discourse/app/models/site.rb

# frozen_string_literal: true

# A class we can use to serialize the site data
class Site
  include ActiveModel::Serialization

  cattr_accessor :preloaded_category_custom_fields
  self.preloaded_category_custom_fields = Set.new

  def initialize(guardian)
    @guardian = guardian
    Category.preload_custom_fields(categories, preloaded_category_custom_fields) if preloaded_category_custom_fields.present?
  end

  def site_setting
    SiteSetting
  end

  def notification_types
    Notification.types
  end

  def trust_levels
    TrustLevel.all
  end

  def user_fields
    UserField.order(:position).all
  end

  def categories
    @categories ||= begin
      categories = Category
        .includes(:uploaded_logo, :uploaded_background, :tags, :tag_groups)
        .secured(@guardian)
        .joins('LEFT JOIN topics t on t.id = categories.topic_id')
        .select('categories.*, t.slug topic_slug')
        .order(:position)

      categories = categories.to_a

      with_children = Set.new
      categories.each do |c|
        if c.parent_category_id
          with_children << c.parent_category_id
        end
      end

      allowed_topic_create = nil
      unless @guardian.is_admin?
        allowed_topic_create_ids =
          @guardian.anonymous? ? [] : Category.topic_create_allowed(@guardian).pluck(:id)
        allowed_topic_create = Set.new(allowed_topic_create_ids)
      end

      by_id = {}

      notification_levels = CategoryUser.notification_levels_for(@guardian.user)
      default_notification_level = CategoryUser.default_notification_level

      categories.each do |category|
        category.notification_level = notification_levels[category.id] || default_notification_level
        category.permission = CategoryGroup.permission_types[:full] if allowed_topic_create&.include?(category.id) || @guardian.is_admin?
        category.has_children = with_children.include?(category.id)
        by_id[category.id] = category
      end

      categories.reject! { |c| c.parent_category_id && !by_id[c.parent_category_id] }
      categories
    end
  end

  def groups
    Group.visible_groups(@guardian.user, "name ASC", include_everyone: true)
  end

  def archetypes
    Archetype.list.reject { |t| t.id == Archetype.private_message }
  end

  def auth_providers
    Discourse.enabled_auth_providers
  end

  def self.json_for(guardian)

    if guardian.anonymous? && SiteSetting.login_required
      return {
        periods: TopTopic.periods.map(&:to_s),
        filters: Discourse.filters.map(&:to_s),
        user_fields: UserField.all.map do |userfield|
          UserFieldSerializer.new(userfield, root: false, scope: guardian)
        end,
        auth_providers: Discourse.enabled_auth_providers.map do |provider|
          AuthProviderSerializer.new(provider, root: false, scope: guardian)
        end
      }.to_json
    end

    seq = nil

    if guardian.anonymous?
      seq = MessageBus.last_id('/site_json')

      cached_json, cached_seq, cached_version = Discourse.redis.mget('site_json', 'site_json_seq', 'site_json_version')

      if cached_json && seq == cached_seq.to_i && Discourse.git_version == cached_version
        return cached_json
      end

    end

    site = Site.new(guardian)
    json = MultiJson.dump(SiteSerializer.new(site, root: false, scope: guardian))

    if guardian.anonymous?
      Discourse.redis.multi do
        Discourse.redis.setex 'site_json', 1800, json
        Discourse.redis.set 'site_json_seq', seq
        Discourse.redis.set 'site_json_version', Discourse.git_version
      end
    end

    json
  end

  SITE_JSON_CHANNEL = '/site_json'

  def self.clear_anon_cache!
    # publishing forces the sequence up
    # the cache is validated based on the sequence
    MessageBus.publish(SITE_JSON_CHANNEL, '')
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 17:17:27 -05:00			`# frozen_string_literal: true`

Initial release of Discourse 2013-02-05 13:16:51 -06:00			`# A class we can use to serialize the site data`
			`class Site`
			`include ActiveModel::Serialization`

DEV: Option to preload category custom fields for site serializer 2019-03-16 06:48:57 -05:00			`cattr_accessor :preloaded_category_custom_fields`
			`self.preloaded_category_custom_fields = Set.new`

speed up startup (avoid loading some gems on startup) correct group permission leaks add Discourse.cache for richer caching support 2013-05-13 03:04:03 -05:00			`def initialize(guardian)`
			`@guardian = guardian`
DEV: Option to preload category custom fields for site serializer 2019-03-16 06:48:57 -05:00			`Category.preload_custom_fields(categories, preloaded_category_custom_fields) if preloaded_category_custom_fields.present?`
speed up startup (avoid loading some gems on startup) correct group permission leaks add Discourse.cache for richer caching support 2013-05-13 03:04:03 -05:00			`end`

Initial release of Discourse 2013-02-05 13:16:51 -06:00			`def site_setting`
			`SiteSetting`
			`end`

			`def notification_types`
introduce Enum 2013-03-01 06:07:44 -06:00			`Notification.types`
Initial release of Discourse 2013-02-05 13:16:51 -06:00			`end`

			`def trust_levels`
			`TrustLevel.all`
			`end`
Fix all the trailing whitespace 2013-02-07 09:45:24 -06:00
FEATURE: Show user fields when the user is signing up 2014-09-26 13:48:34 -05:00			`def user_fields`
FIX: Order UserFields by position, by default (#8176) * FIX: site user_fields sorted by position * FIX: Sort UserField by position for Site 2019-10-09 12:49:28 -05:00			`UserField.order(:position).all`
FEATURE: Show user fields when the user is signing up 2014-09-26 13:48:34 -05:00			`end`

Initial release of Discourse 2013-02-05 13:16:51 -06:00			`def categories`
Finalize read only and post only categories, finished off UI work 2013-07-16 00:44:07 -05:00			`@categories \|\|= begin`
			`categories = Category`
UX: Hide "Create Tag" option if user cannot create tag. (#7723) 2019-08-19 03:40:56 -05:00			`.includes(:uploaded_logo, :uploaded_background, :tags, :tag_groups)`
Finalize read only and post only categories, finished off UI work 2013-07-16 00:44:07 -05:00			`.secured(@guardian)`
Correct site spec 2015-09-28 01:49:39 -05:00			`.joins('LEFT JOIN topics t on t.id = categories.topic_id')`
PERF: introduce fragment caches in site serializer 2015-09-28 01:43:38 -05:00			`.select('categories.*, t.slug topic_slug')`
Remove `default_scope` 2013-11-06 15:56:49 -06:00			`.order(:position)`
FIX: when allow uncategorized was off we were still showing uncat for admins/mods 2015-02-20 00:30:31 -06:00
			`categories = categories.to_a`
Finalize read only and post only categories, finished off UI work 2013-07-16 00:44:07 -05:00
PERF: improve perf of initial payload also reduce querying in topic query 2015-09-22 22:13:34 -05:00			`with_children = Set.new`
			`categories.each do \|c\|`
			`if c.parent_category_id`
			`with_children << c.parent_category_id`
			`end`
			`end`

PERF: avoid query as admin As admin no need to query categories over and over 2017-05-12 10:09:28 -05:00			`allowed_topic_create = nil`
			`unless @guardian.is_admin?`
			`allowed_topic_create_ids =`
			`@guardian.anonymous? ? [] : Category.topic_create_allowed(@guardian).pluck(:id)`
			`allowed_topic_create = Set.new(allowed_topic_create_ids)`
			`end`
Finalize read only and post only categories, finished off UI work 2013-07-16 00:44:07 -05:00
BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 13:52:21 -06:00			`by_id = {}`
dropdown on categorypage 2014-04-17 04:17:39 -05:00
FIX: Wrong scope used for notification levels user serializer (#13039) This is a recent regression introduced by https://github.com/discourse/discourse/pull/12937 which makes it so that when looking at a user profile that is not your own, specifically the category and tag notification settings, you would see your own settings instead of the target user. This is only a problem for admins because regular users cannot see these details for other users. The issue was that we were using `scope` in the serializer, which refers to the current user, rather than using a scope for the target user via `Guardian.new(user)`. However, on further inspection the `notification_levels_for` method for `TagUser` and `CategoryUser` did not actually need to be accepting an instance of Guardian, all that it was using it for was to check guardian.anonymous? which is just a fancy way of saying user.blank?. Changed this method to just accept a user instead and send the user in from the serializer. 2021-05-13 18:45:14 -05:00			`notification_levels = CategoryUser.notification_levels_for(@guardian.user)`
FEATURE: support to mute all categories by default. (#8295) Instead of enabling `suppress_from_latest` setting on many categories now we can enable `mute_all_categories_by_default` site setting. Then users should opt-in to categories for them to appear in the latest and categories pages. 2019-11-07 20:58:11 -06:00			`default_notification_level = CategoryUser.default_notification_level`
PERF: properly preload all category notification levels 2015-12-20 00:47:02 -06:00
PERF: eliminate N+1 query 2014-06-17 20:21:53 -05:00			`categories.each do \|category\|`
FEATURE: support to mute all categories by default. (#8295) Instead of enabling `suppress_from_latest` setting on many categories now we can enable `mute_all_categories_by_default` site setting. Then users should opt-in to categories for them to appear in the latest and categories pages. 2019-11-07 20:58:11 -06:00			`category.notification_level = notification_levels[category.id] \|\| default_notification_level`
PERF: avoid query as admin As admin no need to query categories over and over 2017-05-12 10:09:28 -05:00			`category.permission = CategoryGroup.permission_types[:full] if allowed_topic_create&.include?(category.id) \|\| @guardian.is_admin?`
PERF: improve perf of initial payload also reduce querying in topic query 2015-09-22 22:13:34 -05:00			`category.has_children = with_children.include?(category.id)`
BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 13:52:21 -06:00			`by_id[category.id] = category`
Finalize read only and post only categories, finished off UI work 2013-07-16 00:44:07 -05:00			`end`
BUGFIX: Don't return child categories if you can't see the parent category. 2014-02-24 13:52:21 -06:00
FIX: hide category column in topic list only when the current category has no children 2015-09-02 16:46:04 -05:00			`categories.reject! { \|c\| c.parent_category_id && !by_id[c.parent_category_id] }`
Finalize read only and post only categories, finished off UI work 2013-07-16 00:44:07 -05:00			`categories`
			`end`
Fix all the trailing whitespace 2013-02-07 09:45:24 -06:00			`end`
Initial release of Discourse 2013-02-05 13:16:51 -06:00
SECURITY: Do not leak private group names. (#7008) 2019-02-14 08:35:58 -06:00			`def groups`
FIX: unable to create new categories Previous attempt at 70adb940 missed the critical "everyone" group from staff, leading to a case where staff was no longer able to create categories 2019-02-14 17:24:29 -06:00			`Group.visible_groups(@guardian.user, "name ASC", include_everyone: true)`
SECURITY: Do not leak private group names. (#7008) 2019-02-14 08:35:58 -06:00			`end`

Initial release of Discourse 2013-02-05 13:16:51 -06:00			`def archetypes`
minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 12:54:12 -06:00			`Archetype.list.reject { \|t\| t.id == Archetype.private_message }`
Initial release of Discourse 2013-02-05 13:16:51 -06:00			`end`

REFACTOR: Serve auth provider information in the site serializer. At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client. 2018-07-31 10:18:50 -05:00			`def auth_providers`
			`Discourse.enabled_auth_providers`
			`end`

REFACTOR: We don't cache the json for the Site model anymore, so let's rename and remove the methods leftover from that. 2014-02-24 13:24:18 -06:00			`def self.json_for(guardian)`
security: when login is required don't return the site node in the preload store 2013-10-14 17:50:30 -05:00
			`if guardian.anonymous? && SiteSetting.login_required`
BUGFIX: JS error when login_required is enabled 2014-01-20 07:41:11 -06:00			`return {`
			`periods: TopTopic.periods.map(&:to_s),`
			`filters: Discourse.filters.map(&:to_s),`
Use userfield serializer in json dump Use userfield serializer for json dump to make sure that also the options are serialized correctly. 2015-08-17 14:44:08 -05:00			`user_fields: UserField.all.map do \|userfield\|`
			`UserFieldSerializer.new(userfield, root: false, scope: guardian)`
FIX: Include auth_providers for anonymous users when login_required 2018-08-07 03:20:09 -05:00			`end,`
			`auth_providers: Discourse.enabled_auth_providers.map do \|provider\|`
			`AuthProviderSerializer.new(provider, root: false, scope: guardian)`
Revert plugin js changes (#5139) * Revert "Add disabled_plugins to preloadstore for login_required anonymous users (#5134)" This reverts commit b840170f8da3c2fb841d55e1192a3522cbe5ae87. * Revert "Do not load javascripts for disabled plugins (#5103)" This reverts commit a14ab488294215063a08448c29a819edf1b633d8. 2017-09-07 08:15:29 -05:00			`end`
BUGFIX: JS error when login_required is enabled 2014-01-20 07:41:11 -06:00			`}.to_json`
security: when login is required don't return the site node in the preload store 2013-10-14 17:50:30 -05:00			`end`

PERF: introduce full cache for site json when anon 2015-09-28 01:44:03 -05:00			`seq = nil`

			`if guardian.anonymous?`
			`seq = MessageBus.last_id('/site_json')`

DEV: s/\$redis/Discourse\.redis (#8431) This commit also adds a rubocop rule to prevent global variables. 2019-12-03 03:05:53 -06:00			`cached_json, cached_seq, cached_version = Discourse.redis.mget('site_json', 'site_json_seq', 'site_json_version')`
PERF: introduce full cache for site json when anon 2015-09-28 01:44:03 -05:00
			`if cached_json && seq == cached_seq.to_i && Discourse.git_version == cached_version`
			`return cached_json`
			`end`

			`end`

speed up startup (avoid loading some gems on startup) correct group permission leaks add Discourse.cache for richer caching support 2013-05-13 03:04:03 -05:00			`site = Site.new(guardian)`
PERF: introduce full cache for site json when anon 2015-09-28 01:44:03 -05:00			`json = MultiJson.dump(SiteSerializer.new(site, root: false, scope: guardian))`

			`if guardian.anonymous?`
DEV: s/\$redis/Discourse\.redis (#8431) This commit also adds a rubocop rule to prevent global variables. 2019-12-03 03:05:53 -06:00			`Discourse.redis.multi do`
			`Discourse.redis.setex 'site_json', 1800, json`
			`Discourse.redis.set 'site_json_seq', seq`
			`Discourse.redis.set 'site_json_version', Discourse.git_version`
PERF: introduce full cache for site json when anon 2015-09-28 01:44:03 -05:00			`end`
			`end`

			`json`
			`end`

FIX: Clear anon cache when disabling readonly mode. `SiteSerializer#is_readonly` is cached for an anonymous user so we have to clear the cache when disabling readonly mode. Otherwise, the site may appear to be in readonly mode for an extended period of time. 2018-12-17 03:27:44 -06:00			`SITE_JSON_CHANNEL = '/site_json'`

PERF: introduce full cache for site json when anon 2015-09-28 01:44:03 -05:00			`def self.clear_anon_cache!`
			`# publishing forces the sequence up`
			`# the cache is validated based on the sequence`
FIX: Clear anon cache when disabling readonly mode. `SiteSerializer#is_readonly` is cached for an anonymous user so we have to clear the cache when disabling readonly mode. Otherwise, the site may appear to be in readonly mode for an extended period of time. 2018-12-17 03:27:44 -06:00			`MessageBus.publish(SITE_JSON_CHANNEL, '')`
Initial release of Discourse 2013-02-05 13:16:51 -06:00			`end`

			`end`