diff --git a/Foxnouns.Backend/Controllers/Moderation/LookupController.cs b/Foxnouns.Backend/Controllers/Moderation/LookupController.cs index ba5018c..9e9fa7f 100644 --- a/Foxnouns.Backend/Controllers/Moderation/LookupController.cs +++ b/Foxnouns.Backend/Controllers/Moderation/LookupController.cs @@ -64,6 +64,7 @@ public class LookupController( LastSidReroll: user.LastSidReroll, Suspended: user is { Deleted: true, DeletedBy: not null }, Deleted: user.Deleted, + ShowSensitiveData: showSensitiveData, AuthMethods: showSensitiveData ? authMethods.Select(UserRendererService.RenderAuthMethod) : null @@ -79,6 +80,11 @@ public class LookupController( { User user = await db.ResolveUserAsync(id); + // Don't let mods accidentally spam the audit log + bool alreadyAuthorized = await moderationService.ShowSensitiveDataAsync(CurrentUser!, user); + if (alreadyAuthorized) + return NoContent(); + AuditLogEntry entry = await moderationService.QuerySensitiveDataAsync( CurrentUser!, user, diff --git a/Foxnouns.Backend/Dto/Moderation.cs b/Foxnouns.Backend/Dto/Moderation.cs index 266c275..58a38a6 100644 --- a/Foxnouns.Backend/Dto/Moderation.cs +++ b/Foxnouns.Backend/Dto/Moderation.cs @@ -105,6 +105,7 @@ public record QueryUserResponse( Instant LastSidReroll, bool Suspended, bool Deleted, + bool ShowSensitiveData, [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] IEnumerable? AuthMethods );