User card settings (PR #10302)

Added a PR for this https://meta.discourse.org/t/permission-based-user-card-pictures/62955

GitHub

Since the CP isn’t modifying the input you should use the alias helper for these.

One major thing missing here is the server side of the feature. This only disables the client side which means a user could still change this via API.

Before merging we will have to add these checks on the ruby side too and fix all the flagged issues.

Trivial but the indentation here is off. It should either be one line or line up with something.

same here

    min_trust_level_to_allow_profile_background: "The minimum trust level required to upload a profile background"
    min_trust_level_to_allow_user_card_background: "The minimum trust level required to upload a user card background"

Check out user.has_trust_level? It will also check for staff so you don’t have to.

said changes done

said changes done

said changes done

said changes done

said changes done

said changes done

One major thing missing here is the server side of the feature. This only disables the client side which means a user could still change this via API.

Before merging we will have to add these checks on the ruby side too and fix all the flagged issues.

said changes done

Hey @eviltrout, Can you please have a look at this once again

These should be calls to the guardian methods. We want to keep the authorization logic in one place.

Sorry to request another change here, but could you use the readonly helper? It’s better than alias if we know it’s only a one way relationship.

said changes done @eviltrout

said changes done @eviltrout