github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 13:51:09 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: Restrict profile visibility of low-trust users (#29981)

Browse Source 
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
This commit is contained in:
Osama Sayegh
2024-12-09 13:07:59 +03:00
committed by GitHub
parent 5e86bc2f43
commit 976aca68f6
9 changed files with 204 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/chat/spec/system/user_profile_spec.rb
View File

@ -4,7 +4,10 @@ RSpec.describe "User profile", type: :system do
fab!(:current_user) { Fabricate(:user) }
fab!(:user)
before { chat_system_bootstrap }
before do
user.user_stat.update!(post_count: 1)
chat_system_bootstrap
end
shared_examples "not showing chat button" do
it "has no chat button" do