mirror of
https://github.com/discourse/discourse.git
synced 2025-05-25 19:29:34 +08:00
7fc8d74f3e
The GDPR requires all users to be able to export their data, or request an export of their data. This is fine for active users as we have a data export button on user profiles, but suspended users have no way of accessing the data export function, and the workaround for admins to export data for suspended users involves temporarily unsuspending them, then impersonating the user to export the data as them. Since suspended users no longer have access to their account, we can safely assume that the export request will be coming via a medium outside of Discourse (eg, email). This change is built with this workflow in mind. This change adds a new "User exports" section to the admin user page, allowing admins to start a new export, and to download the latest export file.
63 lines
1.8 KiB
Ruby
63 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ExportCsvController < ApplicationController
|
|
skip_before_action :preload_json, :check_xhr, only: [:show]
|
|
|
|
def export_entity
|
|
entity = export_params[:entity]
|
|
entity_id = params.dig(:args, :export_user_id)&.to_i if entity == "user_archive"
|
|
guardian.ensure_can_export_entity!(entity, entity_id)
|
|
raise Discourse::InvalidParameters.new(:entity) unless entity.is_a?(String) && entity.size < 100
|
|
|
|
(export_params[:args] || {}).each do |key, value|
|
|
unless value.is_a?(String) && value.size < 100
|
|
raise Discourse::InvalidParameters.new("args.#{key}")
|
|
end
|
|
end
|
|
|
|
if entity == "user_archive"
|
|
requesting_user_id = current_user.id if entity_id
|
|
Jobs.enqueue(
|
|
:export_user_archive,
|
|
user_id: entity_id || current_user.id,
|
|
requesting_user_id:,
|
|
args: export_params[:args],
|
|
)
|
|
else
|
|
Jobs.enqueue(
|
|
:export_csv_file,
|
|
entity: entity,
|
|
user_id: current_user.id,
|
|
args: export_params[:args],
|
|
)
|
|
end
|
|
StaffActionLogger.new(current_user).log_entity_export(entity)
|
|
render json: success_json
|
|
rescue Discourse::InvalidAccess
|
|
render_json_error I18n.t("csv_export.rate_limit_error")
|
|
end
|
|
|
|
def latest_user_archive
|
|
user_id = params[:user_id].to_i
|
|
# If we can't export the entity, we shouldn't be able to see it either
|
|
guardian.ensure_can_export_entity!("user_archive", user_id)
|
|
|
|
render json:
|
|
UserExport
|
|
.where(user_id:)
|
|
.where("created_at > ?", UserExport::DESTROY_CREATED_BEFORE.ago)
|
|
.order(created_at: :desc)
|
|
.first
|
|
end
|
|
|
|
private
|
|
|
|
def export_params
|
|
@_export_params ||=
|
|
begin
|
|
params.require(:entity)
|
|
params.permit(:entity, args: Report::FILTERS).to_h
|
|
end
|
|
end
|
|
end
|