DEV: Guardian for hiding about stats (#9841)

DEV: Guardian for hiding about stats (#9841)

diff --git a/app/assets/javascripts/discourse/app/templates/about.hbs b/app/assets/javascripts/discourse/app/templates/about.hbs
index 63cae2c..2659b0e 100644
--- a/app/assets/javascripts/discourse/app/templates/about.hbs
+++ b/app/assets/javascripts/discourse/app/templates/about.hbs
@@ -64,50 +64,52 @@
           </section>
         {{/each}}
       {{/if}}
-      <section class="about stats">
-        <h3>{{d-icon "far-chart-bar"}}  {{i18n "about.stats"}}</h3>
+      {{#if model.can_see_about_stats}}
+        <section class="about stats">
+          <h3>{{d-icon "far-chart-bar"}}  {{i18n "about.stats"}}</h3>
 
-        <table class="table">
-          <tbody>
-            <tr>
-              <th>&nbsp;</th>
-              <th>{{i18n "about.stat.last_7_days"}}</th>
-              <th>{{i18n "about.stat.last_30_days"}}</th>
-              <th>{{i18n "about.stat.all_time"}}</th>
-            </tr>
-            <tr>
-              <td class="title">{{i18n "about.topic_count"}}</td>
-              <td>{{number model.stats.topics_7_days}}</td>
-              <td>{{number model.stats.topics_30_days}}</td>
-              <td>{{number model.stats.topic_count}}</td>
-            </tr>
-            <tr>
-              <td>{{i18n "about.post_count"}}</td>
-              <td>{{number model.stats.posts_7_days}}</td>
-              <td>{{number model.stats.posts_30_days}}</td>
-              <td>{{number model.stats.post_count}}</td>
-            </tr>
-            <tr>
-              <td>{{i18n "about.user_count"}}</td>
-              <td>{{number model.stats.users_7_days}}</td>
-              <td>{{number model.stats.users_30_days}}</td>
-              <td>{{number model.stats.user_count}}</td>
-            </tr>
-            <tr>
-              <td>{{i18n "about.active_user_count"}}</td>
-              <td>{{number model.stats.active_users_7_days}}</td>
-              <td>{{number model.stats.active_users_30_days}}</td>
-              <td>&mdash;</td>
-            </tr>
-            <tr>
-              <td>{{i18n "about.like_count"}}</td>
-              <td>{{number model.stats.likes_7_days}}</td>
-              <td>{{number model.stats.likes_30_days}}</td>
-              <td>{{number model.stats.like_count}}</td>
-            </tr>
-          </tbody>
-        </table>
-      </section>
+          <table class="table">
+            <tbody>
+              <tr>
+                <th>&nbsp;</th>
+                <th>{{i18n "about.stat.last_7_days"}}</th>
+                <th>{{i18n "about.stat.last_30_days"}}</th>
+                <th>{{i18n "about.stat.all_time"}}</th>
+              </tr>
+              <tr>
+                <td class="title">{{i18n "about.topic_count"}}</td>
+                <td>{{number model.stats.topics_7_days}}</td>
+                <td>{{number model.stats.topics_30_days}}</td>
+                <td>{{number model.stats.topic_count}}</td>
+              </tr>
+              <tr>
+                <td>{{i18n "about.post_count"}}</td>
+                <td>{{number model.stats.posts_7_days}}</td>
+                <td>{{number model.stats.posts_30_days}}</td>
+                <td>{{number model.stats.post_count}}</td>
+              </tr>
+              <tr>
+                <td>{{i18n "about.user_count"}}</td>
+                <td>{{number model.stats.users_7_days}}</td>
+                <td>{{number model.stats.users_30_days}}</td>
+                <td>{{number model.stats.user_count}}</td>
+              </tr>
+              <tr>
+                <td>{{i18n "about.active_user_count"}}</td>
+                <td>{{number model.stats.active_users_7_days}}</td>
+                <td>{{number model.stats.active_users_30_days}}</td>
+                <td>&mdash;</td>
+              </tr>
+              <tr>
+                <td>{{i18n "about.like_count"}}</td>
+                <td>{{number model.stats.likes_7_days}}</td>
+                <td>{{number model.stats.likes_30_days}}</td>
+                <td>{{number model.stats.like_count}}</td>
+              </tr>
+            </tbody>
+          </table>
+        </section>
+      {{/if}}
 
       {{#if contactInfo}}
         <section class="about contact">
diff --git a/app/controllers/about_controller.rb b/app/controllers/about_controller.rb
index fe2d3a2..3f3f9e1 100644
--- a/app/controllers/about_controller.rb
+++ b/app/controllers/about_controller.rb
@@ -16,7 +16,7 @@ class AboutController < ApplicationController
         render :index
       end
       format.json do
-        render_serialized(@about, AboutSerializer)
+        render_json_dump(AboutSerializer.new(@about, scope: guardian))
       end
     end
   end
diff --git a/app/serializers/about_serializer.rb b/app/serializers/about_serializer.rb
index 308f990..8230c59 100644
--- a/app/serializers/about_serializer.rb
+++ b/app/serializers/about_serializer.rb
@@ -21,7 +21,16 @@ class AboutSerializer < ApplicationSerializer
              :title,
              :locale,
              :version,
-             :https
+             :https,
+             :can_see_about_stats
+
+  def can_see_about_stats
+    scope.can_see_about_stats?
+  end
+
+  def include_stats?
+    can_see_about_stats
+  end
 
   def stats
     object.class.fetch_cached_stats || Jobs::AboutStats.new.execute({})
diff --git a/lib/guardian.rb b/lib/guardian.rb
index 00d496e..456461f 100644
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -493,6 +493,10 @@ class Guardian
     is_staff?
   end
 
+  def can_see_about_stats?
+    true
+  end
+
   def auth_token
     if cookie = request&.cookies[Auth::DefaultCurrentUserProvider::TOKEN_COOKIE]
       UserAuthToken.hash_token(cookie)
diff --git a/test/javascripts/fixtures/about.js b/test/javascripts/fixtures/about.js
index 7f9f17c..4c7de6a 100644
--- a/test/javascripts/fixtures/about.js
+++ b/test/javascripts/fixtures/about.js
@@ -1,6 +1,7 @@
 export default {
   "about.json": {
     about: {
+      can_see_about_stats: true,
       stats: {
         topic_count: 27480,
         post_count: 490358,

GitHub sha: bd57ae83

This commit appears in #9841 which was approved by eviltrout. It was merged by markvanlan.

Should we have a test that ensures we never serialize about.stats on the server-side when can_see_about_stats is false?

Sure DEV: Specs for serializing stats from AboutController by markvanlan · Pull Request #9843 · discourse/discourse · GitHub

1 Like