github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-07-11 01:11:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
tests-passed
discourse/spec/serializers/reviewable_user_serializer_spec.rb
Gary Pendergast b4cdc39e51 FEATURE: Allow rejected user details to be scrubbed (#31987) 
When a site has the `must_approve_users` setting enabled, new user data is stored on the Reviewable model, including username, email, and any other data that is entered during signup. If the user is rejected, that data is retained, without a clear path to deleting it.

In order to allow data that could be PII to be removed, without breaking Discourse's audit and logging trails, this change scrubs the PII from the relevant `ReviewableUser` and `UserHistory` objects, replacing that data with who scrubbed it, and why.
2025-03-31 12:40:35 +11:00

59 lines
2.3 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
RSpec.describe ReviewableUserSerializer do
let(:user) { Fabricate(:user) }
let(:admin) { Fabricate(:admin) }
let(:moderator) { Fabricate(:moderator) }
let(:reviewable) { Reviewable.find_by(target: user) }
before do
SiteSetting.must_approve_users = true
Jobs::CreateUserReviewable.new.execute(user_id: user.id)
end
it "includes the user fields for review" do
json = ReviewableUserSerializer.new(reviewable, scope: Guardian.new(admin), root: nil).as_json
expect(json[:user_id]).to eq(reviewable.target_id)
expect(json[:payload]["username"]).to eq(user.username)
expect(json[:payload]["email"]).to eq(user.email)
expect(json[:payload]["name"]).to eq(user.name)
expect(json[:topic_url]).to be_blank
end
it "excludes the email user field for moderators" do
json =
ReviewableUserSerializer.new(reviewable, scope: Guardian.new(moderator), root: nil).as_json
expect(json[:user_id]).to eq(reviewable.target_id)
expect(json[:payload]["username"]).to eq(user.username)
expect(json[:payload]["email"]).to eq(nil)
expect(json[:payload]["name"]).to eq(user.name)
expect(json[:topic_url]).to be_blank
end
it "includes the email user field for moderators if enabled" do
SiteSetting.moderators_view_emails = true
json =
ReviewableUserSerializer.new(reviewable, scope: Guardian.new(moderator), root: nil).as_json
expect(json[:user_id]).to eq(reviewable.target_id)
expect(json[:payload]["username"]).to eq(user.username)
expect(json[:payload]["email"]).to eq(user.email)
expect(json[:payload]["name"]).to eq(user.name)
expect(json[:topic_url]).to be_blank
end
it "includes the scrubbed fields for scrubbed reviewables" do
reviewable.scrub("reason", Guardian.new(admin))
json = ReviewableUserSerializer.new(reviewable, scope: Guardian.new(admin), root: nil).as_json
expect(json[:user_id]).to eq(reviewable.target_id)
expect(json[:payload]["username"]).to eq(nil)
expect(json[:payload]["email"]).to eq(nil)
expect(json[:payload]["name"]).to eq(nil)
expect(json[:payload]["scrubbed_by"]).to eq(admin.username)
expect(json[:payload]["scrubbed_reason"]).to eq("reason")
expect(json[:payload]["scrubbed_at"]).to be_present
expect(json[:topic_url]).to be_blank
end
end
Reference in New Issue View Git Blame Copy Permalink