` SiteSetting is enabled, moderators should not be able to discover users’ emails.
2025-06-01 07:49:48 +08:00 · 2024-11-13 14:04:20 +11:00
parent 023b61ad22
commit 95564a3df2
9 changed files with 112 additions and 12 deletions
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@ -539,6 +539,7 @@ class Guardian
  def can_export_entity?(entity)
    return false if anonymous?
    return true if is_admin?
+    return can_see_emails? if entity == "screened_email"
    return entity != "user_list" if is_moderator?

    # Regular users can only export their archives
@ -549,6 +550,11 @@ class Guardian
    ).count == 0
  end

+  def can_see_emails?
+    return true if is_admin?
+    SiteSetting.moderators_view_emails && is_moderator?
+  end
+
  def can_mute_user?(target_user)
    can_mute_users? && @user.id != target_user.id && !target_user.staff?
  end